This is a web application

  1. It loads 3 images from another domain under my control, s3-clone.heroku.com

  2. Stiches them in a canvas

  3. Manipulates the existing pixels

  4. And calls canvas.toDataUrl without a Browser Security Error. Read this blog post to see how

Here is canvas.toDataUrl

And canvas.toDataUrl dumped in yet another image.