Le 04/04/2016 22:22, Philip Rogers a écrit : > Hi Frédéric, > > I'm sorry you had to hit this confusing area recently. I just filed > https://bugs.webkit.org/show_bug.cgi?id=156176 which we can use to > track progress on this. > > The core issue is that foreignObject has the potential to leak > information (e.g., visited links), and there hasn't been enough user > interest to justify removing that restriction. Hi Philip,
Thank you very much for opening the bug! Yes, I'm aware of this security issue... I did not follow the details when that happened, but Mozilla has implemented support for foreignObject inside canvas for several years and there is an article on MDN describing it: https://developer.mozilla.org/en-US/docs/Web/API/Canvas_API/Drawing_DOM_objects_into_a_canvas Maybe it would be worth checking with them what was their rationale to remove that restriction and if it's worth following the same approach for Blink/WebKit... Frédéric
signature.asc
Description: OpenPGP digital signature
_______________________________________________ webkit-dev mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-dev
