[giow] (3) Make sure cross-origin fonts can't leak data via <canvas>.

Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=11955 git-svn-id: http://svn.whatwg.org/webapps@5873 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Feb 11, 2011 · b5ed735 · b5ed735
1 parent f33c988
commit b5ed735
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 0 deletions.
diff --git a/complete.html b/complete.html
@@ -34892,6 +34892,12 @@ <h5 id=security-with-canvas-elements><span class=secno>4.8.11.3 </span>Security
    <code><a href=#htmlcanvaselement>HTMLCanvasElement</a></code> whose <i>origin-clean</i> flag was
    false when the pattern was created.</li>
 
+   <li><p>The element's 2D context's <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>fillText()</a></code> or <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>strokeText()</a></code> methods are
+   invoked and end up using a font that has an <a href=#origin>origin</a>
+   that is not the <a href=#same-origin title="same origin">same</a> as that of
+   the <code><a href=#document>Document</a></code> object that owns the <code><a href=#the-canvas-element>canvas</a></code>
+   element.</li>
+
   </ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
   <code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to
   false is called, the method must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
@@ -34903,6 +34909,13 @@ <h5 id=security-with-canvas-elements><span class=secno>4.8.11.3 </span>Security
   correct arguments, the method must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
   exception.</p>
 
+  <p>Whenever the <code title=dom-context-2d-measureText><a href=#dom-context-2d-measuretext>measureText()</a></code> method of
+  the 2D context of a <code><a href=#the-canvas-element>canvas</a></code> element ends up using a font
+  that has an <a href=#origin>origin</a> that is not the <a href=#same-origin title="same
+  origin">same</a> as that of the <code><a href=#document>Document</a></code> object that
+  owns the <code><a href=#the-canvas-element>canvas</a></code> element, the method must raise a
+  <code><a href=#security_err>SECURITY_ERR</a></code> exception.</p>
+
   <p class=note>Even resetting the canvas state by changing its
   <code title=attr-canvas-width><a href=#attr-canvas-width>width</a></code> or <code title=attr-canvas-height><a href=#attr-canvas-height>height</a></code> attributes doesn't reset
   the <i>origin-clean</i> flag.</p>
@@ -59341,6 +59354,21 @@ <h3 id=origin-0><span class=secno>6.3 </span>Origin</h3>
 
    </dd>
 
+
+   <dt>For fonts</dt>
+
+   <dd>
+
+    <p>The <a href=#origin>origin</a> of a downloadable Web font is equal to
+    the <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> used to
+    obtain the font (after any redirects). <a href=#refsCSSFONTS>[CSSFONTS]</a></p>
+
+    <p>The <a href=#origin>origin</a> of a locally installed system font is
+    equal to the <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> in
+    which that font is being used.</p>
+
+   </dd>
+
   </dl><p>Other specifications can override the above definitions by
   themselves specifying the origin of a particular URL, script,
   <code><a href=#document>Document</a></code>, or image.</p>

diff --git a/index b/index
@@ -34875,6 +34875,12 @@ function AddCloud(data, x, y) { ... }</pre>
    <code><a href=#htmlcanvaselement>HTMLCanvasElement</a></code> whose <i>origin-clean</i> flag was
    false when the pattern was created.</li>
 
+   <li><p>The element's 2D context's <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>fillText()</a></code> or <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>strokeText()</a></code> methods are
+   invoked and end up using a font that has an <a href=#origin>origin</a>
+   that is not the <a href=#same-origin title="same origin">same</a> as that of
+   the <code><a href=#document>Document</a></code> object that owns the <code><a href=#the-canvas-element>canvas</a></code>
+   element.</li>
+
   </ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
   <code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to
   false is called, the method must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
@@ -34886,6 +34892,13 @@ function AddCloud(data, x, y) { ... }</pre>
   correct arguments, the method must raise a <code><a href=#security_err>SECURITY_ERR</a></code>
   exception.</p>
 
