On 7/29/2010 3:37 PM, Ian Hickson wrote:
On Tue, 20 Apr 2010, Charles Pritchard wrote:
There does not seem to be a standard method of requesting elevated
permissions where local file access or cross-domain file access is
required.
Requesting permissions from whom? The user is not in any place to make
educated decisions about such things, the user agent can't know what's
secure ahead of time, and the author can't be trusted. That doesn't leave
many people. :-)
At the time, I was looking for a usable method of providing the user the
option to
paste the URL of an image resource, and load it for manipulation with
Canvas.
This lead to further discussion, bringing up the fact that CORS has not
really been implemented
for use with Canvas, via drawImage.
I then realized that my best route of implementation is an
XMLHttpRequest, followed by
base64 encoding, then loading that data through the <img> tag.
Unfortunately, base64 encoding of binary is really terrible in Firefox;
btoa/atob functions
seem to be written without much enthusiasm for large strings.
We'd want to use XMLHttpRequest anyway, so that we can store the
original image data
in offline storage. Otherwise, by grabbing the image data from a canvas
tag, we end up
with a large png file, when we could be saving the original jpg image.
Again, this circles around issues with Blob handling, more than it does
with security,
as XMLHttpRequest does support CORS, and is still our only widely
implemented method
of dealing with streams.
Currently, one must create a duplicate origin-clean Canvas element to
copy image data from a dirty element after privilege escalation.
What is "privilege escalation"?
In this case, a user giving the script permission to clear the
origin-clean flag.
Proposed method:
CanvasRenderingContext2D
resetOriginClean
throws SECURITY_ERR exception
When resetOriginClean is executed, an implementation shall request
elevated privileges, and if granted, set the origin-clean flag of the
canvas element to true.
What's the use case?
There are some warnings in browsers for other security items:
"This HTTPS Certificate is not valid, Continue / Cancel"
It does set a precedent for prompts like:
"This domain kitties4life.com is trying to access an image from
flickr.com, Continue / Cancel".
But, as I've said, using CORS is a far better alternative;
and using XMLHttpRequest isn't completely absurd, provided there were
a clean route for managing the data.
On Fri, 23 Apr 2010, Charles Pritchard wrote:
Has there been progress on enabling Canvas origin-clean with
Cross-Origin Resource Sharing?
The plan is to start using CORS once it's well-established in XHR2.
