Contact emails
ju...@chromium.org, p...@chromium.org, f...@opera.com
Spec
https://html.spec.whatwg.org/multipage/scripting.html#the-image-argument-is-not-origin-clean
Summary
The implementation in Chrome was deliberately not spec compliant: we tainted the canvas out of concerns for user privacy. With the current implementation of foreignObject, the OS theme could be partially leaked and used as a fingerprinting. For example, by drawing HTML form controls into a canvas, and reading back the pixels.
However, <foreignObject> *is* secure when it comes to not leaking cross-origin content and not leaking browsing history (via visited link color).
Reasons for lifting the restriction on <foreignObject> readbacks:
Is this feature supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes
Interoperability and Compatibility Risk
This actually fixes a long-standing interoperability bug.
OWP launch tracking bug
Entry on the feature dashboard
None, since this is a very small change.
LGTM1 to match the spec and Firefox.If it's easy it would be great to get a WPT test in place that tracks the deviation between Chrome/Firefox and Edge/Safari.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
On the bug, the last comment about leaking visited links sounds somewhat inconclusive (https://bugs.chromium.org/p/chromium/issues/detail?id=294129#c24). "The real danger is leaking visited link information which is managed in the browser process. In my tests, this doesn't leak, but I don't think we can say that confidently yet."Is there any more information available about the risk of leaking visited links?
On Thu, Dec 22, 2016 at 1:54 PM, Emily Stark <est...@chromium.org> wrote:On the bug, the last comment about leaking visited links sounds somewhat inconclusive (https://bugs.chromium.org/p/chromium/issues/detail?id=294129#c24). "The real danger is leaking visited link information which is managed in the browser process. In my tests, this doesn't leak, but I don't think we can say that confidently yet."Is there any more information available about the risk of leaking visited links?pdr@ or fs@, do you know the answer?
On Thu, Dec 22, 2016 at 1:54 PM, Emily Stark <est...@chromium.org> wrote:On the bug, the last comment about leaking visited links sounds somewhat inconclusive (https://bugs.chromium.org/p/chromium/issues/detail?id=294129#c24). "The real danger is leaking visited link information which is managed in the browser process. In my tests, this doesn't leak, but I don't think we can say that confidently yet."Is there any more information available about the risk of leaking visited links?pdr@ or fs@, do you know the answer?Assuming there is no risk, We also have to make sure there is adequate testing around this.
On Thu, Dec 22, 2016 at 8:39 PM, Justin Novosad <ju...@chromium.org> wrote:On Thu, Dec 22, 2016 at 1:54 PM, Emily Stark <est...@chromium.org> wrote:On the bug, the last comment about leaking visited links sounds somewhat inconclusive (https://bugs.chromium.org/p/chromium/issues/detail?id=294129#c24). "The real danger is leaking visited link information which is managed in the browser process. In my tests, this doesn't leak, but I don't think we can say that confidently yet."Is there any more information available about the risk of leaking visited links?pdr@ or fs@, do you know the answer?Assuming there is no risk, We also have to make sure there is adequate testing around this.I did a quick scan for existing test coverage and found:svg/as-image/svg-canvas-link-not-colored.html