Use union type in ImageBitmapFactories.idl

third_party/WebKit/Source/core/imagebitmap/ImageBitmapFactories.cpp

Index: third_party/WebKit/Source/core/imagebitmap/ImageBitmapFactories.cpp
diff --git a/third_party/WebKit/Source/core/imagebitmap/ImageBitmapFactories.cpp b/third_party/WebKit/Source/core/imagebitmap/ImageBitmapFactories.cpp
index 284ba8f369a642b02aae543b614af4972271e9bf..e6375f060b0fdc819ffeedfd7f2c1f580cea1c50 100644
--- a/third_party/WebKit/Source/core/imagebitmap/ImageBitmapFactories.cpp
+++ b/third_party/WebKit/Source/core/imagebitmap/ImageBitmapFactories.cpp
@@ -37,13 +37,13 @@
 #include "core/fileapi/Blob.h"
 #include "core/frame/ImageBitmap.h"
 #include "core/frame/LocalDOMWindow.h"
+#include "core/html/HTMLCanvasElement.h"
+#include "core/html/HTMLImageElement.h"
+#include "core/html/HTMLVideoElement.h"
 #include "core/html/ImageData.h"
 #include "core/workers/WorkerGlobalScope.h"
 #include "platform/SharedBuffer.h"
 #include "platform/graphics/ImageSource.h"
-#include "platform/graphics/StaticBitmapImage.h"
-#include "public/platform/WebSize.h"
-#include "third_party/skia/include/core/SkImage.h"
 #include <v8.h>
 
 namespace blink {
@@ -60,59 +60,135 @@ static ScriptPromise fulfillImageBitmap(ScriptState* scriptState, PassRefPtrWill
     return promise;
 }
 
-ScriptPromise ImageBitmapFactories::createImageBitmap(ScriptState* scriptState, EventTarget& eventTarget, Blob* blob, ExceptionState& exceptionState)
+static inline ImageBitmapSource* toImageBitmapSourceInternal(const ImageBitmapSourceUnion& value)
 {
-    ImageBitmapLoader* loader = ImageBitmapFactories::ImageBitmapLoader::create(from(eventTarget), IntRect(), scriptState);
-    ScriptPromise promise = loader->promise();
-    from(eventTarget).addLoader(loader);
-    loader->loadBlobAsync(eventTarget.executionContext(), blob);
-    return promise;
+    if (value.isHTMLImageElement())
+        return value.getAsHTMLImageElement().get();
+    if (value.isHTMLVideoElement())
+        return value.getAsHTMLVideoElement().get();
+    if (value.isHTMLCanvasElement())
+        return value.getAsHTMLCanvasElement().get();
+    if (value.isBlob())
+        return value.getAsBlob();
+    if (value.isImageData())
+        return value.getAsImageData();
+    if (value.isImageBitmap())
+        return value.getAsImageBitmap().get();
+    ASSERT_NOT_REACHED();
+    return nullptr;
 }
 
-ScriptPromise ImageBitmapFactories::createImageBitmap(ScriptState* scriptState, EventTarget& eventTarget, Blob* blob, int sx, int sy, int sw, int sh, ExceptionState& exceptionState)
+ScriptPromise ImageBitmapFactories::createImageBitmap(ScriptState* scriptState, EventTarget& eventTarget, const ImageBitmapSourceUnion& bitmapSource, ExceptionState& exceptionState)
 {
-    if (!sw || !sh) {
-        exceptionState.throwDOMException(IndexSizeError, String::format("The source %s provided is 0.", sw ? "height" : "width"));
-        return ScriptPromise();
+    ImageBitmapSource* bitmapSourceInternal = toImageBitmapSourceInternal(bitmapSource);
+    if (bitmapSourceInternal->isBlob()) {
+        return createImageBitmap(scriptState, eventTarget, bitmapSourceInternal, 0, 0, 1, 1, exceptionState);
     }
-    ImageBitmapLoader* loader = ImageBitmapFactories::ImageBitmapLoader::create(from(eventTarget), IntRect(sx, sy, sw, sh), scriptState);
-    ScriptPromise promise = loader->promise();
-    from(eventTarget).addLoader(loader);
-    loader->loadBlobAsync(eventTarget.executionContext(), blob);
-    return promise;
+    IntSize srcSize = bitmapSourceInternal->bitmapSourceSize();
+    return createImageBitmap(scriptState, eventTarget, bitmapSourceInternal, 0, 0, srcSize.width(), srcSize.height(), exceptionState);
 }
 
-ScriptPromise ImageBitmapFactories::createImageBitmap(ScriptState* scriptState, EventTarget& eventTarget, ImageData* data, ExceptionState& exceptionState)
+ScriptPromise ImageBitmapFactories::createImageBitmap(ScriptState* scriptState, EventTarget& eventTarget, const ImageBitmapSourceUnion& bitmapSource, int sx, int sy, int sw, int sh, ExceptionState& exceptionState)
 {
-    return createImageBitmap(scriptState, eventTarget, data, 0, 0, data->width(), data->height(), exceptionState);
+    ImageBitmapSource* bitmapSourceInternal = toImageBitmapSourceInternal(bitmapSource);
+    return createImageBitmap(scriptState, eventTarget, bitmapSourceInternal, sx, sy, sw, sh, exceptionState);
 }
 
-ScriptPromise ImageBitmapFactories::createImageBitmap(ScriptState* scriptState, EventTarget& eventTarget, ImageData* data, int sx, int sy, int sw, int sh, ExceptionState& exceptionState)
+ScriptPromise ImageBitmapFactories::createImageBitmap(ScriptState* scriptState, EventTarget& eventTarget, ImageBitmapSource* bitmapSource, int sx, int sy, int sw, int sh, ExceptionState& exceptionState)
 {
-    if (!sw || !sh) {
-        exceptionState.throwDOMException(IndexSizeError, String::format("The source %s provided is 0.", sw ? "height" : "width"));
-        return ScriptPromise();
+    if (bitmapSource->isHTMLImageElement()) {

[Justin Novosad, 2015/11/24 17:03:13]

This would be a good place to use polymorphism. Something like
bitmapSource->createImageBitmap(...)  And you could get rid of  is* methods on
ImageBitmapSource

[xidachen, 2015/11/25 17:01:54]

This has been done, but with exception of the case  when it is Blob.

+        ASSERT(eventTarget.toDOMWindow());
+        HTMLImageElement* image = static_cast<HTMLImageElement*>(bitmapSource);
+        if (!image->cachedImage()) {
+            exceptionState.throwDOMException(InvalidStateError, "No image can be retrieved from the provided element.");
+            return ScriptPromise();
+        }
+        if (image->cachedImage()->image()->isSVGImage()) {
+            exceptionState.throwDOMException(InvalidStateError, "The image element contains an SVG image, which is unsupported.");
+            return ScriptPromise();
+        }
     }
-    if (data->data()->bufferBase()->isNeutered()) {
-        exceptionState.throwDOMException(InvalidStateError, "The source data has been neutered.");
-        return ScriptPromise();
+
+    if (bitmapSource->isHTMLVideoElement()) {
+        ASSERT(eventTarget.toDOMWindow());
+        HTMLVideoElement* video = static_cast<HTMLVideoElement*>(bitmapSource);
+        if (video->networkState() == HTMLMediaElement::NETWORK_EMPTY) {
+            exceptionState.throwDOMException(InvalidStateError, "The provided element has not retrieved data.");
+            return ScriptPromise();
+        }
+        if (video->readyState() <= HTMLMediaElement::HAVE_METADATA) {
+            exceptionState.throwDOMException(InvalidStateError, "The provided element's player has no current data.");
+            return ScriptPromise();
+        }
     }
-    // FIXME: make ImageBitmap creation asynchronous crbug.com/258082
-    return fulfillImageBitmap(scriptState, ImageBitmap::create(data, IntRect(sx, sy, sw, sh)));
-}
 
-ScriptPromise ImageBitmapFactories::createImageBitmap(ScriptState* scriptState, EventTarget& eventTarget, ImageBitmap* bitmap, ExceptionState& exceptionState)
-{
-    return createImageBitmap(scriptState, eventTarget, bitmap, 0, 0, bitmap->width(), bitmap->height(), exceptionState);
-}
+    if (bitmapSource->isCanvasElement()) {
+        ASSERT(eventTarget.toDOMWindow());
+        HTMLCanvasElement* canvas = static_cast<HTMLCanvasElement*>(bitmapSource);
+        if (!canvas->originClean()) {
+            exceptionState.throwSecurityError("The canvas element provided is tainted with cross-origin data.");
+            return ScriptPromise();
+        }
+    }
 
-ScriptPromise ImageBitmapFactories::createImageBitmap(ScriptState* scriptState, EventTarget& eventTarget, ImageBitmap* bitmap, int sx, int sy, int sw, int sh, ExceptionState& exceptionState)
-{
     if (!sw || !sh) {
         exceptionState.throwDOMException(IndexSizeError, String::format("The source %s provided is 0.", sw ? "height" : "width"));
         return ScriptPromise();
     }
-    // FIXME: make ImageBitmap creation asynchronous crbug.com/258082
+
+    if (bitmapSource->isBlob()) {
+        Blob* blob = static_cast<Blob*>(bitmapSource);
+        ImageBitmapLoader* loader = ImageBitmapFactories::ImageBitmapLoader::create(from(eventTarget), IntRect(sx, sy, sw, sh), scriptState);
+        ScriptPromise promise = loader->promise();
+        from(eventTarget).addLoader(loader);
+        loader->loadBlobAsync(eventTarget.executionContext(), blob);
+        return promise;
+    }
+
+    if (bitmapSource->isImageData()) {
+        ImageData* data = static_cast<ImageData*>(bitmapSource);
+        if (data->data()->bufferBase()->isNeutered()) {
+            exceptionState.throwDOMException(InvalidStateError, "The source data has been neutered.");
+            return ScriptPromise();
+        }
+        return fulfillImageBitmap(scriptState, ImageBitmap::create(data, IntRect(sx, sy, sw, sh)));
+    }
+
+    if (bitmapSource->isHTMLImageElement()) {
+        HTMLImageElement* image = static_cast<HTMLImageElement*>(bitmapSource);
+        if (!image->cachedImage()->image()->currentFrameHasSingleSecurityOrigin()) {
+            exceptionState.throwSecurityError("The source image contains image data from multiple origins.");

[Justin Novosad, 2015/11/24 17:03:13]

The security model is wrong here. Please file a bug so we can follow-up on this
in a later patch. ImageBitmap creation with cross-origin content is meant to
succeed, but it should taint the image bitmap, by setting its origin clean flag
to false. And the tainting should propagate to an eventual canvas to with the
imageBitmap would be drawn.

[xidachen, 2015/11/25 17:01:54]

Could you give me the link to the specs so that I can file a bug?
What I saw here: https://html.spec.whatwg.org/#imagebitmapfactories, says:
If the origin of the img element's image is not the same origin as the origin
specified by the entry settings object, then return a promise rejected with a
SecurityError exception and abort these steps.

+            return ScriptPromise();
+        }
+        Document* document = eventTarget.toDOMWindow()->document();
+        if (!image->cachedImage()->passesAccessControlCheck(document->securityOrigin()) && document->securityOrigin()->taintsCanvas(image->src())) {
+            exceptionState.throwSecurityError("Cross-origin access to the source image is denied.");
+            return ScriptPromise();
+        }
+        return fulfillImageBitmap(scriptState, ImageBitmap::create(image, IntRect(sx, sy, sw, sh)));
+    }
+
+    if (bitmapSource->isHTMLVideoElement()) {
+        HTMLVideoElement* video = static_cast<HTMLVideoElement*>(bitmapSource);
+        if (!video->hasSingleSecurityOrigin()) {
+            exceptionState.throwSecurityError("The source video contains image data from multiple origins.");

[Justin Novosad, 2015/11/24 17:03:13]

Same here

+            return ScriptPromise();
+        }
+        if (!video->webMediaPlayer()->didPassCORSAccessCheck()
+            && eventTarget.toDOMWindow()->document()->securityOrigin()->taintsCanvas(video->currentSrc())) {
+            exceptionState.throwSecurityError("Cross-origin access to the source video is denied.");
+            return ScriptPromise();
+        }
+        return fulfillImageBitmap(scriptState, ImageBitmap::create(video, IntRect(sx, sy, sw, sh)));
+    }
+
+    if (bitmapSource->isCanvasElement()) {
+        HTMLCanvasElement* canvas = static_cast<HTMLCanvasElement*>(bitmapSource);
+        return fulfillImageBitmap(scriptState, canvas->isPaintable() ? ImageBitmap::create(canvas, IntRect(sx, sy, sw, sh)) : nullptr);
+    }
+
+    // Every type has been taken care of except ImageBitmap
+    ImageBitmap* bitmap = static_cast<ImageBitmap*>(bitmapSource);
     return fulfillImageBitmap(scriptState, ImageBitmap::create(bitmap, IntRect(sx, sy, sw, sh)));
 }