Re: [whatwg] Minor addition/rewording for canvas section
On Sun, 13 Jan 2008 14:13:52 +0100, Oliver Hunt [EMAIL PROTECTED] wrote: I did wonder about why other origins could read anything myself, so you're not alone -- it just seemed especially odd to allow images to be written safely but not ImageData. ImageData is always safe as you create it yourself. The specification should also mention that drawing img src=data:image/png,... on the canvas is safe so that you can actually roundtrip data through the server. The SVG case here is slightly more complex so maybe it's better to have a definition of a safe HTMLImageElement. I'm as yet unsure whether a separate origin should be able to write -- i have nothing to back this up with but it seems that you could potentially right to a canvas from a separate domain to make the canvas look like something it wasn't -- but i'm not familiar enough with the other origin related policies in html5 to be able to say anything meaningful. Cross-document messaging only allows passing through strings. I only noticed this as i was looking at the ImageData portion of the spec just now :D Would be nice if you guys implemented it :-) I assume there was a reason that reading from the canvas from another origin is ever allowed, but I can't think of what it might be -- any thoughts/recollections from others would be well received :D I don't think this is possible. The security model is pretty simple. HTMLImageElement is either safe or unsafe. HTMLCanvasElement is also either safe (default) or unsafe. CanvasPattern is, again, either safe or unsafe. Once you draw an unsafe HTMLImageElement, HTMLCanvasElement, or CanvasPattern on an HTMLCanvasElement you mark the HTMLCanvasElement as unsafe. The toDataURL() and getImageData() functions throw for an unsafe HTMLCanvasElement. -- Anne van Kesteren http://annevankesteren.nl/ http://www.opera.com/
Re: [whatwg] XHTML subtitle (was: [html5] r1156 - /)
On 14 Jan 2008, at 05:45, ianh wrote: Add a subtitle to clarify the scope of the document for people who don't read the spec. (W3C version only.) Is there any reason for this not to be in the WHATWG version as well? -- Geoffrey Sneddon http://gsnedders.com/
Re: [whatwg] Scaling
Nikola Mitic wrote: fantasai wrote: Michael wrote (on www-style): I have a fluid layout so it changes width because of the browser window. There is the slight problem that some of the images I use might be too wide. So I use max-width:100% to prevent this from happening. This works great when the image does not have a width or height attribute set. The image remains in proportion. (...) But if the height attribute is set, it retains this height and the image goes out of proportion. I think we need some property for this (...) Set img { height: auto; } and your images should size proportionally. Is there any way to prevent page from being pushed down by image height when full image get loaded if we didn't define exact image height? Depends on the situation. You can put a container around the image that has a fixed height, but it will leave extra space if the max-height: 100% kicks in. If HTML5 defines the 'width' and 'height' attributes as suggesting the intrinsic size of the image, browsers could use that information to calculate a tentative aspect ratio. That would make it possible to size the unloaded-image box even when one dimension is auto. ~fantasai
[whatwg] Shadows
On Thu, 17 May 2007, Martijn wrote: Is how to render shadows defined here? http://www.whatwg.org/specs/web-apps/current-work/#shadows0 So with that piece of text it is clear how to render shadows in canvas? I agree that it is a bit vague, but do you have any specific suggestions as to what it should say exactly? I'm not sure what to write. -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'