146561 2015-07-02 15:44:08 -0700 REGRESSION (r139294): Images loaded via -webkit-mask-image now undergo same-origin checks 2015-10-13 20:49:15 -0700 1 1 1 Unclassified WebKit CSS 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=139294 P2 Normal --- 1 simon.fraser webkit-unassigned ap krit simon.fraser oldest_to_newest 1106504 0 simon.fraser 2015-07-02 15:44:08 -0700 After r139294, we're applying the same-origin policy to images loaded in -webkit-masks. Since this doesn't happen for CSS images or <img>, I don't think this is a progression. 1106657 1 ap 2015-07-03 01:58:19 -0700 > After r139294 I think that you meant bug 139294. It's not obvious to me whether this is right or wrong. Does -webkit-mask ever affect content that would cause tainting if loaded cross-origin? 1107371 2 krit 2015-07-06 22:46:31 -0700 (In reply to comment #1) > > After r139294 > > I think that you meant bug 139294. > > It's not obvious to me whether this is right or wrong. Does -webkit-mask > ever affect content that would cause tainting if loaded cross-origin? If webkit-mask does not load an image but references a mask element, we need a cross-origin check. However, at the time we had checked if the normal image loading works properly. If even images are cross-origin checked, then this might be a regression introduced at a later point. 1133025 3 simon.fraser 2015-10-13 20:49:15 -0700 No longer an issue since the code was rolled out.