Operation is insecure in safari

[BradleyVangelder]

I get the error after I execute the canvas.toDataURL('image/jpeg', 1.0) part.

[BradleyVangelder]

@niklasvh Any idea?

[Sciecha]

same problem here

[zhendershot]

Hi there, We're seeing the same thing. We're on html2canvas 1.4.0. A web page (https://www.cruxdigital.com) that works in Chrome & Firefox fails in Safari 15.2. I haven't been able to narrow down the specific elements that cause the canvas to taint, but it's definitely limited to specific URLs and Safari.

We're configured to use a proxy, allowTaint: false, useCORS: false.

[masa526]

Hi. I have the same problem. If the svg file is specified in the url in the background property of CSS, Canvas looks dirty.

body {
    background: url('./hoge.svg');
}

iOS 15.2.1 Safari

@niklasvh Is it possible to exclude these?

[toffifeeIt]

I got the same error when I user background image, I changed it to an tag and it resolved the issue.

[ocaballero05]

I'm using allowTaint:true and useCORS:true. If I use @HitenChawda46's fix above, my issue is resolved.

[trry-hub]

Have you solved your problems. I used allowTaint:true and useCORS:true, but it still doesn't work

[trry-hub]

same problem here

same problem here

[jacknkandy]

https://github.com/niklasvh/html2canvas/issues/2688#issuecomment-1142113750

I got the same error when I user background image, I changed it to an tag and it resolved the issue.

This ended up being the problem for me, but it was difficult to know at first. I didn't even get this error, until I wrapped the canvas.toBlob function in a setTimeout. I was looking at this issue, might be related, but nothing here helped. https://github.com/niklasvh/html2canvas/issues/2864

I tried disabling elements, such as images and SVGs (since reading about CORS related issues, and issues with SVG), but ended up disabling the <head> of the cloned document using the ignoreElements property and was able to generate the canvas image.

html2canvas(mapElement, {
    backgroundColor: null,
    allowTaint: true,
    useCORS: true,
    ignoreElements: (element) => {
        return element.nodeName.toLowerCase() === 'head';
    },
    ...

I finally narrowed it down to importing this Mapbox CSS style sheeet, <link rel='stylesheet' href='https://api.mapbox.com/mapbox-gl-js/v1.6.0/mapbox-gl.css' />

After disabling the lines with background-image e.g.

