| Index: third_party/WebKit/Source/core/html/HTMLCanvasElement.cpp
|
| diff --git a/third_party/WebKit/Source/core/html/HTMLCanvasElement.cpp b/third_party/WebKit/Source/core/html/HTMLCanvasElement.cpp
|
| index 2e58bec4cd36bf80e7f4042a0613b8a186f9b851..04323a4caf2d5abfdcdcf1b7e0e3ea61cc49fe2d 100644
|
| --- a/third_party/WebKit/Source/core/html/HTMLCanvasElement.cpp
|
| +++ b/third_party/WebKit/Source/core/html/HTMLCanvasElement.cpp
|
| @@ -174,16 +174,38 @@ Node::InsertionNotificationRequest HTMLCanvasElement::insertedInto(ContainerNode
|
| return HTMLElement::insertedInto(node);
|
| }
|
|
|
| -void HTMLCanvasElement::setHeight(int value)
|
| +void HTMLCanvasElement::setHeight(int value, ExceptionState& exceptionState)
|
| {
|
| + if (surfaceLayerBridge()) {
|
| + // The existence of surfaceLayerBridge indicates that
|
| + // canvas.transferControlToOffscreen has been called.
|
| + exceptionState.throwDOMException(InvalidStateError, "Resizing is not allowed for a canvas that has transferred its control to offscreen.");
|
| + return;
|
| + }
|
| setIntegralAttribute(heightAttr, value);
|
| }
|
|
|
| -void HTMLCanvasElement::setWidth(int value)
|
| +void HTMLCanvasElement::setWidth(int value, ExceptionState& exceptionState)
|
| {
|
| + if (surfaceLayerBridge()) {
|
| + // Same comment as above.
|
| + exceptionState.throwDOMException(InvalidStateError, "Resizing is not allowed for a canvas that has transferred its control to offscreen.");
|
| + return;
|
| + }
|
| setIntegralAttribute(widthAttr, value);
|
| }
|
|
|
| +void HTMLCanvasElement::setSize(const IntSize& newSize)
|
| +{
|
| + if (newSize == size())
|
| + return;
|
| + m_ignoreReset = true;
|
| + setIntegralAttribute(widthAttr, newSize.width());
|
| + setIntegralAttribute(heightAttr, newSize.height());
|
| + m_ignoreReset = false;
|
| + reset();
|
| +}
|
| +
|
| HTMLCanvasElement::ContextFactoryVector& HTMLCanvasElement::renderingContextFactories()
|
| {
|
| DCHECK(isMainThread());
|
| @@ -640,6 +662,10 @@ String HTMLCanvasElement::toDataURLInternal(const String& mimeType, const double
|
|
|
| String HTMLCanvasElement::toDataURL(const String& mimeType, const ScriptValue& qualityArgument, ExceptionState& exceptionState) const
|
| {
|
| + if (surfaceLayerBridge()) {
|
| + exceptionState.throwDOMException(InvalidStateError, "canvas.toDataURL is not allowed for a canvas that has transferred its control to offscreen.");
|
| + return String();
|
| + }
|
| if (!originClean()) {
|
| exceptionState.throwSecurityError("Tainted canvases may not be exported.");
|
| return String();
|
| @@ -686,6 +712,11 @@ String HTMLCanvasElement::toDataURL(const String& mimeType, const ScriptValue& q
|
|
|
| void HTMLCanvasElement::toBlob(BlobCallback* callback, const String& mimeType, const ScriptValue& qualityArgument, ExceptionState& exceptionState)
|
| {
|
| + if (surfaceLayerBridge()) {
|
| + exceptionState.throwDOMException(InvalidStateError, "canvas.toBlob is not allowed for a canvas that has transferred its control to offscreen.");
|
| + return;
|
| + }
|
| +
|
| if (!originClean()) {
|
| exceptionState.throwSecurityError("Tainted canvases may not be exported.");
|
| return;
|
| @@ -1020,8 +1051,8 @@ ImageBuffer* HTMLCanvasElement::buffer() const
|
| void HTMLCanvasElement::createImageBufferUsingSurfaceForTesting(std::unique_ptr<ImageBufferSurface> surface)
|
| {
|
| discardImageBuffer();
|
| - setWidth(surface->size().width());
|
| - setHeight(surface->size().height());
|
| + setIntegralAttribute(widthAttr, surface->size().width());
|
| + setIntegralAttribute(heightAttr, surface->size().height());
|
| createImageBufferInternal(std::move(surface));
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2323933004:
Disallow users modify canvas after it transfers control to offscreen (Closed)
