Re: [whatwg] Minor addition/rewording for canvas section
On Jan 13, 2008, at 4:22 AM, Philip Taylor wrote: What examples of information leakage is this change meant to prevent? If you have an ImageData object then you can create a new object { width: imgdata.width, height: imgdata.height, data: ...copy each array element... } and then draw it, circumventing any origin information that the ImageData object might be carrying around, so I'm not sure why it's useful to care about the ImageData's origin. (That's unlike Image objects where there's no other way of extracting the image data.) Writing to a canvas from a different origin isn't considered a threat, the problem is evil.example.com reading data from the canvas after naive.example.com has put private/confidential information into the canvas. --Oliver
Re: [whatwg] Minor addition/rewording for canvas section
On 13/01/2008, Oliver Hunt [EMAIL PROTECTED] wrote: Writing to a canvas from a different origin isn't considered a threat, the problem is evil.example.com reading data from the canvas after naive.example.com has put private/confidential information into the canvas. In that case, evil.example.com shouldn't be allowed to read anything (pixel data or context state) from the canvas after naive.example.com has done anything at all to it (e.g. calling fillRect, or setting fillStyle, etc), because otherwise some potentially-private information will be leaked. (putImageData can be emulated using fillRect, so it wouldn't make much sense to have different security restrictions depending on which equivalent mechanism you use.) Don't the normal same-origin restrictions already prevent naive.example.com and evil.example.com accessing the same canvas element, in the same way as (I assume) they prevent evil.example.com accessing an input type=password.value from a naive.example.com document? -- Philip Taylor [EMAIL PROTECTED]
Re: [whatwg] Minor addition/rewording for canvas section
On 13/01/2008, Oliver Hunt [EMAIL PROTECTED] wrote: I did wonder about why other origins could read anything myself, so you're not alone -- it just seemed especially odd to allow images to be written safely but not ImageData. As far as I'm aware, different origins can never read and write the same canvas. Images are given special consideration because scripts already have access to Image objects where the image has a different origin to the script, like: // on a page on www.example.com var img = new Image(); img.onload = function () { ctx.drawImage(img, 0, 0); } img.src = 'http://google.com/images/logo.gif'; The canvas reading/writing all happens in the same origin - it's just the image itself that is not the same origin. The same does not apply to ImageData, because scripts don't have access to ImageData objects from other origins. -- Philip Taylor [EMAIL PROTECTED]
Re: [whatwg] Minor addition/rewording for canvas section
Ah ha, i see i have misinterpreted that section, apologies for wasting peoples time. --Oliver On Jan 13, 2008, at 5:33 AM, Philip Taylor wrote: On 13/01/2008, Oliver Hunt [EMAIL PROTECTED] wrote: I did wonder about why other origins could read anything myself, so you're not alone -- it just seemed especially odd to allow images to be written safely but not ImageData. As far as I'm aware, different origins can never read and write the same canvas. Images are given special consideration because scripts already have access to Image objects where the image has a different origin to the script, like: // on a page on www.example.com var img = new Image(); img.onload = function () { ctx.drawImage(img, 0, 0); } img.src = 'http://google.com/images/logo.gif'; The canvas reading/writing all happens in the same origin - it's just the image itself that is not the same origin. The same does not apply to ImageData, because scripts don't have access to ImageData objects from other origins. -- Philip Taylor [EMAIL PROTECTED]
Re: [whatwg] simple numbers
Ian Hickson skrev: I considered all the feedback on having a number element (or similar), quoted below. While I think there is certainly something to be said for the proposal, I don't think there is enough evidence that authors really want or need this. I think we should focus on having CSS support this first. Thanks for the feedback, though. FYI and FWIW I have taken this discussion to the CSS WG. http://lists.w3.org/Archives/Public/www-style/2008Jan/0129.html Lars Gunther