[FIX]Canvas shouldn't use direct same-origin check

RESOLVED FIXED in mozilla1.9alpha8

Status

()

P2
normal
RESOLVED FIXED
12 years ago
11 years ago

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Tracking

(Blocks: 1 bug)

Trunk
mozilla1.9alpha8
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

12 years ago
Created attachment 271312 [details] [diff] [review]
Proposed patch

Instead, this should be an Equals() or Subsumes() check.  I think Subsumes() is right, so that a chrome canvas won't become readonly when something is painted into it.
Attachment #271312 - Flags: superreview?(jst)
Attachment #271312 - Flags: review?(vladimir)
(Assignee)

Updated

12 years ago
Priority: -- → P2
Target Milestone: --- → mozilla1.9beta1
(Assignee)

Comment 1

12 years ago
On the other hand, this will fail for a signed cert script which is grabbing an image from the same jar.  Do we care?  Unfortunately, we can't tell for the cert without doing the image load...

Perhaps images should just expose the channel principal on the image?
(Assignee)

Comment 2

12 years ago
To be exact, we could expose the principal of the channel that loaded the image on imgIRequest and possible on nsIImageLoadingContent as a shortcut.  That would be a much better setup than using the image URI, in my opinion.
(Assignee)

Comment 3

12 years ago
Then again, that raises the question of how document.domain should be handled.  Right now, it's handled badly.  Perhaps we'd want the sort of principal version of CheckConnect I mention in bug 387216 comment 1 here?
(Assignee)

Comment 4

12 years ago
And nsCanvasRenderingContextGLPrivate really has the same issues...

Updated

11 years ago
Attachment #271312 - Flags: superreview?(jst) → superreview+
Comment on attachment 271312 [details] [diff] [review]
Proposed patch

Ignore GLPrivate, it needs some more work :)
Attachment #271312 - Flags: review?(vladimir) → review+
(Assignee)

Comment 6

11 years ago
Checked in.  Filed bug 389048 on imagelib exposing a better setup here.
(Assignee)

Updated

11 years ago
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.