tags:

views:

1094

answers:

2
+2  Q: 

Why does canvas.toDataURL() throw a security exception?

did i not get enough sleep or what?? This throws Error: SECURITY_ERR: DOM Exception 18 and here's my js code... There's no way this shouldn't work!!!

var frame=document.getElementById("viewer");
frame.width=100;
frame.height=100;
var ctx=frame.getContext("2d");
var img=new Image();
img.src="http://www.ansearch.com/images/interface/item/small/image.png"

img.onload=function() {
 //draw image
 ctx.drawImage(img, 0, 0)

 //here's where the error happens:

 window.open(frame.toDataURL("image/png"));
}

can anyone explain this, please?

+3  A: 

You can't put spaces in your ID

Update

My guess is that image is on a different server than where you're executing the script. I was able to duplicate your error when running it on my own page, but it worked fine the moment I used an image hosted on the same domain. So it's security related - put the image on your site. Anyone know why this is the case?

Mike Robinson  2010-03-05 22:01:31
I changed this and tested it, but got the same error...
pop850  2010-03-05 22:05:38
@pop850: see edit
Matchu  2010-03-05 22:34:05
+3  A: 

In the specs it says:

Whenever the toDataURL() method of a canvas element whose origin-clean flag is set to false is called, the method must raise a SECURITY_ERR exception.

If the image is coming from another server I don't think you can use toDataURL()

Bob  2010-03-05 22:24:52
And there it is
Mike Robinson  2010-03-05 22:28:17
thanks so much! like Mike R. I can't imagine how this could be security-related! :)
pop850  2010-03-05 22:36:55
If an attacker is able to guess the name of a picture that you have in a private site, he would be able to get a copy of it by painting in on a canvas and sending the new image to his site. The main restriction from my point of view is to avoid drawing the contents of another site, but security is too complex as the attacker can find a hole in any unexpected site.
AlfonsoML  2010-03-05 23:46:30
Note that the subdomain matters as well. In my experience, in Chrome at least, a SECURITY_ERR: DOM Exception 18 is raised when making a call that is perceived to be across subdomains:1. in http://www.example.com/some/path/index.html for a video or image in foo.example.com 2. when going to the same page as in 1 but by entering the URL http://example.com/some/path/index.html and then attempting to call toDataUrl() for a video or image in www.example.com
Sam Dutton  2010-06-25 06:08:59

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript