Issue 2972: Canvas toDataURL isn't supported
http://code.google.com/p/chromium/issues/detail?id=2972
Comment #8 by lcamtuf:
Please see CL 8023, which re-enables toDataURL. Are we at a point where the
security
threat itself is addressed, and cross-domain checks are in place similar to
these in
Firefox? If not, we might want to revert that CL, or accelerate fixes here.
An example test case would be:
<canvas id=c></canvas>
...followed by this Javascript code:
ctx = document.getElementById('c').getContext('2d');
img = new Image();
img.onload = function() { ctx.drawImage(img,0,0); continue_tests(); }
img.src = 'http://example.com/some_valid_image.jpg';
...substitute example.com URL with some valid different-domain image that
might
contain sensitive data (this is a concern if we make it point to your
calendar
rendered as a GIF for printing, some bank account or portfolio performance
from your
broker, advertisement click-through rate chart from your ad provider, etc).
Then
continue_tests() would contain:
tmp = document.getElementById('c').toDataURL();
alert(tmp);
...if base64-encoded contents of the image are then seen in alert() output,
we have a
problem.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/chromium-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
