I think this is an excellent point. I've been playing with the Chroma-Key replacement trick demonstrated in FireFox 3.1b3: https://developer.mozilla.org/samples/video/chroma-key/index.xhtml https://developer.mozilla.org/En/Manipulating_video_using_canvas
For my own experiments, I grabbed a green-screen video from Youtube and converted it to OGG. If the access control were in place for Canvas, I could have done direct compositing on an embedded video from TinyVid. Which would open up some interesting possibilities for video mashups on the web. Thanks, Jerason On Fri, Mar 13, 2009 at 11:24 AM, Hans Schmucker <[email protected]>wrote: > This problem recently became apparent while trying to process a public > video on tinyvid.tv: > > In article 4.8.11.3 "Security with canvas elements", the origin-clean > flag is only set depending on an element's origin. However there are > many scenarios where an image/video may actually be public and > actively allowing processing on other domains (as indicated by > Access-Control-Allow-Origin). > > Is this an oversight or is there a specific reason why Access Control > for Cross-Site Requests should not work for Canvas? >