a.mapboxgl-ctrl-logo{
    width:88px;
    height:23px;
    margin:0 0 -4px -4px;
    display:block;
    background-repeat:no-repeat;
    cursor:pointer;
    overflow:hidden;
    /* background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg width='88' height='23' viewBox='0 0 88 23' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' fill-rule='evenodd'%3E%3Cdefs%3E%3Cpath id='a' d='M11.5 2.25c5.105 0 9.25 4.145 9.25 9.25s-4.145 9.25-9.25 9.25-9.25-4.145-9.25-9.25 4.145-9.25 9.25-9.25zM6.997 15.983c-.051-.338-.828-5.802 2.233-8.873a4.395 4.395 0 013.13-1.28c1.27 0 2.49.51 3.39 1.42.91.9 1.42 2.12 1.42 3.39 0 1.18-.449 2.301-1.28 3.13C12.72 16.93 7 16 7 16l-.003-.017zM15.3 10.5l-2 .8-.8 2-.8-2-2-.8 2-.8.8-2 .8 2 2 .8z'/%3E%3Cpath id='b' d='M50.63 8c.13 0 .23.1.23.23V9c.7-.76 1.7-1.18 2.73-1.18 2.17 0 3.95 1.85 3.95 4.17s-1.77 4.19-3.94 4.19c-1.04 0-2.03-.43-2.74-1.18v3.77c0 .13-.1.23-.23.23h-1.4c-.13 0-.23-.1-.23-.23V8.23c0-.12.1-.23.23-.23h1.4zm-3.86.01c.01 0 .01 0 .01-.01.13 0 .22.1.22.22v7.55c0 .12-.1.23-.23.23h-1.4c-.13 0-.23-.1-.23-.23V15c-.7.76-1.69 1.19-2.73 1.19-2.17 0-3.94-1.87-3.94-4.19 0-2.32 1.77-4.19 3.94-4.19 1.03 0 2.02.43 2.73 1.18v-.75c0-.12.1-.23.23-.23h1.4zm26.375-.19a4.24 4.24 0 00-4.16 3.29c-.13.59-.13 1.19 0 1.77a4.233 4.233 0 004.17 3.3c2.35 0 4.26-1.87 4.26-4.19 0-2.32-1.9-4.17-4.27-4.17zM60.63 5c.13 0 .23.1.23.23v3.76c.7-.76 1.7-1.18 2.73-1.18 1.88 0 3.45 1.4 3.84 3.28.13.59.13 1.2 0 1.8-.39 1.88-1.96 3.29-3.84 3.29-1.03 0-2.02-.43-2.73-1.18v.77c0 .12-.1.23-.23.23h-1.4c-.13 0-.23-.1-.23-.23V5.23c0-.12.1-.23.23-.23h1.4zm-34 11h-1.4c-.13 0-.23-.11-.23-.23V8.22c.01-.13.1-.22.23-.22h1.4c.13 0 .22.11.23.22v.68c.5-.68 1.3-1.09 2.16-1.1h.03c1.09 0 2.09.6 2.6 1.55.45-.95 1.4-1.55 2.44-1.56 1.62 0 2.93 1.25 2.9 2.78l.03 5.2c0 .13-.1.23-.23.23h-1.41c-.13 0-.23-.11-.23-.23v-4.59c0-.98-.74-1.71-1.62-1.71-.8 0-1.46.7-1.59 1.62l.01 4.68c0 .13-.11.23-.23.23h-1.41c-.13 0-.23-.11-.23-.23v-4.59c0-.98-.74-1.71-1.62-1.71-.85 0-1.54.79-1.6 1.8v4.5c0 .13-.1.23-.23.23zm53.615 0h-1.61c-.04 0-.08-.01-.12-.03-.09-.06-.13-.19-.06-.28l2.43-3.71-2.39-3.65a.213.213 0 01-.03-.12c0-.12.09-.21.21-.21h1.61c.13 0 .24.06.3.17l1.41 2.37 1.4-2.37a.34.34 0 01.3-.17h1.6c.04 0 .08.01.12.03.09.06.13.19.06.28l-2.37 3.65 2.43 3.7c0 .05.01.09.01.13 0 .12-.09.21-.21.21h-1.61c-.13 0-.24-.06-.3-.17l-1.44-2.42-1.44 2.42a.34.34 0 01-.3.17zm-7.12-1.49c-1.33 0-2.42-1.12-2.42-2.51 0-1.39 1.08-2.52 2.42-2.52 1.33 0 2.42 1.12 2.42 2.51 0 1.39-1.08 2.51-2.42 2.52zm-19.865 0c-1.32 0-2.39-1.11-2.42-2.48v-.07c.02-1.38 1.09-2.49 2.4-2.49 1.32 0 2.41 1.12 2.41 2.51 0 1.39-1.07 2.52-2.39 2.53zm-8.11-2.48c-.01 1.37-1.09 2.47-2.41 2.47s-2.42-1.12-2.42-2.51c0-1.39 1.08-2.52 2.4-2.52 1.33 0 2.39 1.11 2.41 2.48l.02.08zm18.12 2.47c-1.32 0-2.39-1.11-2.41-2.48v-.06c.02-1.38 1.09-2.48 2.41-2.48s2.42 1.12 2.42 2.51c0 1.39-1.09 2.51-2.42 2.51z'/%3E%3C/defs%3E%3Cmask id='c'%3E%3Crect width='100%25' height='100%25' fill='%23fff'/%3E%3Cuse xlink:href='%23a'/%3E%3Cuse xlink:href='%23b'/%3E%3C/mask%3E%3Cg opacity='.3' stroke='%23000' stroke-width='3'%3E%3Ccircle mask='url(%23c)' cx='11.5' cy='11.5' r='9.25'/%3E%3Cuse xlink:href='%23b' mask='url(%23c)'/%3E%3C/g%3E%3Cg opacity='.9' fill='%23fff'%3E%3Cuse xlink:href='%23a'/%3E%3Cuse xlink:href='%23b'/%3E%3C/g%3E%3C/svg%3E") */
}

I was able to confirm that this was the issue for me. I might have to manually insert the Mapbox logos myself, not sure of a better solution.

[HitenChawda46]

Have you solved your problems. I used allowTaint:true and useCORS:true, but it still doesn't work follow #2911 solution i mentioned, it would solve the issue

[jacknkandy]

https://github.com/niklasvh/html2canvas/issues/2688#issuecomment-1323151347

Have you solved your problems. I used allowTaint:true and useCORS:true, but it still doesn't work follow #2911 solution i mentioned, it would solve the issue

For now I have added the data-html2canvas-ignore attribute to the offending link tag: <link rel='stylesheet' href='https://api.mapbox.com/mapbox-gl-js/v1.6.0/mapbox-gl.css' data-html2canvas-ignore /> And have added a fallback CSS script without the background-image properties. I have to then manually insert the Mapbox logo into my image export as an SVG tag. This I can do but only really helps my use case. A patch for this would be great if #2911 fixes the issue.

[0r0loo]

If you apply an svg image to background-image(css) using the url function, you will get that error.

ex)

❌

const DashedLine = styled.div`
  width: 100%;
  background-repeat: repeat-x;
  background-size: cover;
  height: 2px;
  background-image: url("data:image/svg+xml;utf8,%3Csvg%20xmlns%3D%22http%3A//www.w3.org/2000/svg%22%20width%3D%22304%22%20height%3D%222%22%20viewBox%3D%220%200%20304%202%22%20fill%3D%22none%22%3E%0A%20%20%3Cpath%20d%3D%22M1%201H303%22%20stroke%3D%22%23ADB2CA%22%20stroke-width%3D%222%22%20stroke-linecap%3D%22round%22%20stroke-dasharray%3D%224%206%22/%3E%0A%3C/svg%3E");
`;

🙆

const DashedLine = () => {
  return (
    <svg
      xmlns="http://www.w3.org/2000/svg"
      width="100%"
      height="2"
      viewBox="0 0 280 2"
      preserveAspectRatio="none"
      fill="none"
    >
      <path
        d="M1 1H279"
        stroke="#ADB2CA"
        strokeWidth="2"
        strokeLinecap="round"
        strokeDasharray="4 6"
      />
    </svg>
  );
};