[Webkit-unassigned] [Bug 131033] Security Policy error when using MathML in canvas

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jun 6 16:44:47 PDT 2014


https://bugs.webkit.org/show_bug.cgi?id=131033


Alex Christensen <achristensen at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |achristensen at apple.com




--- Comment #6 from Alex Christensen <achristensen at apple.com>  2014-06-06 16:45:08 PST ---
(In reply to comment #5)
> So what would you suggest instead?
Does Gecko do a full traversal?  How do they let it through?  Returning false if there is any element that is not a MathMLElement with only a list of allowed attributes and tags would be safer, but it would hurt performance if there were many "safe" MathMLElements.  The result of a traversal could be stored somewhere in case it needed to be done again, but I think doing at least one full traversal is the only way to make sure this foreign object is safe.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list