Closed
Bug 1869202
Opened 1 year ago
Closed 1 year ago
taint filter if colour is currentColor
Categories
(Core :: SVG, defect)
Core
SVG
Tracking
()
RESOLVED
FIXED
122 Branch
People
(Reporter: longsonr, Assigned: longsonr)
Details
Attachments
(1 file)
Assignee | ||
Comment 1•1 year ago
|
||
Assignee | ||
Comment 2•1 year ago
|
||
Updated•1 year ago
|
Assignee: nobody → longsonr
Status: NEW → ASSIGNED
Pushed by longsonr@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/25a3d6c779f3
taint filter if input is currentColor r=emilio
Comment 4•1 year ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox122:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 122 Branch
Assignee | ||
Updated•1 year ago
|
Flags: in-testsuite+
Assignee | ||
Comment 5•1 year ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]:
This is a privacy improvement.
[Affects Firefox for Android]:
yes
[Suggested wording]:
To further protect user's privacy Firefox now taints filters that use currentColor as an input. Since color can be set by the :visited pseudo selector, it potentially contains privacy-sensitive information and therefore these primitives must be marked as tainted. This means that if you use such a filter you won't be able to read the filter output from canvas.
[Links (documentation, blog post, etc)]:
https://www.w3.org/TR/filter-effects-1/#tainted-filter-primitives
relnote-firefox:
--- → ?
Updated•1 year ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•