Philip Rogers (Gerrit)

unread,

May 14, 2026, 1:15:58 PM (14 hours ago) May 14

to Menard, Alexis, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, Stefan Zager, chromium...@chromium.org, apavlo...@chromium.org, blink-revi...@chromium.org, zol...@webkit.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org

Attention needed from Stefan Zager

Philip Rogers voted and added 3 comments

Votes added by Philip Rogers

Commit-Queue

+1

3 comments

Patchset-level comments

File-level comment, Patchset 2:

Philip Rogers . resolved

I think this is too brittle and complex. I'd like to switch to just pessimistically treating all css paint worklet images as cross-origin. WDYT? This would prevent them from working in html-in-canvas. Paint worklet is currently chromium-only, and we could bring this patch back in the future if needed.

Philip Rogers

Updated to this approach in the latest patch.

File-level comment, Patchset 5 (Latest):

Philip Rogers . resolved

PTAL

File third_party/blink/renderer/core/style/style_generated_image.cc

Line 105, Patchset 2:bool StyleGeneratedImage::IsCorsSameOrigin(const ComputedStyle* style,

Stefan Zager . resolved

This might feel less gross if we could pre-compute it during style resolution rather than computing it on the fly from paint.

Philip Rogers

Unfortunately, this is not computed until paint time. For example `BoxPainterBase::PaintFillLayer` calls `StyleGeneratedImage::GetImage` (this is one of many callers of `GetImage`), and this is what copies the paint-worklet inputs off the style object (see: `CSSPaintValue::GetImage`).

Open in Gerrit

Related details

Attention is currently required from:

Stefan Zager

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Stefan Zager (Gerrit)

unread,

May 14, 2026, 4:14:02 PM (11 hours ago) May 14

to Philip Rogers, Menard, Alexis, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, apavlo...@chromium.org, blink-revi...@chromium.org, zol...@webkit.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org

Attention needed from Philip Rogers

Stefan Zager voted and added 1 comment

Votes added by Stefan Zager

Code-Review

+1

1 comment

Patchset-level comments

File-level comment, Patchset 5 (Latest):

Stefan Zager . resolved

lgtm

Open in Gerrit

Related details

Attention is currently required from:

Philip Rogers

Submit Requirements:

Code-Coverage
Code-Owners

Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Philip Rogers (Gerrit)

unread,

May 14, 2026, 4:38:51 PM (11 hours ago) May 14

to Stefan Zager, Menard, Alexis, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, apavlo...@chromium.org, blink-revi...@chromium.org, zol...@webkit.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org

Philip Rogers voted Commit-Queue+2

Commit-Queue

+2

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

May 14, 2026, 7:08:48 PM (8 hours ago) May 14

to Philip Rogers, Stefan Zager, Menard, Alexis, android-bu...@system.gserviceaccount.com, chromium...@chromium.org, apavlo...@chromium.org, blink-revi...@chromium.org, zol...@webkit.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org

Chromium LUCI CQ submitted the change

Change information

Commit message:

[html-in-canvas] Treat paint worklets as cross-origin

This patch pessimistically prevents painting paint worklets in
html-in-canvas to avoid leaking cross-origin information. A bug
(https://crbug.com/513107673) has been filed and TODOs have been added
to the code and test to add support for this in the future.

Bug: 512516331

Change-Id: I88509e079f9640edfe0da22e2655143d695e8512

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7846744

Commit-Queue: Philip Rogers <p...@chromium.org>

Reviewed-by: Stefan Zager <sza...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#1630855}

Files:

M third_party/blink/renderer/core/css/css_gradient_value.h
M third_party/blink/renderer/core/css/css_image_generator_value.cc
M third_party/blink/renderer/core/css/css_image_generator_value.h
M third_party/blink/renderer/core/css/css_paint_value.cc
M third_party/blink/renderer/core/css/css_paint_value.h
M third_party/blink/renderer/core/style/style_generated_image.cc
M third_party/blink/renderer/core/style/style_generated_image.h
A third_party/blink/web_tests/wpt_internal/html/canvas/drawElementImage/privacy/paint-worklet-cross-origin-image-ignored.https.sub.html

Change size: M

Delta: 8 files changed, 142 insertions(+), 1 deletion(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Stefan Zager

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

[html-in-canvas] Treat paint worklets as cross-origin [chromium/src : main]

Philip Rogers (Gerrit)

Philip Rogers voted and added 3 comments

Votes added by Philip Rogers

3 comments

Related details

Stefan Zager (Gerrit)

Stefan Zager voted and added 1 comment

Votes added by Stefan Zager

1 comment

Related details

Philip Rogers (Gerrit)

Philip Rogers voted Commit-Queue+2

Related details

Chromium LUCI CQ (Gerrit)

Chromium LUCI CQ submitted the change

Change information