On Jan 13, 2008, at 4:22 AM, Philip Taylor wrote:
What examples of information leakage is this change meant to prevent?
If you have an ImageData object then you can create a new object {
width: imgdata.width, height: imgdata.height, data: ...copy each array
element... } and then draw it, circumventing any origin information
that the ImageData object might be carrying around, so I'm not sure
why it's useful to care about the ImageData's origin. (That's unlike
Image objects where there's no other way of extracting the image
data.)
Writing to a canvas from a different origin isn't considered a threat,
the problem is
evil.example.com reading data from the canvas after naive.example.com
has put
private/confidential information into the canvas.
--Oliver
