[wpt-sync] Sync PR 14750 - canvas: Restore the data: URL special case for tainting.

RESOLVED FIXED in Firefox 67

Status

enhancement
P4
normal
RESOLVED FIXED
6 months ago
5 months ago

People

(Reporter: wptsync, Unassigned)

Tracking

unspecified
mozilla67
Points:
---

Firefox Tracking Flags

(firefox67 fixed)

Details

(Whiteboard: [wptsync downstream], )

Sync web-platform-tests PR 14750 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/14750
Details from upstream follow.

Matt Falkenhagen <falken@chromium.org> wrote:

canvas: Restore the data: URL special case for tainting.

CanvasRenderingContext::WouldTaintOrigin() had a special case for data
URLs that was removed in r610498.[1] The assumption was that just calling
CanvasImageSource::WouldTaintOrigin() would return false on data URLs.
It turns out that function can return true due to a historical
restriction on SVG foreign object nodes, as discussed in bug 294129.

This CL reverses that behavior change, so data URLs again don't taint
the canvas. It partially reverts r610498 and dependent change r613433.

A WPT test is added. Chrome now passes the test despite bug 294129 being
open because it has this special case for data URLs on canvas.

[1] https://chromium-review.googlesource.com/c/chromium/src/+/1347953

Bug: 294129, 918460
Change-Id: I7c8cb4d37d950693956785c291dfd7660c42e662
Reviewed-on: https://chromium-review.googlesource.com/1400433
WPT-Export-Revision: e2fed8597ebc3834f92d91297b67b0f7485d8c8e

Pushed by james@hoppipolla.co.uk:
https://hg.mozilla.org/integration/mozilla-inbound/rev/831fbc3b08b5
[wpt PR 14750] - canvas: Restore the data: URL special case for tainting., a=testonly
Pushed by james@hoppipolla.co.uk:
https://hg.mozilla.org/integration/mozilla-inbound/rev/74bc4bd79017
[wpt PR 14750] - canvas: Restore the data: URL special case for tainting., a=testonly
Status: NEW → RESOLVED
Closed: 5 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
You need to log in before you can comment on or make changes to this bug.