Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(208)

Issue 1036323002: Add a 'crossorigin' attribute on <svg:use>.

Created:
5 years, 9 months ago by Erik Dahlström (inactive)
Modified:
5 years, 7 months ago
Reviewers:
pdr.
CC:
blink-reviews, krit, ed+blinkwatch_opera.com, f(malita), fs, gavinp+loader_chromium.org, gyuyoung.kim_webkit.org, Nate Chapin, kouhei+svg_chromium.org, pdr+svgwatchlist_chromium.org, rwlbuis, Stephen Chennney, tyoshino+watch_chromium.org, Yoav Weiss
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Add a 'crossorigin' attribute on <svg:use>. This requires some updates to the svg spec. The newly added 'crossorigin' attribute is a 'CORS settings attribute' (as defined by HTML5). BUG=470601

Patch Set 1 #

Patch Set 2 : add tests, add crossOrigin in IDL files #

Patch Set 3 : make it xml version=1.0 then #

Patch Set 4 : add expectations #

Total comments: 2

Patch Set 5 : make CSSSVGDocumentValue use same-origin for now #

Unified diffs Side-by-side diffs Delta from patch set Stats (+320 lines, -16 lines) Patch
A LayoutTests/http/tests/security/filter-cors-allow-origin.html View 1 2 3 4 1 chunk +19 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/filter-cors-allow-origin-expected.html View 1 2 3 4 1 chunk +16 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/filter-cors-disallow-origin.html View 1 2 3 4 1 chunk +19 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/filter-cors-disallow-origin-expected.html View 1 2 3 4 1 chunk +16 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/resources/circle.svg View 1 2 1 chunk +6 lines, -0 lines 0 comments Download
A + LayoutTests/http/tests/security/resources/cors-svg.php View 1 1 chunk +11 lines, -2 lines 0 comments Download
A LayoutTests/http/tests/security/resources/filters.svg View 1 2 3 4 1 chunk +10 lines, -0 lines 0 comments Download
A + LayoutTests/http/tests/security/resources/svg-image-access-control.php View 1 2 3 4 1 chunk +1 line, -1 line 0 comments Download
A + LayoutTests/http/tests/security/svg-image-crossorigin-no-credentials-prompt.html View 1 3 chunks +6 lines, -4 lines 0 comments Download
A + LayoutTests/http/tests/security/svg-image-crossorigin-no-credentials-prompt-expected.txt View 1 1 chunk +4 lines, -4 lines 0 comments Download
A + LayoutTests/http/tests/security/svg-image-crossorigin-redirect-no-cors.html View 1 1 chunk +2 lines, -2 lines 0 comments Download
A + LayoutTests/http/tests/security/svg-image-crossorigin-redirect-no-cors-expected.txt View 1 0 chunks +-1 lines, --1 lines 0 comments Download
A LayoutTests/http/tests/security/svg-image-loads-same-origin.html View 1 1 chunk +16 lines, -0 lines 0 comments Download
A + LayoutTests/http/tests/security/svg-image-loads-same-origin-expected.txt View 1 0 chunks +-1 lines, --1 lines 0 comments Download
A LayoutTests/http/tests/security/svg-image-no-crossorigin-attribute.html View 1 1 chunk +25 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/svg-image-no-crossorigin-attribute-expected.txt View 1 1 chunk +4 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/svg-use-crossorigin-fails-cross-origin.html View 1 1 chunk +24 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/svg-use-crossorigin-fails-cross-origin-expected.txt View 1 1 chunk +5 lines, -0 lines 0 comments Download
A + LayoutTests/http/tests/security/svg-use-crossorigin-no-credentials-prompt.html View 1 3 chunks +6 lines, -4 lines 0 comments Download
