"The image argument is not origin-clean" check allows tainted ImageBitmaps

[Ms2ger]

https://html.spec.whatwg.org/multipage/canvas.html#the-image-argument-is-not-origin-clean

The image argument is not origin-clean if it is an HTMLOrSVGImageElement or HTMLVideoElement whose origin is not the same as the origin specified by the entry settings object, or if it is an HTMLCanvasElement whose bitmap's origin-clean flag is false.

In particular, it doesn't check for ImageBitmap arguments, so the following doesn't taint the canvas:

createImageBitmap(crossOriginVideo).then(bitmap => ctx.drawImage(bitmap))

[annevk]

I wish there was a more sound approach we could use than forwarding bits across objects.

[Ms2ger]

Perhaps a switch across the possible types of the image argument would at least make it obvious that ImageBitmap was forgotten.

[annevk]

OffScreenCanvas is also missing from this list (and a similar list slightly higher up).

[annevk]

@junov as far as I can tell OffscreenCanvasRenderingContext2D has an origin-clean bit, but OffscreenCanvas itself does not?