<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - Investigate letting foreignObject not taint the canvas when drawing svg into canvas."
href="https://bugs.webkit.org/show_bug.cgi?id=156176#c2">Comment # 2</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - Investigate letting foreignObject not taint the canvas when drawing svg into canvas."
href="https://bugs.webkit.org/show_bug.cgi?id=156176">bug 156176</a>
from <span class="vcard"><a class="email" href="mailto:pdr@google.com" title="Philip Rogers <pdr@google.com>"> <span class="fn">Philip Rogers</span></a>
</span></b>
<pre>@Frederic, on the webkit-dev thread you asked "Maybe it would be worth checking with them what was their rationale to remove that restriction and if it's worth following the same approach for Blink/WebKit...". I think we could remove this restriction today, but I do not trust our implementation of foreignObject to not leak data. This problem is specific to our implementation.
I think a path forward will be to have someone look very closely at <foreignObject> and the data it can leak, and then just flip the switch if it is safe (remove SVGImage::hasSingleSecurityOrigin). For WebKit, I would recommend asking someone on Apple's security team to sign off on this too. I support doing this, but it's risky; I haven't done it myself because there hasn't been enough user interest to justify it.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>