In order to prevent information leakage, the HTML5 canvas element has a origin-clean flag. (See HTML5, section 220.127.116.11, "Security with canvas elements".) For a WebGL context, the origin-clean flag must be set to false if any of the following actions occur:
- The texImage2D method is called with an HTMLImageElement or HTMLVideoElement whose origin is not the same as that of the Document object that owns the canvas element.[/*:m:1gu8g3j7]
- The texImage2D method is called with an HTMLCanvasElement whose origin-clean flag is set to false. [/*:m:1gu8g3j7]
Whenever the readPixels method of the 2D context of a canvas element whose origin-clean flag is set to false is called with otherwise correct arguments, the method must raise a SECURITY_ERR exception.