Skip to content

"The image argument is not origin-clean" check allows tainted ImageBitmaps #3341

New issue
New issue
Open
#3347
Open
"The image argument is not origin-clean" check allows tainted ImageBitmaps#3341
#3347
Assignees
annevk
Labels
security/privacyThere are security or privacy implicationstopic: canvas
@Ms2ger

Description

@Ms2ger
Ms2ger
opened on Jan 12, 2018

https://html.spec.whatwg.org/multipage/canvas.html#the-image-argument-is-not-origin-clean

The image argument is not origin-clean if it is an HTMLOrSVGImageElement or HTMLVideoElement whose origin is not the same as the origin specified by the entry settings object, or if it is an HTMLCanvasElement whose bitmap's origin-clean flag is false.

In particular, it doesn't check for ImageBitmap arguments, so the following doesn't taint the canvas:

createImageBitmap(crossOriginVideo).then(bitmap => ctx.drawImage(bitmap))

Metadata

Metadata

Assignees

Labels

security/privacyThere are security or privacy implicationstopic: canvas

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions