Canvas — Tainted

: Attempting to use getImageData() will throw a SecurityError .

Once a canvas is "tainted," it is no longer considered "origin-clean," and the browser blocks functions that allow you to read its pixel data: Tainted Canvas

: You cannot use toDataURL() , toBlob() , or captureStream() . : Attempting to use getImageData() will throw a

A is a security feature in web browsers that prevents the unauthorized extraction of image data from a canvas element . It occurs automatically when an image or video from a different domain (origin) is drawn onto a without proper authorization. Key Effects of Tainting It occurs automatically when an image or video

This feature protects user privacy by preventing malicious websites from "stealing" sensitive images (like bank statements or private photos) that might be cached or authenticated in a user's browser. Without this, a script could draw a private image to a canvas, read its pixels, and send that data to a third-party server. How to Fix It (CORS) cookies - Why is a "tainted canvas" a risk?

: The content remains visible to the user, but it cannot be programmatically read back or saved by scripts. Why It Exists