Skip to content
Permalink
Browse files

Remove unnecessary and unimplemented canvas tainting when painting text

As discussed in #1540, this check does not give any additional
protections over those already provided by CORS, which these days fonts
are subject to.

Fixes #1540. Helps with #1431.
  • Loading branch information...
domenic committed Jul 14, 2016
1 parent 29ebd5b commit 6c76b617d2b45326afea2625d174ce2fd5ab6423
Showing with 0 additions and 12 deletions.
  1. +0 −12 source
12 source

</li>

<!--ADD-TOPIC:Security-->
<li><p>If the <span>text preparation algorithm</span> used a font that has an <span>origin</span>
that is not the <span data-x="same origin">same</span> as the <span>origin</span> specified by
the <span>entry settings object</span> (even if "using a font" means just checking if that font
has a particular glyph in it before falling back to another font), then set the
<code>CanvasRenderingContext2D</code>'s <span
data-x="concept-canvas-origin-clean">origin-clean</span> flag to false.</p></li>
<!-- because fonts could be considered sensitive material, I guess; and because that
sensitivity could extend to whether or not a particular glyph is in the font in the first place.
-->
<!--REMOVE-TOPIC:Security-->

</ol>

<!--v6DVT - this is commented out until CSS can get its act together

0 comments on commit 6c76b61

Please sign in to comment.
You can’t perform that action at this time.