146561 – REGRESSION (r139294): Images loaded via -webkit-mask-image now undergo same-origin checks

Bug 146561 - REGRESSION (r139294): Images loaded via -webkit-mask-image now undergo same-origin checks

Summary: REGRESSION (r139294): Images loaded via -webkit-mask-image now undergo same-o...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	CSS (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-07-02 15:44 PDT by Simon Fraser (smfr)
Modified:	2015-10-13 20:49 PDT (History)
CC List:	3 users (show)

See Also:	139294

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Simon Fraser (smfr) 2015-07-02 15:44:08 PDT

After r139294, we're applying the same-origin policy to images loaded in -webkit-masks. Since this doesn't happen for CSS images or <img>, I don't think this is a progression.

Comment 1 Alexey Proskuryakov 2015-07-03 01:58:19 PDT

> After r139294 

I think that you meant bug 139294.

It's not obvious to me whether this is right or wrong. Does -webkit-mask ever affect content that would cause tainting if loaded cross-origin?

Comment 2 Dirk Schulze 2015-07-06 22:46:31 PDT

(In reply to comment #1)
> > After r139294 
> 
> I think that you meant bug 139294.
> 
> It's not obvious to me whether this is right or wrong. Does -webkit-mask
> ever affect content that would cause tainting if loaded cross-origin?

If webkit-mask does not load an image but references a mask element, we need a cross-origin check. However, at the time we had checked if the normal image loading works properly. If even images are cross-origin checked, then this might be a regression introduced at a later point.

Comment 3 Simon Fraser (smfr) 2015-10-13 20:49:15 PDT

No longer an issue since the code was rolled out.