Closed
Bug 387202
Opened 17 years ago
Closed 17 years ago
[FIX]Canvas shouldn't use direct same-origin check
Categories
(Core :: Graphics: Canvas2D, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha8
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
1.38 KB,
patch
|
vlad
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
Instead, this should be an Equals() or Subsumes() check. I think Subsumes() is right, so that a chrome canvas won't become readonly when something is painted into it.
Attachment #271312 -
Flags: superreview?(jst)
Attachment #271312 -
Flags: review?(vladimir)
Assignee | ||
Updated•17 years ago
|
Priority: -- → P2
Target Milestone: --- → mozilla1.9beta1
Assignee | ||
Comment 1•17 years ago
|
||
On the other hand, this will fail for a signed cert script which is grabbing an image from the same jar. Do we care? Unfortunately, we can't tell for the cert without doing the image load... Perhaps images should just expose the channel principal on the image?
Assignee | ||
Comment 2•17 years ago
|
||
To be exact, we could expose the principal of the channel that loaded the image on imgIRequest and possible on nsIImageLoadingContent as a shortcut. That would be a much better setup than using the image URI, in my opinion.
Assignee | ||
Comment 3•17 years ago
|
||
Then again, that raises the question of how document.domain should be handled. Right now, it's handled badly. Perhaps we'd want the sort of principal version of CheckConnect I mention in bug 387216 comment 1 here?
Assignee | ||
Comment 4•17 years ago
|
||
And nsCanvasRenderingContextGLPrivate really has the same issues...
Updated•17 years ago
|
Attachment #271312 -
Flags: superreview?(jst) → superreview+
Comment on attachment 271312 [details] [diff] [review] Proposed patch Ignore GLPrivate, it needs some more work :)
Attachment #271312 -
Flags: review?(vladimir) → review+
Assignee | ||
Comment 6•17 years ago
|
||
Checked in. Filed bug 389048 on imagelib exposing a better setup here.
Assignee | ||
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•