On 13/01/2008, Oliver Hunt <[EMAIL PROTECTED]> wrote: > Writing to a canvas from a different origin isn't considered a threat, > the problem is > evil.example.com reading data from the canvas after naive.example.com > has put > private/confidential information into the canvas.
In that case, evil.example.com shouldn't be allowed to read anything (pixel data or context state) from the canvas after naive.example.com has done anything at all to it (e.g. calling fillRect, or setting fillStyle, etc), because otherwise some potentially-private information will be leaked. (putImageData can be emulated using fillRect, so it wouldn't make much sense to have different security restrictions depending on which equivalent mechanism you use.) Don't the normal same-origin restrictions already prevent naive.example.com and evil.example.com accessing the same canvas element, in the same way as (I assume) they prevent evil.example.com accessing an <input type=password>.value from a naive.example.com document? -- Philip Taylor [EMAIL PROTECTED]
