OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org> | 2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org> |
3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. |
4 * Copyright (C) Research In Motion Limited 2011. All rights reserved. | 4 * Copyright (C) Research In Motion Limited 2011. All rights reserved. |
5 * | 5 * |
6 * Redistribution and use in source and binary forms, with or without | 6 * Redistribution and use in source and binary forms, with or without |
7 * modification, are permitted provided that the following conditions | 7 * modification, are permitted provided that the following conditions |
8 * are met: | 8 * are met: |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 11 matching lines...) Expand all Loading... | |
22 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | 22 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
23 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 23 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 */ | 26 */ |
27 | 27 |
28 #include "config.h" | 28 #include "config.h" |
29 | 29 |
30 #include "core/svg/graphics/SVGImage.h" | 30 #include "core/svg/graphics/SVGImage.h" |
31 | 31 |
32 #include "core/dom/NodeTraversal.h" | |
32 #include "core/loader/DocumentLoader.h" | 33 #include "core/loader/DocumentLoader.h" |
34 #include "core/page/Chrome.h" | |
33 #include "core/page/FrameView.h" | 35 #include "core/page/FrameView.h" |
34 #include "core/page/Settings.h" | 36 #include "core/page/Settings.h" |
35 #include "core/platform/graphics/GraphicsContextStateSaver.h" | 37 #include "core/platform/graphics/GraphicsContextStateSaver.h" |
36 #include "core/platform/graphics/ImageBuffer.h" | 38 #include "core/platform/graphics/ImageBuffer.h" |
37 #include "core/platform/graphics/ImageObserver.h" | 39 #include "core/platform/graphics/ImageObserver.h" |
38 #include "core/platform/graphics/IntRect.h" | 40 #include "core/platform/graphics/IntRect.h" |
39 #include "core/rendering/style/RenderStyle.h" | 41 #include "core/rendering/style/RenderStyle.h" |
40 #include "core/rendering/svg/RenderSVGRoot.h" | 42 #include "core/rendering/svg/RenderSVGRoot.h" |
41 #include "core/svg/SVGDocument.h" | 43 #include "core/svg/SVGDocument.h" |
44 #include "core/svg/SVGImageElement.h" | |
42 #include "core/svg/SVGSVGElement.h" | 45 #include "core/svg/SVGSVGElement.h" |
43 #include "core/svg/graphics/SVGImageChromeClient.h" | 46 #include "core/svg/graphics/SVGImageChromeClient.h" |
44 #include "wtf/PassRefPtr.h" | 47 #include "wtf/PassRefPtr.h" |
45 | 48 |
46 namespace WebCore { | 49 namespace WebCore { |
47 | 50 |
48 SVGImage::SVGImage(ImageObserver* observer) | 51 SVGImage::SVGImage(ImageObserver* observer) |
49 : Image(observer) | 52 : Image(observer) |
50 { | 53 { |
51 } | 54 } |
52 | 55 |
53 SVGImage::~SVGImage() | 56 SVGImage::~SVGImage() |
54 { | 57 { |
55 if (m_page) { | 58 if (m_page) { |
56 // Store m_page in a local variable, clearing m_page, so that SVGImageCh romeClient knows we're destructed. | 59 // Store m_page in a local variable, clearing m_page, so that SVGImageCh romeClient knows we're destructed. |
57 OwnPtr<Page> currentPage = m_page.release(); | 60 OwnPtr<Page> currentPage = m_page.release(); |
58 currentPage->mainFrame()->loader()->frameDetached(); // Break both the l oader and view references to the frame | 61 currentPage->mainFrame()->loader()->frameDetached(); // Break both the l oader and view references to the frame |
59 } | 62 } |
60 | 63 |
61 // Verify that page teardown destroyed the Chrome | 64 // Verify that page teardown destroyed the Chrome |
62 ASSERT(!m_chromeClient || !m_chromeClient->image()); | 65 ASSERT(!m_chromeClient || !m_chromeClient->image()); |
63 } | 66 } |
64 | 67 |
68 bool SVGImage::isInSVGImage(const Element* element) | |
69 { | |
70 ASSERT(element); | |
71 | |
72 Page* page = element->document()->page(); | |
73 if (!page) | |
74 return false; | |
75 | |
76 ChromeClient* chromeClient = page->chrome().client(); | |
77 return chromeClient && chromeClient->isSVGImageChromeClient(); | |
78 } | |
79 | |
80 bool SVGImage::hasSingleSecurityOrigin() const | |
81 { | |
82 if (!m_page) | |
83 return true; | |
84 | |
85 Frame* frame = m_page->mainFrame(); | |
86 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement() ; | |
87 if (!rootElement) | |
88 return true; | |
89 | |
90 // Don't allow foreignObject elements or images that are not known to be | |
91 // single-origin since these can leak cross-origin information. | |
92 for (Element* element = ElementTraversal::firstWithin(rootElement); element; element = ElementTraversal::next(element, rootElement)) { | |
abarth-chromium
2013/08/12 19:47:44
Does this traverse shadow DOM?
pdr.
2013/08/19 23:16:17
Fortunately, custom elements cannot be created dec
| |
93 if (element->hasTagName(SVGNames::foreignObjectTag)) | |
94 return false; | |
95 // FIXME(crbug.com/249037): Images should be allowed but the | |
96 // implementation is difficult because images can have animations which | |
97 // cause them to dynamically change their single-origin state. | |
98 if (element->hasTagName(SVGNames::imageTag)) | |
99 return false; | |
100 if (element->hasTagName(SVGNames::feImageTag)) | |
Tom Sepez
2013/08/15 17:53:59
I worry about folks introducing a new element type
pdr.
2013/08/19 23:16:17
I think this will actually end up being prohibitiv
| |
101 return false; | |
102 } | |
103 | |
104 // Because SVG image rendering disallows external resources and links, these | |
105 // images effectively are restricted to a single security origin. | |
106 return true; | |
107 } | |
108 | |
65 void SVGImage::setContainerSize(const IntSize& size) | 109 void SVGImage::setContainerSize(const IntSize& size) |
66 { | 110 { |
67 if (!m_page || !usesContainerSize()) | 111 if (!m_page || !usesContainerSize()) |
68 return; | 112 return; |
69 | 113 |
70 Frame* frame = m_page->mainFrame(); | 114 Frame* frame = m_page->mainFrame(); |
71 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement() ; | 115 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement() ; |
72 if (!rootElement) | 116 if (!rootElement) |
73 return; | 117 return; |
74 RenderSVGRoot* renderer = toRenderSVGRoot(rootElement->renderer()); | 118 RenderSVGRoot* renderer = toRenderSVGRoot(rootElement->renderer()); |
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
364 return m_page; | 408 return m_page; |
365 } | 409 } |
366 | 410 |
367 String SVGImage::filenameExtension() const | 411 String SVGImage::filenameExtension() const |
368 { | 412 { |
369 return "svg"; | 413 return "svg"; |
370 } | 414 } |
371 | 415 |
372 } | 416 } |
373 | 417 |
OLD | NEW |