Skip to content

Commit

Permalink
Remove unnecessary and unimplemented canvas tainting when painting text
Browse files Browse the repository at this point in the history
As discussed in #1540, this check does not give any additional
protections over those already provided by CORS, which these days fonts
are subject to.

Fixes #1540. Helps with #1431.
  • Loading branch information
domenic committed Jul 13, 2016
1 parent 29ebd5b commit 4c4c517
Showing 1 changed file with 0 additions and 12 deletions.
12 changes: 0 additions & 12 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -62679,18 +62679,6 @@ try {

</li>

<!--ADD-TOPIC:Security-->
<li><p>If the <span>text preparation algorithm</span> used a font that has an <span>origin</span>
that is not the <span data-x="same origin">same</span> as the <span>origin</span> specified by
the <span>entry settings object</span> (even if "using a font" means just checking if that font
has a particular glyph in it before falling back to another font), then set the
<code>CanvasRenderingContext2D</code>'s <span
data-x="concept-canvas-origin-clean">origin-clean</span> flag to false.</p></li>
<!-- because fonts could be considered sensitive material, I guess; and because that
sensitivity could extend to whether or not a particular glyph is in the font in the first place.
-->
<!--REMOVE-TOPIC:Security-->

</ol>

<!--v6DVT - this is commented out until CSS can get its act together
Expand Down

0 comments on commit 4c4c517

Please sign in to comment.