On Sun, 13 Jan 2008 14:13:52 +0100, Oliver Hunt <[EMAIL PROTECTED]> wrote:
I did wonder about why other origins could read anything myself, so
you're not alone -- it just seemed especially odd to allow images to be
written safely but not ImageData.
ImageData is always safe as you create it yourself.
The specification should also mention that drawing <img
src=data:image/png,...> on the <canvas> is safe so that you can actually
roundtrip data through the server. The SVG case here is slightly more
complex so maybe it's better to have a definition of a "safe
HTMLImageElement".
I'm as yet unsure whether a separate origin should be able to write -- i
have nothing to back this up with but it seems that you could
potentially right to a canvas from a separate domain to make the canvas
look like something it wasn't -- but i'm not familiar enough with the
other origin related policies in html5 to be able to say anything
meaningful.
Cross-document messaging only allows passing through strings.
I only noticed this as i was looking at the ImageData portion of the
spec just now :D
Would be nice if you guys implemented it :-)
I assume there was a reason that reading from the canvas from another
origin is ever allowed, but I can't think of what it might be -- any
thoughts/recollections from others would be well received :D
I don't think this is possible. The security model is pretty simple.
HTMLImageElement is either safe or unsafe. HTMLCanvasElement is also
either safe (default) or unsafe. CanvasPattern is, again, either safe or
unsafe. Once you draw an unsafe HTMLImageElement, HTMLCanvasElement, or
CanvasPattern on an HTMLCanvasElement you mark the HTMLCanvasElement as
unsafe. The toDataURL() and getImageData() functions throw for an unsafe
HTMLCanvasElement.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
