[giow] (2) taint canvas if we even _consider_ a cross-site font

Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=12309 git-svn-id: http://svn.whatwg.org/webapps@6105 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · May 6, 2011 · cd46337 · cd46337
1 parent 40ccd5c
commit cd46337
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 6 deletions.
diff --git a/complete.html b/complete.html
@@ -37046,10 +37046,15 @@ <h5 id=security-with-canvas-elements><span class=secno>4.8.11.3 </span>Security
    false when the pattern was created.</li>
 
    <li><p>The element's 2D context's <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>fillText()</a></code> or <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>strokeText()</a></code> methods are
-   invoked and end up using a font that has an <a href=#origin>origin</a>
+   invoked and consider using a font that has an <a href=#origin>origin</a>
    that is not the <a href=#same-origin title="same origin">same</a> as that of
    the <code><a href=#document>Document</a></code> object that owns the <code><a href=#the-canvas-element>canvas</a></code>
-   element.</li>
+   element. (The font doesn't even have to be used; all that matters
+   is whether the font was considered for any of the glyphs
+   drawn.)</li> <!-- because fonts could consider sensitive
+   material, I guess; and because that sensitivity could extend to
+   whether or not a particular glyph is in the font in the first
+   place. -->
 
   </ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
   <code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to

diff --git a/index b/index
@@ -37074,10 +37074,15 @@ function AddCloud(data, x, y) { ... }</pre>
    false when the pattern was created.</li>
 
    <li><p>The element's 2D context's <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>fillText()</a></code> or <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>strokeText()</a></code> methods are
-   invoked and end up using a font that has an <a href=#origin>origin</a>
+   invoked and consider using a font that has an <a href=#origin>origin</a>
    that is not the <a href=#same-origin title="same origin">same</a> as that of
    the <code><a href=#document>Document</a></code> object that owns the <code><a href=#the-canvas-element>canvas</a></code>
-   element.</li>
+   element. (The font doesn't even have to be used; all that matters
+   is whether the font was considered for any of the glyphs
+   drawn.)</li> <!-- because fonts could consider sensitive
+   material, I guess; and because that sensitivity could extend to
+   whether or not a particular glyph is in the font in the first
+   place. -->
 
   </ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
   <code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to

diff --git a/source b/source
@@ -41157,10 +41157,15 @@ function AddCloud(data, x, y) { ... }</pre>
    <li><p>The element's 2D context's <code
    title="dom-context-2d-fillText">fillText()</code> or <code
    title="dom-context-2d-fillText">strokeText()</code> methods are
-   invoked and end up using a font that has an <span>origin</span>
+   invoked and consider using a font that has an <span>origin</span>
    that is not the <span title="same origin">same</span> as that of
    the <code>Document</code> object that owns the <code>canvas</code>
-   element.</p></li>
+   element. (The font doesn't even have to be used; all that matters
+   is whether the font was considered for any of the glyphs
+   drawn.)</p></li> <!-- because fonts could consider sensitive
+   material, I guess; and because that sensitivity could extend to
+   whether or not a particular glyph is in the font in the first
+   place. -->
 
   </ul>