← Back to release summary

Non-origin-clean ImageBitmap serialization and transferring

Category

Graphics

Type

New or changed feature

Status

Removed (Chrome 80)

Intent stage

Removed

Summary

This change raises errors when a script tries to serialize or transfer a non-origin-clean ImageBitmap. A non-origin-clean ImageBitmap is one that contains data from cross cross-origin images that is not verified by CORS logic.

Motivation

We are developing Cross-Origin-Opener-Policy (COOP) and Cross-Origin-Embedder-Policy (COEP) for unblocking APIs such as memory measurement APIs. The basic idea is that we are going to “isolate” a renderer process so that resources not verified by CORS (or CORP) logic cannot enter the process. We call such a process as “cross-origin isolated” process. Non-origin-clean ImageBitmap is data we need to prevent from entering into an cross-origin isolated process. Hence we would like to disallow serialization and transferring non-origin-clean ImageBitmap.

Standards & signals

• Specification: https://html.spec.whatwg.org/multipage/imagebitmap-and-animations.html#imagebitmap
• Firefox: No signal
• Safari: No signal
• Web developers: No signals
• Tracking bug: https://crbug.com/1013087

View on chromestatus.com