Skip to content
Permalink
Browse files

[giow] (2) taint canvas if we even _consider_ a cross-site font

Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=12309

git-svn-id: http://svn.whatwg.org/webapps@6105 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed May 6, 2011
1 parent 40ccd5c commit cd46337c170cd25da4d97e539f34b2893ea2e945
Showing with 21 additions and 6 deletions.
  1. +7 −2 complete.html
  2. +7 −2 index
  3. +7 −2 source
false when the pattern was created.</li>

<li><p>The element's 2D context's <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>fillText()</a></code> or <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>strokeText()</a></code> methods are
invoked and end up using a font that has an <a href=#origin>origin</a>
invoked and consider using a font that has an <a href=#origin>origin</a>
that is not the <a href=#same-origin title="same origin">same</a> as that of
the <code><a href=#document>Document</a></code> object that owns the <code><a href=#the-canvas-element>canvas</a></code>
element.</li>
element. (The font doesn't even have to be used; all that matters
is whether the font was considered for any of the glyphs
drawn.)</li> <!-- because fonts could consider sensitive
material, I guess; and because that sensitivity could extend to
whether or not a particular glyph is in the font in the first
place. -->

</ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
<code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to
9 index
false when the pattern was created.</li>

<li><p>The element's 2D context's <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>fillText()</a></code> or <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>strokeText()</a></code> methods are
invoked and end up using a font that has an <a href=#origin>origin</a>
invoked and consider using a font that has an <a href=#origin>origin</a>
that is not the <a href=#same-origin title="same origin">same</a> as that of
the <code><a href=#document>Document</a></code> object that owns the <code><a href=#the-canvas-element>canvas</a></code>
element.</li>
element. (The font doesn't even have to be used; all that matters
is whether the font was considered for any of the glyphs
drawn.)</li> <!-- because fonts could consider sensitive
material, I guess; and because that sensitivity could extend to
whether or not a particular glyph is in the font in the first
place. -->

</ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
<code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to
9 source
<li><p>The element's 2D context's <code
title="dom-context-2d-fillText">fillText()</code> or <code
title="dom-context-2d-fillText">strokeText()</code> methods are
invoked and end up using a font that has an <span>origin</span>
invoked and consider using a font that has an <span>origin</span>
that is not the <span title="same origin">same</span> as that of
the <code>Document</code> object that owns the <code>canvas</code>
element.</p></li>
element. (The font doesn't even have to be used; all that matters
is whether the font was considered for any of the glyphs
drawn.)</p></li> <!-- because fonts could consider sensitive
material, I guess; and because that sensitivity could extend to
whether or not a particular glyph is in the font in the first
place. -->

</ul>

0 comments on commit cd46337

Please sign in to comment.
You can’t perform that action at this time.