logo daycom
Tainted Canvas
Tainted Canvas

Tainted Canvas Apr 2026

This feature protects user privacy by preventing malicious websites from "stealing" sensitive images (like bank statements or private photos) that might be cached or authenticated in a user's browser. Without this, a script could draw a private image to a canvas, read its pixels, and send that data to a third-party server. How to Fix It (CORS) cookies - Why is a "tainted canvas" a risk?

: You cannot use toDataURL() , toBlob() , or captureStream() . Tainted Canvas

Once a canvas is "tainted," it is no longer considered "origin-clean," and the browser blocks functions that allow you to read its pixel data: This feature protects user privacy by preventing malicious

This feature protects user privacy by preventing malicious websites from "stealing" sensitive images (like bank statements or private photos) that might be cached or authenticated in a user's browser. Without this, a script could draw a private image to a canvas, read its pixels, and send that data to a third-party server. How to Fix It (CORS) cookies - Why is a "tainted canvas" a risk?

: You cannot use toDataURL() , toBlob() , or captureStream() .

Once a canvas is "tainted," it is no longer considered "origin-clean," and the browser blocks functions that allow you to read its pixel data: