Posthumous intent to unship: experimental createImageBitmap() overload accepting ArrayBuffer and ArrayBufferView arguments

Last night, we were informed of security vulnerabilities in the
implementation of an experimental extension to createImageBitmap()
accepting ArrayBuffer and ArrayBufferView arguments which, as it turns out,
was accidentally shipped in bug 1141979.  After careful examination it
became clear that the implementation had several issues and a complete and
safe fix would probably not be something that could be deployed with a high
degree of confidence in a short amount of time to the release channel.  The
createImageBitmap() API, including the other overloads which other engines
also do ship isn=E2=80=99t a very popular API according to Chrome=E2=80=99s=
statistics: <>.
As to the best of our knowledge no other engine ships this variant of
createImageBitmap and we never intended to ship it and never publicized the
fact that we did, we decided that the best course of action, as unusual as
this would be, is to immediately unship the API.  As such, I wrote a patch
in bug  to immediately do the following on all the branches, including
Firefox 52.0.1 which was released a little while ago:

  * Hide this overload with the following WebIDL signature behind the
canvas.imagebitmap_extensions.enabled preference.
  * Turn this preference off on all branches by default.

The WebIDL signature in question is:

Promise<ImageBitmap> createImageBitmap(ImageBitmapSource aImage, long
aOffset, long aLength, ImageBitmapFormat aFormat, ImagePixelLayout aLayout)=

(We only supported the ArrayBuffer and ArrayBufferView variants of

This work happened in bug 1348168.

Also, please note that on Nightly and Aurora, where this preference used to
be on before, it controlled some other ImageBitmap API extensions which are
now also turned off because this work happened late at night and nobody
felt comfortable with leaving the rest of these extensions enabled
enabled.  I=E2=80=99d like to reiterate that having this pref set to a non-=
value is currently extremely dangerous.

3/18/2017 12:58:33 AM 5593 articles. 0 followers. Post Follow

0 Replies

Similar Articles

[PageSpeed] 21