HTML Standard Tracker

Filter

File a bug

SVNBugCommentTime (UTC)
6879[Gecko] [Internet Explorer] [Opera] [Webkit] Make sure canvas.toBlob() honours the origin-clean flag. Also, make it more likely this will be implemented correctly by explicitly putting the security checks in the relevant algorithms.2012-01-06 20:46
@@ -40045,20 +40045,26 @@ dictionary <dfn>TrackEventInit</dfn> : <span>EventInit</span> {
   </dl>
 
   <div class="impl">
 
   <p>The <dfn
   title="dom-canvas-toDataURL"><code>toDataURL()</code></dfn> method
   must run the following steps:</p>
 
   <ol>
 
+<!--ADD-TOPIC:Security-->
+   <li><p>If the <code>canvas</code> element's <i>origin-clean</i>
+   flag is set to false, throw a <code>SecurityError</code> exception
+   and abort these steps.</p>
+<!--REMOVE-TOPIC:Security-->
+
    <li><p>If the canvas has no pixels (i.e. either its horizontal
    dimension or its vertical dimension is zero) then return the string
    "<code title="">data:,</code>" and abort these steps. (This is the
    shortest <span title="data protocol"><code title="">data:</code>
    URL</span>; it represents the empty string in a <code
    title="">text/plain</code> resource.)</p></li>
 
    <li><p>Let <var title="">file</var> be <span>a serialization of the
    image as a file</span>, using the method's arguments (if any) as
    the <var title="">arguments</var>.</p></li>
@@ -40072,20 +40078,26 @@ dictionary <dfn>TrackEventInit</dfn> : <span>EventInit</span> {
    in each browser? -->
 
   </ol>
 
   <p>The <dfn
   title="dom-canvas-toBlob"><code>toBlob()</code></dfn> method
   must run the following steps:</p>
 
   <ol>
 
+<!--ADD-TOPIC:Security-->
+   <li><p>If the <code>canvas</code> element's <i>origin-clean</i>
+   flag is set to false, throw a <code>SecurityError</code> exception
+   and abort these steps.</p>
+<!--REMOVE-TOPIC:Security-->
+
    <li><p>Let <var title="">callback</var> be the first
    argument.</p></li>
 
    <li><p>Let <var title="">arguments</var> be the second and
    subsequent arguments to the method, if any.</p></li>
 
    <li><p>Let <var title="">file</var> be <span>a serialization of the
    image as a file</span>, using <var
    title="">arguments</var>.</p></li>
 
@@ -42982,24 +42994,34 @@ v6DVT (also check for '- -' bits in the part above) -->
   method takes one argument, <var title="">text</var>. When the method
   is invoked, the user agent must replace all the <span title="space
   character">space characters</span> in <var title="">text</var> with
   U+0020 SPACE characters, and then must form a hypothetical
   infinitely wide CSS line box containing a single inline box
   containing the text <var title="">text</var>, with all the
   properties at their initial values except the 'white-space' property
   of the inline element set to 'pre' and the 'font' property of the
   inline element set to the current font of the context as given by
   the <code title="dom-context-2d-font">font</code> attribute, and
-  must then return a new <code>TextMetrics</code> object with its
+  must then create a new <code>TextMetrics</code> object with its
   <code title="dom-textmetrics-width">width</code> attribute set to
-  the width of that inline box, in CSS pixels. <a
-  href="#refsCSS">[CSS]</a></p>
+  the width of that inline box, in CSS pixels.
+<!--ADD-TOPIC:Security-->
+  If doing these measurements requires using a font that has an
+  <span>origin</span> that is not the <span title="same
+  origin">same</span> as that of the <code>Document</code> object that
+  owns the <code>canvas</code> element (even if "using a font" means
+  just checking if that font has a particular glyph in it before
+  falling back to another font), then the method must throw a
+  <code>SecurityError</code> exception.
+<!--REMOVE-TOPIC:Security-->
+  Otherwise, it must return the new <code>TextMetrics</code> object.
+  <a href="#refsCSS">[CSS]</a></p>
 
   <p>The <code>TextMetrics</code> interface is used for the objects
   returned from <code
   title="dom-context-2d-measureText">measureText()</code>. It has one
   attribute, <dfn
   title="dom-textmetrics-width"><code>width</code></dfn>, which is set
   by the <code title="dom-context-2d-measureText">measureText()</code>
   method.</p>
 
   <p class="note">Glyphs rendered using <code
@@ -43297,32 +43319,36 @@ v6DVT (also check for '- -' bits in the part above) -->
   magnitude of <var title="">sh</var>. When invoked with a single <var
   title="">imagedata</var> argument, it must return an
   <code>ImageData</code> object representing a rectangle with the same
   dimensions as the <code>ImageData</code> object passed as the
   argument. The <code>ImageData</code> object returned must be filled
   with transparent black.</p>
 
