Chromium Code Reviews Chromium Code Reviews
Issue 2806803003:
Make OffscreenCanvas WebGL(2) context consider taintedness of image source (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Apple Inc. All rights reserved. | 2 * Copyright (C) 2009 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 224 bool has_url = (source_url.IsValid() && !source_url.IsAboutBlankURL()); | 224 bool has_url = (source_url.IsValid() && !source_url.IsAboutBlankURL()); |
| 225 | 225 |
| 226 if (has_url) { | 226 if (has_url) { |
| 227 if (source_url.ProtocolIsData() || | 227 if (source_url.ProtocolIsData() || |
| 228 clean_ur_ls_.Contains(source_url.GetString())) | 228 clean_ur_ls_.Contains(source_url.GetString())) |
| 229 return false; | 229 return false; |
| 230 if (dirty_ur_ls_.Contains(source_url.GetString())) | 230 if (dirty_ur_ls_.Contains(source_url.GetString())) |
| 231 return true; | 231 return true; |
| 232 } | 232 } |
| 233 | 233 |
| 234 DCHECK_EQ(!canvas(), | 234 bool taint_origin = |
| 235 !!destination_security_origin); // Must have one or the other | 235 image_source->WouldTaintOrigin(destination_security_origin); |
|
Justin Novosad
2017/04/12 14:53:40
Just checking: I assume OCRC2D was already calling
xlai (Olivia)
2017/04/12 19:37:28
Yes, OCRC2D is already doing this correct. It call
| |
| 236 bool taint_origin = image_source->WouldTaintOrigin( | |
| 237 destination_security_origin ? destination_security_origin | |
| 238 : canvas()->GetSecurityOrigin()); | |
| 239 | |
| 240 if (has_url) { | 236 if (has_url) { |
| 241 if (taint_origin) | 237 if (taint_origin) |
| 242 dirty_ur_ls_.insert(source_url.GetString()); | 238 dirty_ur_ls_.insert(source_url.GetString()); |
| 243 else | 239 else |
| 244 clean_ur_ls_.insert(source_url.GetString()); | 240 clean_ur_ls_.insert(source_url.GetString()); |
| 245 } | 241 } |
| 246 return taint_origin; | 242 return taint_origin; |
| 247 } | 243 } |
| 248 | 244 |
| 249 DEFINE_TRACE(CanvasRenderingContext) { | 245 DEFINE_TRACE(CanvasRenderingContext) { |
| 250 visitor->Trace(canvas_); | 246 visitor->Trace(canvas_); |
| 251 visitor->Trace(offscreen_canvas_); | 247 visitor->Trace(offscreen_canvas_); |
| 252 } | 248 } |
| 253 | 249 |
| 254 } // namespace blink | 250 } // namespace blink |
| OLD | NEW |
