MediaWiki talk:Common.js
Jump to navigation
Jump to search
Rejection of revision #40018
I'm rejecting because I'm not super convinced that your code is awfully safe here, especially in its image handling. It's entirely possible that your canvas could well become tainted. I really don't like the setting of crossOrigin to "anonymous". Though a common practice, it could lead to problems, because it deliberately allows for unauthenticated downloads of images from off-site.
Beyond that, though, the whole point of some of the script is to grab images from elsewhere, and that inherently has both security and GDPR-compliance question marks that we'd rather avoid. -- CzechOut <staff /> 02:30, May 22, 2020 (UTC)