Tainted — Canvas

Once a canvas is "tainted," it is no longer considered "origin-clean," and the browser blocks functions that allow you to read its pixel data:

: Attempting to use getImageData() will throw a SecurityError . Tainted Canvas

: The content remains visible to the user, but it cannot be programmatically read back or saved by scripts. Why It Exists Once a canvas is "tainted," it is no

This feature protects user privacy by preventing malicious websites from "stealing" sensitive images (like bank statements or private photos) that might be cached or authenticated in a user's browser. Without this, a script could draw a private image to a canvas, read its pixels, and send that data to a third-party server. How to Fix It (CORS) cookies - Why is a "tainted canvas" a risk? Without this, a script could draw a private

Tainted Canvas Tainted Canvas