   <p>The <dfn
   title="dom-context-2d-getImageData"><code>getImageData(<var
   title="">sx</var>, <var title="">sy</var>, <var title="">sw</var>,
-  <var title="">sh</var>)</code></dfn> method must return an
-  <code>ImageData</code> object representing the underlying pixel data
-  for the area of the canvas denoted by the rectangle whose corners are
-  the four points (<var title="">sx</var>, <var title="">sy</var>),
-  (<span title=""><var title="">sx</var>+<var title="">sw</var></span>, <var
-  title="">sy</var>), (<span title=""><var title="">sx</var>+<var
-  title="">sw</var></span>, <span title=""><var title="">sy</var>+<var
-  title="">sh</var></span>), (<var title="">sx</var>, <span title=""><var
-  title="">sy</var>+<var title="">sh</var></span>), in canvas
-  coordinate space units. Pixels outside the canvas must be returned
-  as transparent black. Pixels must be returned as non-premultiplied
-  alpha values.</p>
+  <var title="">sh</var>)</code></dfn> method must,
+<!--ADD-TOPIC:Security-->
+  if the <code>canvas</code> element's <i>origin-clean</i> flag is set
+  to false, throw a <code>SecurityError</code> exception; otherwise, it
+<!--REMOVE-TOPIC:Security-->
+  must return an <code>ImageData</code> object representing the
+  underlying pixel data for the area of the canvas denoted by the
+  rectangle whose corners are the four points (<var title="">sx</var>,
+  <var title="">sy</var>), (<span title=""><var title="">sx</var>+<var
+  title="">sw</var></span>, <var title="">sy</var>), (<span
+  title=""><var title="">sx</var>+<var title="">sw</var></span>, <span
+  title=""><var title="">sy</var>+<var title="">sh</var></span>),
+  (<var title="">sx</var>, <span title=""><var title="">sy</var>+<var
+  title="">sh</var></span>), in canvas coordinate space units. Pixels
+  outside the canvas must be returned as transparent black. Pixels
+  must be returned as non-premultiplied alpha values.</p>
 
   <p>If any of the arguments to <code
   title="dom-context-2d-createImageData">createImageData()</code> or
   <code title="dom-context-2d-getImageData">getImageData()</code>
   are infinite or NaN, the method must instead throw a
   <code>NotSupportedError</code> exception. If either the <var
   title="">sw</var> or <var title="">sh</var> arguments are zero,
   the method must instead throw an <code>IndexSizeError</code>
   exception.</p>
 
@@ -43896,40 +43922,25 @@ function AddCloud(data, x, y) { ... }</pre>
    the <code>Document</code> object that owns the <code>canvas</code>
    element. (The font doesn't even have to be used; all that matters
    is whether the font was considered for any of the glyphs
    drawn.)</p></li> <!-- because fonts could consider sensitive
    material, I guess; and because that sensitivity could extend to
    whether or not a particular glyph is in the font in the first
    place. -->
 
   </ul>
 
-  <p>Whenever the <code
-  title="dom-canvas-toDataURL">toDataURL()</code> method of a
-  <code>canvas</code> element whose <i>origin-clean</i> flag is set to
-  false is called, the method must throw a <code>SecurityError</code>
-  exception.</p>
-
-  <p>Whenever the <code
-  title="dom-context-2d-getImageData">getImageData()</code> method of
-  the 2D context of a <code>canvas</code> element whose
-  <i>origin-clean</i> flag is set to false is called with otherwise
-  correct arguments, the method must throw a <code>SecurityError</code>
-  exception.</p>
-
-  <p>Whenever the <code
-  title="dom-context-2d-measureText">measureText()</code> method of
-  the 2D context of a <code>canvas</code> element ends up using a font
-  that has an <span>origin</span> that is not the <span title="same
-  origin">same</span> as that of the <code>Document</code> object that
-  owns the <code>canvas</code> element, the method must throw a
-  <code>SecurityError</code> exception.</p>
+  <p>The <code title="dom-canvas-toDataURL">toDataURL()</code>, <code
+  title="dom-canvas-toBlob">toBlob()</code>, and <code
+  title="dom-context-2d-getImageData">getImageData()</code> methods
+  check the flag and will throw a <code>SecurityError</code> exception
+  rather than leak cross-origin data.</p>
 
   <p class="note">Even resetting the canvas state by changing its
   <code title="attr-canvas-width">width</code> or <code
   title="attr-canvas-height">height</code> attributes doesn't reset
   the <i>origin-clean</i> flag.</p>
 
   </div>
 <!--REMOVE-TOPIC:Security-->
 
 
@@ -115008,20 +115019,21 @@ if (s = prompt('What is your name?')) {
   Neil Deakin,
   Neil Rashbrook,
   Neil Soiffer,
   Nicholas Shanks,
   Nicholas Stimpson,
   Nicholas Zakas,
   Nickolay Ponomarev,
   Nicolas Gallagher,
   Noah Mendelsohn,
   Noah Slater,
+  Noel Gordon,
   NoozNooz42,
   Ojan Vafai,
   Olaf Hoffmann,
   Olav Junker Kj&aelig;r,
   Old&#345;ich Vete&#353;n&#237;k,
   Oli Studholme,
   Oliver Hunt,
   Oliver Rigby,
   Olivier Gendrin,
   Olli Pettay,

|