Anne van Kesteren wrote:
On Sun, 13 Jan 2008 14:13:52 +0100, Oliver Hunt <[EMAIL PROTECTED]> wrote:
I did wonder about why other origins could read anything myself, so
you're not alone -- it just seemed especially odd to allow images to
be written safely but not ImageData.
ImageData is always safe as you create it yourself.
To clarify this very point:
An ImageData is always safe because:
* getImageData(...) must throw a Security Violation exception when called on a
tainted Canvas.
* it is created manually, and other same origin policies prevent information
leak in to it.
--
Mathieu 'p01' HENRI
JavaScript developer, Opera Software ASA