+  <p>Whenever the <code title=dom-context-2d-measureText><a href=#dom-context-2d-measuretext>measureText()</a></code> method of
+  the 2D context of a <code><a href=#the-canvas-element>canvas</a></code> element ends up using a font
+  that has an <a href=#origin>origin</a> that is not the <a href=#same-origin title="same
+  origin">same</a> as that of the <code><a href=#document>Document</a></code> object that
+  owns the <code><a href=#the-canvas-element>canvas</a></code> element, the method must raise a
+  <code><a href=#security_err>SECURITY_ERR</a></code> exception.</p>
+
   <p class=note>Even resetting the canvas state by changing its
   <code title=attr-canvas-width><a href=#attr-canvas-width>width</a></code> or <code title=attr-canvas-height><a href=#attr-canvas-height>height</a></code> attributes doesn't reset
   the <i>origin-clean</i> flag.</p>
@@ -59324,6 +59337,21 @@ x === this; // true</pre>
 
    </dd>
 
+
+   <dt>For fonts</dt>
+
+   <dd>
+
+    <p>The <a href=#origin>origin</a> of a downloadable Web font is equal to
+    the <a href=#origin>origin</a> of the <a href=#absolute-url>absolute URL</a> used to
+    obtain the font (after any redirects). <a href=#refsCSSFONTS>[CSSFONTS]</a></p>
+
+    <p>The <a href=#origin>origin</a> of a locally installed system font is
+    equal to the <a href=#origin>origin</a> of the <code><a href=#document>Document</a></code> in
+    which that font is being used.</p>
+
+   </dd>
+
   </dl><p>Other specifications can override the above definitions by
   themselves specifying the origin of a particular URL, script,
   <code><a href=#document>Document</a></code>, or image.</p>

diff --git a/source b/source
@@ -38568,6 +38568,14 @@ function AddCloud(data, x, y) { ... }</pre>
    <code>HTMLCanvasElement</code> whose <i>origin-clean</i> flag was
    false when the pattern was created.</p></li>
 
+   <li><p>The element's 2D context's <code
+   title="dom-context-2d-fillText">fillText()</code> or <code
+   title="dom-context-2d-fillText">strokeText()</code> methods are
+   invoked and end up using a font that has an <span>origin</span>
+   that is not the <span title="same origin">same</span> as that of
+   the <code>Document</code> object that owns the <code>canvas</code>
+   element.</p></li>
+
   </ul>
 
   <p>Whenever the <code
@@ -38583,6 +38591,14 @@ function AddCloud(data, x, y) { ... }</pre>
   correct arguments, the method must raise a <code>SECURITY_ERR</code>
   exception.</p>
 
+  <p>Whenever the <code
+  title="dom-context-2d-measureText">measureText()</code> method of
+  the 2D context of a <code>canvas</code> element ends up using a font
+  that has an <span>origin</span> that is not the <span title="same
+  origin">same</span> as that of the <code>Document</code> object that
+  owns the <code>canvas</code> element, the method must raise a
+  <code>SECURITY_ERR</code> exception.</p>
+
   <p class="note">Even resetting the canvas state by changing its
   <code title="attr-canvas-width">width</code> or <code
   title="attr-canvas-height">height</code> attributes doesn't reset
@@ -67401,6 +67417,22 @@ x === this; // true</pre>
 
    </dd>
 
+
+   <dt>For fonts</dt>
+
+   <dd>
+
+    <p>The <span>origin</span> of a downloadable Web font is equal to
+    the <span>origin</span> of the <span>absolute URL</span> used to
+    obtain the font (after any redirects). <a
+    href="#refsCSSFONTS">[CSSFONTS]</p>
+
+    <p>The <span>origin</span> of a locally installed system font is
+    equal to the <span>origin</span> of the <code>Document</code> in
+    which that font is being used.</p>
+
+   </dd>
+
   </dl>
 
   <p>Other specifications can override the above definitions by