1 files changed, 21 insertions, 66 deletions
diff --git a/chromium/third_party/WebKit/Source/core/html/canvas/CanvasRenderingContext.cpp b/chromium/third_party/WebKit/Source/core/html/canvas/CanvasRenderingContext.cpp
index 47a0e616efb..9e5dd350d8f 100644
--- a/chromium/third_party/WebKit/Source/core/html/canvas/CanvasRenderingContext.cpp
+++ b/chromium/third_party/WebKit/Source/core/html/canvas/CanvasRenderingContext.cpp
@@ -26,10 +26,7 @@
 #include "config.h"
 #include "core/html/canvas/CanvasRenderingContext.h"
 
-#include "core/fetch/ImageResource.h"
-#include "core/html/HTMLImageElement.h"
-#include "core/html/HTMLVideoElement.h"
-#include "core/html/canvas/CanvasPattern.h"
+#include "core/html/canvas/CanvasImageSource.h"
 #include "platform/weborigin/SecurityOrigin.h"
 
 namespace WebCore {
@@ -37,72 +34,30 @@ namespace WebCore {
 CanvasRenderingContext::CanvasRenderingContext(HTMLCanvasElement* canvas)
     : m_canvas(canvas)
 {
-    ScriptWrappable::init(this);
-}
-
-bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern)
-{
-    if (canvas()->originClean() && pattern && !pattern->originClean())
-        return true;
-    return false;
-}
-
-bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas)
-{
-    if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean())
-        return true;
-    return false;
-}
-
-bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image)
-{
-    if (!image || !canvas()->originClean())
-        return false;
-
-    ImageResource* cachedImage = image->cachedImage();
-    if (!cachedImage->image()->currentFrameHasSingleSecurityOrigin())
-        return true;
-
-    return wouldTaintOrigin(cachedImage->response().url()) && !cachedImage->passesAccessControlCheck(canvas()->securityOrigin());
-}
-
-bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video)
-{
-    // FIXME: This check is likely wrong when a redirect is involved. We need
-    // to test the finalURL. Please be careful when fixing this issue not to
-    // make currentSrc be the final URL because then the
-    // HTMLMediaElement.currentSrc DOM API would leak redirect destinations!
-    if (!video || !canvas()->originClean())
-        return false;
-
-    if (!video->hasSingleSecurityOrigin())
-        return true;
-
-    if (!(video->player() && video->player()->didPassCORSAccessCheck()) && wouldTaintOrigin(video->currentSrc()))
-        return true;
-
-    return false;
-}
-
-bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url)
-{
-    if (!canvas()->originClean() || m_cleanURLs.contains(url.string()))
-        return false;
-
-    if (canvas()->securityOrigin()->taintsCanvas(url))
-        return true;
-
-    if (url.protocolIsData())
-        return false;
 
-    m_cleanURLs.add(url.string());
-    return false;
 }
 
-void CanvasRenderingContext::checkOrigin(const KURL& url)
+bool CanvasRenderingContext::wouldTaintOrigin(CanvasImageSource* imageSource)
 {
-    if (wouldTaintOrigin(url))
-        canvas()->setOriginTainted();
+    const KURL& sourceURL = imageSource->sourceURL();
+    bool hasURL = (sourceURL.isValid() && !sourceURL.isAboutBlankURL());
+
+    if (hasURL) {
+        if (sourceURL.protocolIsData() || m_cleanURLs.contains(sourceURL.string()))
+            return false;
+        if (m_dirtyURLs.contains(sourceURL.string()))
+            return true;
+    }
+
+    bool taintOrigin = imageSource->wouldTaintOrigin(canvas()->securityOrigin());
+
+    if (hasURL) {
+        if (taintOrigin)
+            m_dirtyURLs.add(sourceURL.string());
+        else
+            m_cleanURLs.add(sourceURL.string());
+    }
+    return taintOrigin;
 }
 
 } // namespace WebCore