Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(298)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/svg/graphics/SVGImage.cpp

Issue 22604008: Allow SVG images to not taint the canvas with drawImage/drawPattern (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« Source/core/html/HTMLImageElement.cpp ('K') | « Source/core/svg/graphics/SVGImage.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org> 2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org>
3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. 3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
4 * Copyright (C) Research In Motion Limited 2011. All rights reserved. 4 * Copyright (C) Research In Motion Limited 2011. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 11 matching lines...) Expand all
22 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 22 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
23 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */ 26 */
27 27
28 #include "config.h" 28 #include "config.h"
29 29
30 #include "core/svg/graphics/SVGImage.h" 30 #include "core/svg/graphics/SVGImage.h"
31 31
32 #include "core/dom/NodeTraversal.h"
32 #include "core/loader/DocumentLoader.h" 33 #include "core/loader/DocumentLoader.h"
34 #include "core/page/Chrome.h"
33 #include "core/page/FrameView.h" 35 #include "core/page/FrameView.h"
34 #include "core/page/Settings.h" 36 #include "core/page/Settings.h"
35 #include "core/platform/graphics/GraphicsContextStateSaver.h" 37 #include "core/platform/graphics/GraphicsContextStateSaver.h"
36 #include "core/platform/graphics/ImageBuffer.h" 38 #include "core/platform/graphics/ImageBuffer.h"
37 #include "core/platform/graphics/ImageObserver.h" 39 #include "core/platform/graphics/ImageObserver.h"
38 #include "core/platform/graphics/IntRect.h" 40 #include "core/platform/graphics/IntRect.h"
39 #include "core/rendering/style/RenderStyle.h" 41 #include "core/rendering/style/RenderStyle.h"
40 #include "core/rendering/svg/RenderSVGRoot.h" 42 #include "core/rendering/svg/RenderSVGRoot.h"
41 #include "core/svg/SVGDocument.h" 43 #include "core/svg/SVGDocument.h"
44 #include "core/svg/SVGImageElement.h"
42 #include "core/svg/SVGSVGElement.h" 45 #include "core/svg/SVGSVGElement.h"
43 #include "core/svg/graphics/SVGImageChromeClient.h" 46 #include "core/svg/graphics/SVGImageChromeClient.h"
44 #include "wtf/PassRefPtr.h" 47 #include "wtf/PassRefPtr.h"
45 48
46 namespace WebCore { 49 namespace WebCore {
47 50
48 SVGImage::SVGImage(ImageObserver* observer) 51 SVGImage::SVGImage(ImageObserver* observer)
49 : Image(observer) 52 : Image(observer)
50 { 53 {
51 } 54 }
52 55
53 SVGImage::~SVGImage() 56 SVGImage::~SVGImage()
54 { 57 {
55 if (m_page) { 58 if (m_page) {
56 // Store m_page in a local variable, clearing m_page, so that SVGImageCh romeClient knows we're destructed. 59 // Store m_page in a local variable, clearing m_page, so that SVGImageCh romeClient knows we're destructed.
57 OwnPtr<Page> currentPage = m_page.release(); 60 OwnPtr<Page> currentPage = m_page.release();
58 currentPage->mainFrame()->loader()->frameDetached(); // Break both the l oader and view references to the frame 61 currentPage->mainFrame()->loader()->frameDetached(); // Break both the l oader and view references to the frame
59 } 62 }
60 63
61 // Verify that page teardown destroyed the Chrome 64 // Verify that page teardown destroyed the Chrome
62 ASSERT(!m_chromeClient || !m_chromeClient->image()); 65 ASSERT(!m_chromeClient || !m_chromeClient->image());
63 } 66 }
64 67
68 bool SVGImage::isInSVGImage(const Element* element)
69 {
70 ASSERT(element);
71
72 Page* page = element->document()->page();
73 if (!page)
74 return false;
75
76 ChromeClient* chromeClient = page->chrome().client();
77 return chromeClient && chromeClient->isSVGImageChromeClient();
78 }
79
80 bool SVGImage::hasSingleSecurityOrigin() const
81 {
82 if (!m_page)
83 return true;
84
85 Frame* frame = m_page->mainFrame();
86 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement() ;
87 if (!rootElement)
88 return true;
89
90 // Don't allow foreignObject elements or images that are not known to be
91 // single-origin since these can leak cross-origin information.
92 for (Element* element = ElementTraversal::firstWithin(rootElement); element; element = ElementTraversal::next(element, rootElement)) {
abarth-chromium 2013/08/12 19:47:44 Does this traverse shadow DOM?
pdr. 2013/08/19 23:16:17 Fortunately, custom elements cannot be created dec
93 if (element->hasTagName(SVGNames::foreignObjectTag))
94 return false;
95 // FIXME(crbug.com/249037): Images should be allowed but the
96 // implementation is difficult because images can have animations which
97 // cause them to dynamically change their single-origin state.
98 if (element->hasTagName(SVGNames::imageTag))
99 return false;
100 if (element->hasTagName(SVGNames::feImageTag))
Tom Sepez 2013/08/15 17:53:59 I worry about folks introducing a new element type
pdr. 2013/08/19 23:16:17 I think this will actually end up being prohibitiv
101 return false;
102 }
103
104 // Because SVG image rendering disallows external resources and links, these
105 // images effectively are restricted to a single security origin.
106 return true;
107 }
108
65 void SVGImage::setContainerSize(const IntSize& size) 109 void SVGImage::setContainerSize(const IntSize& size)
66 { 110 {
67 if (!m_page || !usesContainerSize()) 111 if (!m_page || !usesContainerSize())
68 return; 112 return;
69 113
70 Frame* frame = m_page->mainFrame(); 114 Frame* frame = m_page->mainFrame();
71 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement() ; 115 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement() ;
72 if (!rootElement) 116 if (!rootElement)
73 return; 117 return;
74 RenderSVGRoot* renderer = toRenderSVGRoot(rootElement->renderer()); 118 RenderSVGRoot* renderer = toRenderSVGRoot(rootElement->renderer());
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after
364 return m_page; 408 return m_page;
365 } 409 }
366 410
367 String SVGImage::filenameExtension() const 411 String SVGImage::filenameExtension() const
368 { 412 {
369 return "svg"; 413 return "svg";
370 } 414 }
371 415
372 } 416 }
373 417
OLDNEW
« Source/core/html/HTMLImageElement.cpp ('K') | « Source/core/svg/graphics/SVGImage.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698