On Thu, Apr 22, 2010 at 5:05 PM, Charles Pritchard<ch...@jumis.com> wrote:
Boris, you haven't provided me with any reasoning/room to address the issue.
Sorry. The point is that providing for dynamic privilege escalation (in
the sense that the permissions of a chunk of code change on the fly) is
not something we plan to support going forward. In particular it
imposes significant performance costs on our JavaScript implemenation
which we would obviously like to eliminate.
I see no problems with exposing a resetOriginClean method to "trusted"
code; my problem is with a setup where code transitions from trusted to
untrusted, and with random gradations in trust levels that enforce
security checks all over the place. That's what we would not want to
implement.
> It'd only prompt the user for permissions in the same cases that
> enablePrivilege does.
Which is about to become "never" in Gecko as soon as we can make it
happen....
> I'm just trying to standardize the really awkward experience a
> trusted application has to go through to grab permitted image data.
If an application is trusted (in the "system principal" sense in
Mozilla, not in the broken enablePrivilege sense), how did it end up
with a dirty canvas to start with?
I do think the CORS suggestion elsewhere in this thread is a good one,
by the way.
-Boris
