Skip to content
Snippets Groups Projects
New look
Closed (moved) Canvas image extraction prompt logic
  • View options

    • Canvas image extraction prompt logic

  • View options
    • Closed (moved) Issue created by Arthur Edelstein

    For our canvas image extraction patch (#6253 (closed)), I think the following describes the logic in bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) in CanvasUtils.cpp:

    1. Get the first party URI of the aDocument
    2. Check Permission Manager to see if that first party URI has permission to access canvas data; return "true" if so.
    3. Otherwise, check if aDocument is "third party" (meaning, presumably, an iframe or similar)
    4. If aDocument is not "third party", then show a prompt allowing user to give permission (to the first party) to access canvas data.
    5. If the user gives permission ("always"), then add the first-party URI to the Permissions database

    Is there a reason we are preventing third parties from requesting permission on behalf of the first party?

    My feeling is we should either (a) allow third parties to request permission to extract canvas data, but assign that permission to the first party, or (b) prevent third parties from extracting canvas data at all. I might be confused about this, though.

    Linked items ... 0

    • Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading