Created attachment 224914 [details] Test case for bug Related to Bug 108755 (https://bugs.webkit.org/show_bug.cgi?id=108755) that case seems to have resolved the issue for Data URLs that use base64-encoding, however when using a Data URL in utf8-encoding with SVG data, the same "SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent." is thrown. To reproduce: 1. Open the attached test case. OR 1. Generate an SVG image. 2. Add "data:image/svg+xml;utf8," as a prefix to turn it into a Data URL and set is as the "src" of an image 3. Paint that image onto a Canvas and try to call toDataURL() on it.
Correction: Data URIs in UTF8 format (data:image/svg+xml;utf8) and Base64 format (data:image/svg+xml;base64) seem to both taint the canvas; the checks to ensure an SVG source is safe seem to only check an SVG included as a remote file, and don't scan Data URI contents themselves.
(In reply to comment #1) > Correction: Data URIs in UTF8 format (data:image/svg+xml;utf8) and Base64 format (data:image/svg+xml;base64) seem to both taint the canvas; the checks to ensure an SVG source is safe seem to only check an SVG included as a remote file, and don't scan Data URI contents themselves. We load the SVG as SVG image which should be save enough, since SVG images already make sure that the security model is followed. A question: Can you load an embed an external SVG document in the Canvas?
Seems to be fixed in Safari 8.0 (10600.1.25.1).
I am not able to reproduce the issue in Safari 15.5 on macOS 12.4 and Safari behaves same as Firefox Nightly 103. Although, Chrome Canary 104 behaves differently and does not show any picture like Firefox and Safari. Should this be marked as "RESOLVED CONFIGURATION CHANGED"?
Thank you for checking!
Not sure what's up with Chrome, but that doesn't seem to be the same issue: Uncaught TypeError: Cannot read properties of null (reading 'appendChild') at Image.completionHandler (attachment.cgi?id=224914:26:17)