| Index: third_party/WebKit/Source/core/loader/ImageLoader.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/ImageLoader.cpp b/third_party/WebKit/Source/core/loader/ImageLoader.cpp
|
| index 2a2d79f9fc6e0a756db1f2333174bac1643da6e7..6c2f3f81036d52b8896a0461594229a01ca53850 100644
|
| --- a/third_party/WebKit/Source/core/loader/ImageLoader.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/ImageLoader.cpp
|
| @@ -562,9 +562,17 @@ void ImageLoader::ImageNotifyFinished(ImageResourceContent* resource) {
|
|
|
| UpdateLayoutObject();
|
|
|
| - if (image_ && image_->GetImage() && image_->GetImage()->IsSVGImage())
|
| + if (image_ && image_->GetImage() && image_->GetImage()->IsSVGImage()) {
|
| + // SVG's document should be completely loaded before access control
|
| + // checks, which can occur anytime after ImageNotifyFinished()
|
| + // (See SVGImage::CurrentFrameHasSingleSecurityOrigin()).
|
| + // We check the document is loaded here to catch violation of the
|
| + // assumption reliably.
|
| + ToSVGImage(image_->GetImage())->CheckLoaded();
|
| +
|
| ToSVGImage(image_->GetImage())
|
| ->UpdateUseCounters(GetElement()->GetDocument());
|
| + }
|
|
|
| if (loading_image_document_) {
|
| CHECK(!has_pending_load_event_);
|
|
|
Chromium Code Reviews
Issue 2888953004:
Check that SVGImage is loaded in ImageNotifyFinished() (Closed)
