[Webkit-unassigned] [Bug 180301] New: A canvas should not be tainted if it draws a data URL SVGImage with a <foreignObject>

Fri Dec 1 17:52:51 PST 2017

https://bugs.webkit.org/show_bug.cgi?id=180301

            Bug ID: 180301
           Summary: A canvas should not be tainted if it draws a data URL
                    SVGImage with a <foreignObject>
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: SVG
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com
                CC: zimmermann at kde.org

After <http://trac.webkit.org/changeset/195614>, the canvas will tainted if it draws any SVGImage with a <foreignObject>. The reason for this is we do not want to SVGImages to leak cross-origin data (e.g., visited links, spellcheck).

But if the sourceURL of the SVGImage is a data URL, then there should not be a cross-origin data leak. So we should not taint the canvas in this case. We need to relax the tainting check for data URL SVGImage.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171202/ad3a2e4c/attachment-0001.html>