Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(420)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/css/resolver/ElementStyleResources.cpp

Issue 1607733004: Fix crash when using disallowed URLs in image sets for content CSS property (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/css/CSSImageSetValue.cpp ('k') | third_party/WebKit/Source/core/style/ContentData.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. 3 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
4 * Copyright (C) 2013 Google Inc. All rights reserved. 4 * Copyright (C) 2013 Google Inc. All rights reserved.
5 * 5 *
6 * This library is free software; you can redistribute it and/or 6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Library General Public 7 * modify it under the terms of the GNU Library General Public
8 * License as published by the Free Software Foundation; either 8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version. 9 * version 2 of the License, or (at your option) any later version.
10 * 10 *
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
74 } 74 }
75 return StyleGeneratedImage::create(value); 75 return StyleGeneratedImage::create(value);
76 } 76 }
77 77
78 PassRefPtrWillBeRawPtr<StyleImage> ElementStyleResources::setOrPendingFromValue( CSSPropertyID property, const CSSImageSetValue& value) 78 PassRefPtrWillBeRawPtr<StyleImage> ElementStyleResources::setOrPendingFromValue( CSSPropertyID property, const CSSImageSetValue& value)
79 { 79 {
80 if (value.isCachePending(m_deviceScaleFactor)) { 80 if (value.isCachePending(m_deviceScaleFactor)) {
81 m_pendingImageProperties.add(property); 81 m_pendingImageProperties.add(property);
82 return StylePendingImage::create(value); 82 return StylePendingImage::create(value);
83 } 83 }
84 return value.cachedImageSet(m_deviceScaleFactor); 84 return value.cachedImage(m_deviceScaleFactor);
85 } 85 }
86 86
87 PassRefPtrWillBeRawPtr<StyleImage> ElementStyleResources::cachedOrPendingFromVal ue(CSSPropertyID property, const CSSImageValue& value) 87 PassRefPtrWillBeRawPtr<StyleImage> ElementStyleResources::cachedOrPendingFromVal ue(CSSPropertyID property, const CSSImageValue& value)
88 { 88 {
89 if (value.isCachePending()) { 89 if (value.isCachePending()) {
90 m_pendingImageProperties.add(property); 90 m_pendingImageProperties.add(property);
91 return StylePendingImage::create(value); 91 return StylePendingImage::create(value);
92 } 92 }
93 value.restoreCachedResourceIfNeeded(*m_document); 93 value.restoreCachedResourceIfNeeded(*m_document);
94 return value.cachedImage(); 94 return value.cachedImage();
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
142 142
143 if (CSSImageGeneratorValue* imageGeneratorValue = pendingImage->cssImageGene ratorValue()) { 143 if (CSSImageGeneratorValue* imageGeneratorValue = pendingImage->cssImageGene ratorValue()) {
144 imageGeneratorValue->loadSubimages(m_document); 144 imageGeneratorValue->loadSubimages(m_document);
145 return StyleGeneratedImage::create(*imageGeneratorValue); 145 return StyleGeneratedImage::create(*imageGeneratorValue);
146 } 146 }
147 147
148 if (CSSCursorImageValue* cursorImageValue = pendingImage->cssCursorImageValu e()) 148 if (CSSCursorImageValue* cursorImageValue = pendingImage->cssCursorImageValu e())
149 return cursorImageValue->cacheImage(m_document, m_deviceScaleFactor); 149 return cursorImageValue->cacheImage(m_document, m_deviceScaleFactor);
150 150
151 if (CSSImageSetValue* imageSetValue = pendingImage->cssImageSetValue()) 151 if (CSSImageSetValue* imageSetValue = pendingImage->cssImageSetValue())
152 return imageSetValue->cacheImageSet(m_document, m_deviceScaleFactor, cro ssOrigin); 152 return imageSetValue->cacheImage(m_document, m_deviceScaleFactor, crossO rigin);
153 153
154 ASSERT_NOT_REACHED(); 154 ASSERT_NOT_REACHED();
155 return nullptr; 155 return nullptr;
156 } 156 }
157 157
158 void ElementStyleResources::loadPendingImages(ComputedStyle* style) 158 void ElementStyleResources::loadPendingImages(ComputedStyle* style)
159 { 159 {
160 // We must loop over the properties and then look at the style to see if 160 // We must loop over the properties and then look at the style to see if
161 // a pending image exists, and only load that image. For example: 161 // a pending image exists, and only load that image. For example:
162 // 162 //
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
248 } 248 }
249 } 249 }
250 250
251 void ElementStyleResources::loadPendingResources(ComputedStyle* computedStyle) 251 void ElementStyleResources::loadPendingResources(ComputedStyle* computedStyle)
252 { 252 {
253 loadPendingImages(computedStyle); 253 loadPendingImages(computedStyle);
254 loadPendingSVGDocuments(computedStyle); 254 loadPendingSVGDocuments(computedStyle);
255 } 255 }
256 256
257 } 257 }
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/css/CSSImageSetValue.cpp ('k') | third_party/WebKit/Source/core/style/ContentData.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698