[Webkit-unassigned] [Bug 156176] Investigate letting foreignObject not taint the canvas when drawing svg into canvas.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 5 14:26:53 PST 2017


https://bugs.webkit.org/show_bug.cgi?id=156176

Said Abou-Hallawa <sabouhallawa at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bfulgham at webkit.org

--- Comment #4 from Said Abou-Hallawa <sabouhallawa at apple.com> ---
(In reply to comment #3)
> Simon and Said,
> I think we're going to go ahead with this change in Blink
> (https://groups.google.com/a/chromium.org/d/msg/blink-dev/yYVVl5ociqA/
> b5387_fKDwAJ). I follow SVG commits in both Blink and WebKit and I do not
> know of any security/privacy differences in this area. Would you support the
> same change in WebKit? I can post the patch but wanted to check with you
> first.

I agree with this change since this will make WebKit compliant with the specs and the other browsers. I did a basic testing and I found out WebKt does not apply any linking style when drawing an SVG to a canvas (see attached test case). But I think the WebKit security team needs to sign off on this as well. Brent, do you agree with this change?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170105/f99f2d63/attachment.html>


More information about the webkit-unassigned mailing list