Re: [whatwg] Minor addition/rewording for canvas section
On Jan 13, 2008, at 4:22 AM, Philip Taylor wrote:
What examples of information leakage is this change meant to prevent?
If you have an ImageData object then you can create a new object {
width: imgdata.width, height: imgdata.height, data: ...copy each array
element... } and then draw it, circumventing any origin information
that the ImageData object might be carrying around, so I'm not sure
why it's useful to care about the ImageData's origin. (That's unlike
Image objects where there's no other way of extracting the image
data.)
Writing to a canvas from a different origin isn't considered a threat,
the problem is
evil.example.com reading data from the canvas after naive.example.com
has put
private/confidential information into the canvas.
--Oliver
Re: [whatwg] Minor addition/rewording for canvas section
On 13/01/2008, Oliver Hunt [EMAIL PROTECTED] wrote: Writing to a canvas from a different origin isn't considered a threat, the problem is evil.example.com reading data from the canvas after naive.example.com has put private/confidential information into the canvas. In that case, evil.example.com shouldn't be allowed to read anything (pixel data or context state) from the canvas after naive.example.com has done anything at all to it (e.g. calling fillRect, or setting fillStyle, etc), because otherwise some potentially-private information will be leaked. (putImageData can be emulated using fillRect, so it wouldn't make much sense to have different security restrictions depending on which equivalent mechanism you use.) Don't the normal same-origin restrictions already prevent naive.example.com and evil.example.com accessing the same canvas element, in the same way as (I assume) they prevent evil.example.com accessing an input type=password.value from a naive.example.com document? -- Philip Taylor [EMAIL PROTECTED]
Re: [whatwg] Minor addition/rewording for canvas section
On 13/01/2008, Oliver Hunt [EMAIL PROTECTED] wrote:
I did wonder about why other origins could read anything myself, so
you're not
alone -- it just seemed especially odd to allow images to be written
safely but not
ImageData.
As far as I'm aware, different origins can never read and write the
same canvas. Images are given special consideration because scripts
already have access to Image objects where the image has a different
origin to the script, like:
// on a page on www.example.com
var img = new Image();
img.onload = function () { ctx.drawImage(img, 0, 0); }
img.src = 'http://google.com/images/logo.gif';
The canvas reading/writing all happens in the same origin - it's just
the image itself that is not the same origin.
The same does not apply to ImageData, because scripts don't have
access to ImageData objects from other origins.
--
Philip Taylor
[EMAIL PROTECTED]
Re: [whatwg] Minor addition/rewording for canvas section
Ah ha, i see i have misinterpreted that section, apologies for wasting
peoples time.
--Oliver
On Jan 13, 2008, at 5:33 AM, Philip Taylor wrote:
On 13/01/2008, Oliver Hunt [EMAIL PROTECTED] wrote:
I did wonder about why other origins could read anything myself, so
you're not
alone -- it just seemed especially odd to allow images to be written
safely but not
ImageData.
As far as I'm aware, different origins can never read and write the
same canvas. Images are given special consideration because scripts
already have access to Image objects where the image has a different
origin to the script, like:
// on a page on www.example.com
var img = new Image();
img.onload = function () { ctx.drawImage(img, 0, 0); }
img.src = 'http://google.com/images/logo.gif';
The canvas reading/writing all happens in the same origin - it's just
the image itself that is not the same origin.
The same does not apply to ImageData, because scripts don't have
access to ImageData objects from other origins.
--
Philip Taylor
[EMAIL PROTECTED]
Re: [whatwg] simple numbers
Ian Hickson skrev: I considered all the feedback on having a number element (or similar), quoted below. While I think there is certainly something to be said for the proposal, I don't think there is enough evidence that authors really want or need this. I think we should focus on having CSS support this first. Thanks for the feedback, though. FYI and FWIW I have taken this discussion to the CSS WG. http://lists.w3.org/Archives/Public/www-style/2008Jan/0129.html Lars Gunther
