[Webkit-unassigned] [Bug 180301] New: A canvas should not be tainted if it draws a data URL SVGImage with a <foreignObject>
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 1 17:52:51 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=180301
Bug ID: 180301
Summary: A canvas should not be tainted if it draws a data URL
SVGImage with a <foreignObject>
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: SVG
Assignee: webkit-unassigned at lists.webkit.org
Reporter: sabouhallawa at apple.com
CC: zimmermann at kde.org
After <http://trac.webkit.org/changeset/195614>, the canvas will tainted if it draws any SVGImage with a <foreignObject>. The reason for this is we do not want to SVGImages to leak cross-origin data (e.g., visited links, spellcheck).
But if the sourceURL of the SVGImage is a data URL, then there should not be a cross-origin data leak. So we should not taint the canvas in this case. We need to relax the tainting check for data URL SVGImage.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171202/ad3a2e4c/attachment-0001.html>
More information about the webkit-unassigned
mailing list