Bug 146561

Summary: REGRESSION (r139294): Images loaded via -webkit-mask-image now undergo same-origin checks
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, krit, simon.fraser
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=139294

Description Simon Fraser (smfr) 2015-07-02 15:44:08 PDT 
After r139294, we're applying the same-origin policy to images loaded in -webkit-masks. Since this doesn't happen for CSS images or <img>, I don't think this is a progression.
Comment 1 Alexey Proskuryakov 2015-07-03 01:58:19 PDT 
> After r139294 

I think that you meant bug 139294.

It's not obvious to me whether this is right or wrong. Does -webkit-mask ever affect content that would cause tainting if loaded cross-origin?
Comment 2 Dirk Schulze 2015-07-06 22:46:31 PDT 
(In reply to comment #1)
> > After r139294 
> 
> I think that you meant bug 139294.
> 
> It's not obvious to me whether this is right or wrong. Does -webkit-mask
> ever affect content that would cause tainting if loaded cross-origin?

If webkit-mask does not load an image but references a mask element, we need a cross-origin check. However, at the time we had checked if the normal image loading works properly. If even images are cross-origin checked, then this might be a regression introduced at a later point.
Comment 3 Simon Fraser (smfr) 2015-10-13 20:49:15 PDT 
No longer an issue since the code was rolled out.