Importing issue http://code.google.com/p/chromium/issues/detail?id=21847
Reported by firstname.lastname@example.org, Yesterday (36 hours ago)
Chrome Version : 126.96.36.199 (Official Build 25376)
URLs (if applicable) : http://members.shaw.ca/briantclee/canvas.html
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
Safari 4: FAIL.
Firefox 3.x: OK
Opera 10: OK
IE 7: FAIL. Canvas not supported.
IE 8: FAIL. Canvas not supported.
What steps will reproduce the problem?
1. Have a webpage:
1. Create an Image from a data URL.
2. Create a canvas.
3. Draw the image to the canvas.
4. Call canvas.toDataURL().
2. Launch the webpage.
What is the expected result?
toDataURL() returns a data URL for the image drawn to the canvas.
What happens instead?
Error in the console: "Uncaught Error: SECURITY_ERR: DOM Exception 18".
Drawing from an image with source being a data URL seems to set the
origin-clean flag false. I don't think this should be although it doesn't
explicitly mention this in
We should make sure to test svg data urls to make sure they don't get through.
(In reply to comment #1)
> We should make sure to test svg data urls to make sure they don't get through.
You mean something like data:text/svg,<svg>...
Why shouldn't that get through?
(In reply to comment #2)
> (In reply to comment #1)
> > We should make sure to test svg data urls to make sure they don't get through.
> You mean something like data:text/svg,<svg>...
> Why shouldn't that get through?
The specific issue i think is that you can do
or whatever. However i *think* we would catch that as being a multi-origin source. I think Sam's point was that we need to have a test that ensures the correct restrictions are in place.
This is fallout from our treatment of data URLs being different than required by the HTML5 spec:
If a Document or image was generated from a data: URL found in another Document or in a script
The origin is the origin of the Document or script in which the data: URL was found.
We'll want to think carefully before adopting this requirement, but I think we can fix the canvas behavior independently.
Created attachment 39820 [details]
Comment on attachment 39820 [details]
r=me, we should fix tracking of data url origin as well i guess
Thanks for the review. I think Maciej has strong opinions about the data URL / noAccess thing. We'd definitely want to talk with him before changing it.
+ Test that drawing a data URL image onto a canvas behaves as expected.
+ Note the tricky case involving an data URL SVG image with an embedded
+ remote image.
Typo: "an data URL".
> Typo: "an data URL".
Thanks. I'll fix it on landing.
Committed r48556: <http://trac.webkit.org/changeset/48556>
*** Bug 17150 has been marked as a duplicate of this bug. ***
Hi. It seems this problem is back. Tested in nightly WebKit-r52593 on Windows. Given testcase does not show data url. Problem seems to be fixed in nightly Chrome build (r30453) though.
Can you file a new bug and CC the relevant folks? Odd that the test didn't catch the regression...
See Bug 33029