diff options
author | Michal Klocek <michal.klocek@qt.io> | 2018-08-10 12:22:39 +0200 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2018-08-10 14:46:08 +0000 |
commit | e8b9ae61d0fc8123da8170dc8b4bdc561dcb7e32 (patch) | |
tree | ae677e6516800a92238035723c0d7437a4d0c699 /chromium/third_party/WebKit/Source/core/html/media/HTMLMediaElement.h | |
parent | 0cce345ee0781cda8effabf7521b9a3653c6674e (diff) |
defeat cors attacks on audio/video tags
Neutralize error messages and fire no progress events
until media metadata has been loaded for media loaded
from cross-origin locations.
Bug: 828265, 826187
Reviewed-on: https://chromium-review.googlesource.com/1015794
Change-Id: Ie8064f04c606f11bfa88a72b1d5ef82a84bdd409
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/third_party/WebKit/Source/core/html/media/HTMLMediaElement.h')
-rw-r--r-- | chromium/third_party/WebKit/Source/core/html/media/HTMLMediaElement.h | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/chromium/third_party/WebKit/Source/core/html/media/HTMLMediaElement.h b/chromium/third_party/WebKit/Source/core/html/media/HTMLMediaElement.h index 3ce50fb760b..c39178808b6 100644 --- a/chromium/third_party/WebKit/Source/core/html/media/HTMLMediaElement.h +++ b/chromium/third_party/WebKit/Source/core/html/media/HTMLMediaElement.h @@ -258,8 +258,8 @@ class CORE_EXPORT HTMLMediaElement using HTMLElement::GetExecutionContext; bool HasSingleSecurityOrigin() const { - return GetWebMediaPlayer() && - GetWebMediaPlayer()->HasSingleSecurityOrigin(); + return GetWebMediaPlayer() ? GetWebMediaPlayer()->HasSingleSecurityOrigin() + : true; } bool IsFullscreen() const; @@ -342,6 +342,12 @@ class CORE_EXPORT HTMLMediaElement InsertionNotificationRequest InsertedInto(ContainerNode*) override; void RemovedFrom(ContainerNode*) override; + // Return true if media is cross origin from the current document + // and has not passed a cors check, meaning that we should return + // as little information as possible about it. + + bool MediaShouldBeOpaque() const; + void DidMoveToNewDocument(Document& old_document) override; virtual KURL PosterImageURL() const { return KURL(); } |