Index: Source/WebCore/html/canvas/CanvasRenderingContext.cpp |
=================================================================== |
--- Source/WebCore/html/canvas/CanvasRenderingContext.cpp (revision 88897) |
+++ Source/WebCore/html/canvas/CanvasRenderingContext.cpp (working copy) |
@@ -41,53 +41,73 @@ |
{ |
} |
-void CanvasRenderingContext::checkOrigin(const CanvasPattern* pattern) |
+bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern) |
{ |
if (canvas()->originClean() && pattern && !pattern->originClean()) |
- canvas()->setOriginTainted(); |
+ return true; |
+ return false; |
} |
-void CanvasRenderingContext::checkOrigin(const HTMLCanvasElement* sourceCanvas) |
+bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas) |
{ |
if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean()) |
- canvas()->setOriginTainted(); |
+ return true; |
+ return false; |
} |
-void CanvasRenderingContext::checkOrigin(const HTMLImageElement* image) |
+bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image) |
{ |
if (!image || !canvas()->originClean()) |
- return; |
+ return false; |
CachedImage* cachedImage = image->cachedImage(); |
- if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) |
- checkOrigin(cachedImage->response().url()); |
+ if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) { |
+ if (wouldTaintOrigin(cachedImage->response().url())) |
+ return true; |
+ } |
- if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin()) |
- canvas()->setOriginTainted(); |
+ if (!cachedImage->image()->hasSingleSecurityOrigin()) |
+ return true; |
+ |
+ return false; |
} |
-void CanvasRenderingContext::checkOrigin(const HTMLVideoElement* video) |
+bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video) |
{ |
#if ENABLE(VIDEO) |
// FIXME: This check is likely wrong when a redirect is involved. We need |
// to test the finalURL. Please be careful when fixing this issue not to |
// make currentSrc be the final URL because then the |
// HTMLMediaElement.currentSrc DOM API would leak redirect destinations! |
- checkOrigin(video->currentSrc()); |
- if (canvas()->originClean() && video && !video->hasSingleSecurityOrigin()) |
- canvas()->setOriginTainted(); |
+ if (!video || !canvas()->originClean()) |
+ return false; |
+ |
+ if (wouldTaintOrigin(video->currentSrc())) |
+ return true; |
+ |
+ if (!video->hasSingleSecurityOrigin()) |
+ return true; |
#endif |
+ |
+ return false; |
} |
-void CanvasRenderingContext::checkOrigin(const KURL& url) |
+bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url) |
{ |
- if (!canvas()->originClean() || m_cleanOrigins.contains(url.string())) |
- return; |
+ if (!canvas()->originClean() || m_cleanURLs.contains(url.string())) |
+ return false; |
if (canvas()->securityOrigin()->taintsCanvas(url)) |
+ return true; |
+ |
+ m_cleanURLs.add(url.string()); |
+ return false; |
+} |
+ |
+void CanvasRenderingContext::checkOrigin(const KURL& url) |
+{ |
+ if (wouldTaintOrigin(url)) |
canvas()->setOriginTainted(); |
- else |
- m_cleanOrigins.add(url.string()); |
} |
} // namespace WebCore |