diff options
Diffstat (limited to 'chromium/third_party/WebKit/Source/core/html/canvas/CanvasRenderingContext.cpp')
-rw-r--r-- | chromium/third_party/WebKit/Source/core/html/canvas/CanvasRenderingContext.cpp | 87 |
1 files changed, 21 insertions, 66 deletions
diff --git a/chromium/third_party/WebKit/Source/core/html/canvas/CanvasRenderingContext.cpp b/chromium/third_party/WebKit/Source/core/html/canvas/CanvasRenderingContext.cpp index 47a0e616efb..9e5dd350d8f 100644 --- a/chromium/third_party/WebKit/Source/core/html/canvas/CanvasRenderingContext.cpp +++ b/chromium/third_party/WebKit/Source/core/html/canvas/CanvasRenderingContext.cpp @@ -26,10 +26,7 @@ #include "config.h" #include "core/html/canvas/CanvasRenderingContext.h" -#include "core/fetch/ImageResource.h" -#include "core/html/HTMLImageElement.h" -#include "core/html/HTMLVideoElement.h" -#include "core/html/canvas/CanvasPattern.h" +#include "core/html/canvas/CanvasImageSource.h" #include "platform/weborigin/SecurityOrigin.h" namespace WebCore { @@ -37,72 +34,30 @@ namespace WebCore { CanvasRenderingContext::CanvasRenderingContext(HTMLCanvasElement* canvas) : m_canvas(canvas) { - ScriptWrappable::init(this); -} - -bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern) -{ - if (canvas()->originClean() && pattern && !pattern->originClean()) - return true; - return false; -} - -bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas) -{ - if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean()) - return true; - return false; -} - -bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image) -{ - if (!image || !canvas()->originClean()) - return false; - - ImageResource* cachedImage = image->cachedImage(); - if (!cachedImage->image()->currentFrameHasSingleSecurityOrigin()) - return true; - - return wouldTaintOrigin(cachedImage->response().url()) && !cachedImage->passesAccessControlCheck(canvas()->securityOrigin()); -} - -bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video) -{ - // FIXME: This check is likely wrong when a redirect is involved. We need - // to test the finalURL. Please be careful when fixing this issue not to - // make currentSrc be the final URL because then the - // HTMLMediaElement.currentSrc DOM API would leak redirect destinations! - if (!video || !canvas()->originClean()) - return false; - - if (!video->hasSingleSecurityOrigin()) - return true; - - if (!(video->player() && video->player()->didPassCORSAccessCheck()) && wouldTaintOrigin(video->currentSrc())) - return true; - - return false; -} - -bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url) -{ - if (!canvas()->originClean() || m_cleanURLs.contains(url.string())) - return false; - - if (canvas()->securityOrigin()->taintsCanvas(url)) - return true; - - if (url.protocolIsData()) - return false; - m_cleanURLs.add(url.string()); - return false; } -void CanvasRenderingContext::checkOrigin(const KURL& url) +bool CanvasRenderingContext::wouldTaintOrigin(CanvasImageSource* imageSource) { - if (wouldTaintOrigin(url)) - canvas()->setOriginTainted(); + const KURL& sourceURL = imageSource->sourceURL(); + bool hasURL = (sourceURL.isValid() && !sourceURL.isAboutBlankURL()); + + if (hasURL) { + if (sourceURL.protocolIsData() || m_cleanURLs.contains(sourceURL.string())) + return false; + if (m_dirtyURLs.contains(sourceURL.string())) + return true; + } + + bool taintOrigin = imageSource->wouldTaintOrigin(canvas()->securityOrigin()); + + if (hasURL) { + if (taintOrigin) + m_dirtyURLs.add(sourceURL.string()); + else + m_cleanURLs.add(sourceURL.string()); + } + return taintOrigin; } } // namespace WebCore |