On Jan 13, 2008, at 4:22 AM, Philip Taylor wrote:
What examples of information leakage is this change meant to prevent? If you have an ImageData object then you can create a new object { width: imgdata.width, height: imgdata.height, data: ...copy each array element... } and then draw it, circumventing any origin information that the ImageData object might be carrying around, so I'm not sure why it's useful to care about the ImageData's origin. (That's unlike Image objects where there's no other way of extracting the image data.)
Writing to a canvas from a different origin isn't considered a threat, the problem is evil.example.com reading data from the canvas after naive.example.com has put
private/confidential information into the canvas. --Oliver