允许 Javascript 对同源图像和启用 cors 的图像执行特殊操作(如在画布上),因为浏览器可以安全地假设这些操作一开始就可以上传到服务器。但是接下来就复杂了...
我无法访问任何跨站点托管图像的二进制数据。
是的,一般来说,你不能这样做是非常重要的。更重要的是,你不能用书签做你想做的事。
你不能用画布做到这一点,因为这里的 cors 规则很严格(有充分的理由!)
简而言之,一般的推理几乎完全相同。浏览器处于独特的安全位置:互联网上的一个随机页面可以向您显示您的私人信息,例如假设图像 C:\MyPhotos\privateImage1.jpg,假设它可以猜测该文件路径。
But that webpage is most certainly not allowed to do anything with that file other than show it to you. It can't read the binary information (EXIF information or pixel information). JavaScript is not allowed to know what that image looks like or nearly any data associated with it.
If it was able to figure that out, a random webpage would be able to try a bunch of file paths and maybe come across an image on your hard drive, and then upload the binary data of that image to a server, in effect stealing your private image.
A browser extension would be far more suited to this task than a (JavaScript) bookmarklet because of this.