Le 04/04/2016 22:22, Philip Rogers a écrit :
> Hi Frédéric,
>
> I'm sorry you had to hit this confusing area recently. I just filed
> https://bugs.webkit.org/show_bug.cgi?id=156176 which we can use to
> track progress on this.
>
> The core issue is that foreignObject has the potential to leak
> information (e.g., visited links), and there hasn't been enough user
> interest to justify removing that restriction.
Hi Philip,
Thank you very much for opening the bug!
Yes, I'm aware of this security issue... I did not follow the details
when that happened, but Mozilla has implemented support for
foreignObject inside canvas for several years and there is an article on
MDN describing it:
https://developer.mozilla.org/en-US/docs/Web/API/Canvas_API/Drawing_DOM_objects_into_a_canvas
Maybe it would be worth checking with them what was their rationale to
remove that restriction and if it's worth following the same approach
for Blink/WebKit...
Frédéric
signature.asc
Description: OpenPGP digital signature
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev
