Created attachment 271312 [details] [diff] [review] Proposed patch Instead, this should be an Equals() or Subsumes() check. I think Subsumes() is right, so that a chrome canvas won't become readonly when something is painted into it.
Priority: -- → P2
Target Milestone: --- → mozilla1.9beta1
On the other hand, this will fail for a signed cert script which is grabbing an image from the same jar. Do we care? Unfortunately, we can't tell for the cert without doing the image load... Perhaps images should just expose the channel principal on the image?
To be exact, we could expose the principal of the channel that loaded the image on imgIRequest and possible on nsIImageLoadingContent as a shortcut. That would be a much better setup than using the image URI, in my opinion.
Then again, that raises the question of how document.domain should be handled. Right now, it's handled badly. Perhaps we'd want the sort of principal version of CheckConnect I mention in bug 387216 comment 1 here?
And nsCanvasRenderingContextGLPrivate really has the same issues...
Attachment #271312 - Flags: superreview?(jst) → superreview+
Comment on attachment 271312 [details] [diff] [review] Proposed patch Ignore GLPrivate, it needs some more work :)
Attachment #271312 - Flags: review?(vladimir) → review+
Checked in. Filed bug 389048 on imagelib exposing a better setup here.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.