html5 - 关于被污染的canvas(tainted canvas)的问题-PHP Chinese Network Q&A

Article Topic Learning Download Q&A Programming Dictionary Game Recent Updates

简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)

html5 - 关于被污染的canvas(tainted canvas)的问题

巴扎黑 2017-04-17 13:25:51

336

如果canvas中绘制了跨域请求到的图片，就被污染‘taint’了，这时不能再调用toBlob(), toDataURL()和getImageData()等方法, 否则会抛出安全错误(security error).

也就是说通过canvas无法获取其它域图片的内部信息。

This protects users from having private data exposed by using images to pull information from remote web sites without permission. from: https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_enabled_image

我不是很明白，这能解决什么安全隐患呢？

如果仅仅是一张图片，通过curl的方式或动态截屏的方式，很容易获取图片内容。
如果图片中保存了其它隐藏信息，如源代码 :) 也可以curl下来处理。

巴扎黑

reply all (1)

迷茫2017-04-17 13:27:51 1 floor

表示一样遇到该问题

Like+0

Add Reply

Php8, I'm coming too

Learn website layout in 30 minutes

Shangguan Oracle Beginner to Proficient Video Tutorial

Your first line of UNI-APP code

Flutter from scratch to app launch

Brother Lian New Linux Video Tutorial

AXURE 9 Video Tutorial (Suitable for Product Manager Interactive Product Design UI)

Zero Basic Proficiency PS Video Tutorial

16 day UI video tutorial to get you started

PS Techniques and Slicing Techniques Video Tutorial

Alibaba Cloud Environment Construction and Project Launch Video Tutorial

Overview of Computer Networks - Basic Knowledge that Programmers Must Master

Essential Tutorial for Programmers - HTTP Protocol Explanation

Websocket Video Tutorial