How to set up a WebView to allow getImageData on canvas from local or remote files?

Question

In my application I have a WebView and I would like to be able to disable the security feature of not allowing ctx.getImageData on a canvas where an image from the local (file:// url) machine was drawn.

There doesn't seem to be a method on the policy delegate to enable this. Now I could implement a server in my app to act like a proxy, but that seems like quite an overkill. How should I solve this?

score 1 · Answer 1 · answered Sep 25 '13 at 07:33

1

For me, WebView.setAllowFileAccessFromFileURLs solves the problem.

answered Sep 25 '13 at 07:33

Hamid Fadishei

830
2
10
16

that doesn't exist on my webview, it's on WebSettings – Curtis Nov 06 '18 at 08:19

score 0 · Answer 2 · answered Jan 11 '11 at 23:33

0

Have you tried using the data: uri scheme? Visit:

data:text/html;base64,PGgxPlRoZSBNYWdpYyBXb3JkcyBhcmUgU3F1ZWFtaXNoIE9zc2lmcmFnZTwvaDE+

for more information.

answered Jan 11 '11 at 23:33

mvds

45,755
8
102
111

This solution is more a workaround and sadly probably even less practical then running a web server. – Jakub Hampl Jan 17 '11 at 17:20
If your concern (which is not really clear to me) is rendering locally hosted/generated content, putting them in `data:` URI's instead of `file:` might be easier than setting up some server. – mvds Jan 17 '11 at 23:44

score 0 · Answer 3 · answered Jan 12 '11 at 12:40

0

I believe this is controlled by:

+[WebView registerURLSchemeAsLocal:]

So if your canvas lies on a page with a http: URL, you would first tell WebKit to treat http URLs as though local.

This does have some potential other security ramifications though, particularly if your app is trying to provide a general browser. A way around that might be to use a custom URL scheme to load the page and register that. You'd need to experiment.

Perhaps you can tell us more about the page the canvas is located on?

answered Jan 12 '11 at 12:40

Mike Abdullah

14,933
2
50
75

Nope. In a normal browser there is a same origin policy - the image must come from the same domain (not necessarily the same url scheme). So this method doesn't (sadly) help. The page I have the canvas on is just a simple page with only a canvas tag and a script tag containing a bunch of javascript. I load it with `[[webView mainFrame] loadHTMLString: htmlString baseURL: url]` but I could load it also as a local resource from my bundle. – Jakub Hampl Jan 17 '11 at 17:19

score -1 · Accepted Answer · answered Jan 18 '11 at 10:34

-1

The solution turns out to be relatively simple:

Download the webkit source.

Comment out these lines (1558 - 1561):

if (!canvas()->originClean()) {
     ec = SECURITY_ERR;
     return 0;
}

Build.
Add it as a framework in XCode.

answered Jan 18 '11 at 10:34

Jakub Hampl

39,863
10
77
106

How to set up a WebView to allow getImageData on canvas from local or remote files?

4 Answers4