[Webkit-unassigned] [Bug 131033] Security Policy error when using MathML in canvas
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 6 16:44:47 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=131033
Alex Christensen <achristensen at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |achristensen at apple.com
--- Comment #6 from Alex Christensen <achristensen at apple.com> 2014-06-06 16:45:08 PST ---
(In reply to comment #5)
> So what would you suggest instead?
Does Gecko do a full traversal? How do they let it through? Returning false if there is any element that is not a MathMLElement with only a list of allowed attributes and tags would be safer, but it would hurt performance if there were many "safe" MathMLElements. The result of a traversal could be stored somewhere in case it needed to be done again, but I think doing at least one full traversal is the only way to make sure this foreign object is safe.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list