| Index: Source/core/html/canvas/WebGLRenderingContextBase.cpp
|
| diff --git a/Source/core/html/canvas/WebGLRenderingContextBase.cpp b/Source/core/html/canvas/WebGLRenderingContextBase.cpp
|
| index 44257b1cd9224d4839c5782592c8ff55309c4cb9..3304a1793ecf0fb248830bf931eff1ff01deb763 100644
|
| --- a/Source/core/html/canvas/WebGLRenderingContextBase.cpp
|
| +++ b/Source/core/html/canvas/WebGLRenderingContextBase.cpp
|
| @@ -5221,7 +5221,8 @@ bool WebGLRenderingContextBase::validateHTMLImageElement(const char* functionNam
|
| synthesizeGLError(GL_INVALID_VALUE, functionName, "invalid image");
|
| return false;
|
| }
|
| - if (image->wouldTaintOrigin(canvas()->securityOrigin())) {
|
| +
|
| + if (wouldTaintOrigin(image)) {
|
| exceptionState.throwSecurityError("The cross-origin image at " + url.elidedString() + " may not be loaded.");
|
| return false;
|
| }
|
| @@ -5234,7 +5235,7 @@ bool WebGLRenderingContextBase::validateHTMLCanvasElement(const char* functionNa
|
| synthesizeGLError(GL_INVALID_VALUE, functionName, "no canvas");
|
| return false;
|
| }
|
| - if (canvas->wouldTaintOrigin(this->canvas()->securityOrigin())) {
|
| + if (wouldTaintOrigin(canvas)) {
|
| exceptionState.throwSecurityError("Tainted canvases may not be loaded.");
|
| return false;
|
| }
|
| @@ -5247,7 +5248,8 @@ bool WebGLRenderingContextBase::validateHTMLVideoElement(const char* functionNam
|
| synthesizeGLError(GL_INVALID_VALUE, functionName, "no video");
|
| return false;
|
| }
|
| - if (video->wouldTaintOrigin(canvas()->securityOrigin())) {
|
| +
|
| + if (wouldTaintOrigin(video)) {
|
| exceptionState.throwSecurityError("The video element contains cross-origin data, and may not be loaded.");
|
| return false;
|
| }
|
|
|
Chromium Code Reviews
Issue 297293004:
Adding cache for security origin validations in 2D/WebGL canvases (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master