| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org> | 2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org> |
| 3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. |
| 4 * Copyright (C) Research In Motion Limited 2011. All rights reserved. | 4 * Copyright (C) Research In Motion Limited 2011. All rights reserved. |
| 5 * | 5 * |
| 6 * Redistribution and use in source and binary forms, with or without | 6 * Redistribution and use in source and binary forms, with or without |
| 7 * modification, are permitted provided that the following conditions | 7 * modification, are permitted provided that the following conditions |
| 8 * are met: | 8 * are met: |
| 9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 92 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement()
; | 92 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement()
; |
| 93 if (!rootElement) | 93 if (!rootElement) |
| 94 return true; | 94 return true; |
| 95 | 95 |
| 96 // Don't allow foreignObject elements or images that are not known to be | 96 // Don't allow foreignObject elements or images that are not known to be |
| 97 // single-origin since these can leak cross-origin information. | 97 // single-origin since these can leak cross-origin information. |
| 98 ComposedTreeWalker walker(rootElement); | 98 ComposedTreeWalker walker(rootElement); |
| 99 while (Node* node = walker.get()) { | 99 while (Node* node = walker.get()) { |
| 100 if (node->hasTagName(SVGNames::foreignObjectTag)) | 100 if (node->hasTagName(SVGNames::foreignObjectTag)) |
| 101 return false; | 101 return false; |
| 102 if (node->hasTagName(SVGNames::imageTag)) | 102 if (node->hasTagName(SVGNames::imageTag)) { |
| 103 return toSVGImageElement(node)->currentFrameHasSingleSecurityOrigin(
); | 103 if (!toSVGImageElement(node)->currentFrameHasSingleSecurityOrigin()) |
| 104 if (node->hasTagName(SVGNames::feImageTag)) | 104 return false; |
| 105 return toSVGFEImageElement(node)->currentFrameHasSingleSecurityOrigi
n(); | 105 } else if (node->hasTagName(SVGNames::feImageTag)) { |
| 106 if (!toSVGFEImageElement(node)->currentFrameHasSingleSecurityOrigin(
)) |
| 107 return false; |
| 108 } |
| 106 walker.next(); | 109 walker.next(); |
| 107 } | 110 } |
| 108 | 111 |
| 109 // Because SVG image rendering disallows external resources and links, these | 112 // Because SVG image rendering disallows external resources and links, these |
| 110 // images effectively are restricted to a single security origin. | 113 // images effectively are restricted to a single security origin. |
| 111 return true; | 114 return true; |
| 112 } | 115 } |
| 113 | 116 |
| 114 void SVGImage::setContainerSize(const IntSize& size) | 117 void SVGImage::setContainerSize(const IntSize& size) |
| 115 { | 118 { |
| (...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 410 | 413 |
| 411 return m_page; | 414 return m_page; |
| 412 } | 415 } |
| 413 | 416 |
| 414 String SVGImage::filenameExtension() const | 417 String SVGImage::filenameExtension() const |
| 415 { | 418 { |
| 416 return "svg"; | 419 return "svg"; |
| 417 } | 420 } |
| 418 | 421 |
| 419 } | 422 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 163573003:
Require the entire document-tree of an SVGImage to be single-origin (Closed)
Base URL: svn://svn.chromium.org/blink/trunk
