Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Canvas's measureText shouldn't throw SecurityError #3992

Closed
shhnjk opened this issue Sep 4, 2018 · 6 comments
Closed

Canvas's measureText shouldn't throw SecurityError #3992

shhnjk opened this issue Sep 4, 2018 · 6 comments
Labels
topic: canvas

Comments

@shhnjk
Copy link
Contributor

shhnjk commented Sep 4, 2018

https://html.spec.whatwg.org/multipage/canvas.html#dom-context-2d-measuretext

If doing these measurements requires using a font that has an origin that is not the same as that of the Document object that owns the canvas element (even if "using a font" means just checking if that font has a particular glyph in it before falling back to another font), then the method, when invoked, must throw a "SecurityError" DOMException.

Cross-origin fonts are loaded with CORS enabled requests. Satisfying CORS should mean that Document object that owns the canvas element has access to the font even though it's not same-origin per origin cencept. Therefore "SecurityError" should not be thrown.
@annevk annevk mentioned this issue Sep 5, 2018
Closed
annevk added a commit that referenced this issue Sep 5, 2018
@annevk
measureText() doesn't need a security check
e0c9e7c 
Fonts have no origins. This was missed in 440a8eb.

Fixes #3992.
@annevk annevk mentioned this issue Sep 5, 2018
Merged
@annevk
Copy link
Member

annevk commented Sep 5, 2018

Thanks, how would you like to be acknowledged? I couldn't find you.

@shhnjk
Copy link
Contributor Author

shhnjk commented Sep 5, 2018

I'm not sure how acknowledgement look like in WHATWG but maybe something like Jun KoKatsu? If you can't link then only the name would be fine too :)

@annevk
Copy link
Member

annevk commented Sep 5, 2018

Only names, but we support all of Unicode if that's of interest. 😊

@shhnjk
Copy link
Contributor Author

shhnjk commented Sep 5, 2018

I don't expect everyone to be able to read my name in Japanese Kanji so english one's fine :)

@annevk
Copy link
Member

annevk commented Sep 5, 2018

For Kanji we typically list both, e.g., 黒澤剛志 (Kurosawa Takeshi).

@shhnjk
Copy link
Contributor Author

shhnjk commented Sep 5, 2018

Whoa! Then following please 😃
小勝 純 (Jun Kokatsu)

domenic pushed a commit that referenced this issue Sep 5, 2018
@annevk @domenic
Remove unnecessary security check from measureText()
ae94ec5 
Fonts have no origins. This was missed in
440a8eb.

Fixes #3992.
mustaqahmed pushed a commit to mustaqahmed/html that referenced this issue Feb 15, 2019
@annevk @mustaqahmed
Remove unnecessary security check from measureText()
f820634 
Fonts have no origins. This was missed in
440a8eb.

Fixes whatwg#3992.
mustaqahmed pushed a commit to mustaqahmed/html that referenced this issue Feb 15, 2019
@annevk @mustaqahmed
Remove unnecessary security check from measureText()
27e12e5 
Fonts have no origins. This was missed in
440a8eb.

Fixes whatwg#3992.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic: canvas
Milestone
No milestone
Development

No branches or pull requests
2 participants
@annevk @shhnjk