A LayoutTests/http/tests/security/svg-use-crossorigin-no-credentials-prompt-expected.txt View 1 1 chunk +8 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/svg-use-no-crossorigin-cors.html View 1 1 chunk +27 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/svg-use-no-crossorigin-cors-expected.txt View 1 1 chunk +6 lines, -0 lines 0 comments Download
A LayoutTests/svg/custom/use-crossorigin-reflection.html View 1 1 chunk +65 lines, -0 lines 0 comments Download
M LayoutTests/virtual/stable/webexposed/global-interface-listing-expected.txt View 1 2 3 4 4 chunks +6 lines, -0 lines 0 comments Download
M LayoutTests/webexposed/global-interface-listing-expected.txt View 1 2 3 4 4 chunks +6 lines, -0 lines 0 comments Download
M Source/core/css/CSSSVGDocumentValue.cpp View 1 2 3 4 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/loader/FrameFetchContext.cpp View 1 2 3 4 2 chunks +1 line, -1 line 0 comments Download
M Source/core/svg/SVGAttributeNames.in View 1 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/svg/SVGImageElement.idl View 1 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/svg/SVGScriptElement.idl View 1 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/svg/SVGUseElement.cpp View 1 2 3 4 1 chunk +8 lines, -0 lines 0 comments Download
M Source/core/svg/SVGUseElement.idl View 1 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 9 (1 generated)
pdr.
CORS can also be sent via the "Access-Control-Allow-Origin" header. I think we want to honor ...
5 years, 8 months ago (2015-03-28 22:10:22 UTC) #2
Erik Dahlström (inactive)
On 2015/03/28 22:10:22, pdr wrote: > CORS can also be sent via the "Access-Control-Allow-Origin" header. ...
5 years, 8 months ago (2015-03-30 08:10:13 UTC) #3
pdr.
On 2015/03/30 at 08:10:13, ed wrote: > On 2015/03/28 22:10:22, pdr wrote: > > CORS ...
5 years, 8 months ago (2015-03-30 17:21:13 UTC) #4
Erik Dahlström (inactive)
On 2015/03/30 17:21:13, pdr wrote: > On 2015/03/30 at 08:10:13, ed wrote: > > On ...
5 years, 8 months ago (2015-03-31 10:59:21 UTC) #5
Erik Dahlström (inactive)
On 2015/03/31 10:59:21, Erik Dahlström wrote: > On 2015/03/30 17:21:13, pdr wrote: > > On ...
5 years, 7 months ago (2015-04-28 14:26:40 UTC) #6
pdr.
On 2015/04/28 at 14:26:40, ed wrote: > On 2015/03/31 10:59:21, Erik Dahlström wrote: > > ...
5 years, 7 months ago (2015-04-28 17:13:25 UTC) #7
fs
https://codereview.chromium.org/1036323002/diff/60001/Source/core/loader/FrameFetchContext.cpp File Source/core/loader/FrameFetchContext.cpp (right): https://codereview.chromium.org/1036323002/diff/60001/Source/core/loader/FrameFetchContext.cpp#newcode411 Source/core/loader/FrameFetchContext.cpp:411: case Resource::SVGDocument: This type is used for external references ...
5 years, 7 months ago (2015-04-29 08:02:14 UTC) #8
Erik Dahlström (inactive)
5 years, 7 months ago (2015-05-05 13:57:31 UTC) #9
https://codereview.chromium.org/1036323002/diff/60001/Source/core/loader/Fram...
File Source/core/loader/FrameFetchContext.cpp (right):

https://codereview.chromium.org/1036323002/diff/60001/Source/core/loader/Fram...
Source/core/loader/FrameFetchContext.cpp:411: case Resource::SVGDocument:
On 2015/04/29 08:02:14, fs wrote:
> This type is used for external references from -webkit-filter too, could you
> check that the request is setup correctly there too (I guess that should still
> be SO-only.)
> 
> core/css/CSSSVGDocumentValue.cpp

Right you are, and yes, let's restrict this to same-origin for now.

Powered by Google App Engine
This is Rietveld 408576698