Re: [blink-dev] Intent to Ship: SVG foreignObject does not taint the canvas for blob URLs

On Thu, Oct 10, 2024 at 6:36 AM Stephen Chenney wrote: > I'm waiting on the potential security issue to be sorted out on WHATWG. > I'll ping the issue today to try and get resolution at least on the > question of whether it's really a problem. > Sounds good. > Should I set the intent back to a

Re: [blink-dev] Intent to Ship: SVG foreignObject does not taint the canvas for blob URLs

I'm waiting on the potential security issue to be sorted out on WHATWG. I'll ping the issue today to try and get resolution at least on the question of whether it's really a problem. Should I set the intent back to an earlier phase or remove the request for API Owner review? Cheers, Stephen. On

Re: [blink-dev] Intent to Ship: SVG foreignObject does not taint the canvas for blob URLs

Hi Stephen,,any update on this intent? On Tue, Oct 1, 2024 at 12:10 PM Vladimir Levin wrote: > > > On Thu, Sep 19, 2024 at 9:48 PM Stephen Chenney > wrote: > >> Reply to the spec concerns inline ... >> >> On Thu, Sep 19, 2024 at 12:15 AM Domenic Denicola >> wrote: >> >>> Seems like a good idea

Re: [blink-dev] Intent to Ship: SVG foreignObject does not taint the canvas for blob URLs

On Thu, Sep 19, 2024 at 9:48 PM Stephen Chenney wrote: > Reply to the spec concerns inline ... > > On Thu, Sep 19, 2024 at 12:15 AM Domenic Denicola > wrote: > >> Seems like a good idea! >> >> On Thu, Sep 19, 2024 at 4:55 AM Chromestatus < >> ad...@cr-status.appspotmail.com> wrote: >> >>> Contac

Re: [blink-dev] Intent to Ship: SVG foreignObject does not taint the canvas for blob URLs

Reply to the spec concerns inline ... On Thu, Sep 19, 2024 at 12:15 AM Domenic Denicola wrote: > Seems like a good idea! > > On Thu, Sep 19, 2024 at 4:55 AM Chromestatus < > ad...@cr-status.appspotmail.com> wrote: > >> Contact emails schen...@chromium.org >> >> Explainer None >> >> Specification

Re: [blink-dev] Intent to Ship: SVG foreignObject does not taint the canvas for blob URLs

Seems like a good idea! On Thu, Sep 19, 2024 at 4:55 AM Chromestatus < ad...@cr-status.appspotmail.com> wrote: > Contact emails schen...@chromium.org > > Explainer None > > Specification > https://html.spec.whatwg.org/multipage/canvas.html#security-with-canvas-elements I spent some time looking

[blink-dev] Intent to Ship: SVG foreignObject does not taint the canvas for blob URLs

Contact emails schen...@chromium.org Explainer None Specification https://html.spec.whatwg.org/multipage/canvas.html#security-with-canvas-elements Summary The ability to use an element with an SVG source in a HTML canvas drawImage operation has long been supported by all browsers, but the