28987 – fillText and fillStroke are unsecured

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 28987 - fillText and fillStroke are unsecured

Summary: fillText and fillStroke are unsecured

Status:	RESOLVED FIXED

Alias:	None

Product:	HTML WG
Classification:	Unclassified
Component:	CR HTML Canvas 2D Context (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 critical
Target Milestone:	---
Assignee:	This bug has no owner yet - up for the taking
QA Contact:	HTML WG Bugzilla archive list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-07-23 15:48 UTC by Philippe Le Hegaret
Modified:	2015-07-28 17:56 UTC (History)
CC List:	1 user (show)

See Also:

Attachments

Description Philippe Le Hegaret 2015-07-23 15:48:10 UTC

https://w3c.github.io/2dcontext/#dom-context-2d-filltext
 doesn't say anything (unlike Level 2) about markup the origin-clean as false. Again, this needs to be sync'ed with Level 2 otherwise it creates a security issue.

Comment 1 Philippe Le Hegaret 2015-07-23 15:51:43 UTC

Should be fixed by
 https://github.com/w3c/2dcontext/commit/7937209404d8efa5351da3ba15bba6395e81d9da