| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Apple Inc. All rights reserved. | 2 * Copyright (C) 2009 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 #include "KURL.h" | 34 #include "KURL.h" |
| 35 #include "SecurityOrigin.h" | 35 #include "SecurityOrigin.h" |
| 36 | 36 |
| 37 namespace WebCore { | 37 namespace WebCore { |
| 38 | 38 |
| 39 CanvasRenderingContext::CanvasRenderingContext(HTMLCanvasElement* canvas) | 39 CanvasRenderingContext::CanvasRenderingContext(HTMLCanvasElement* canvas) |
| 40 : m_canvas(canvas) | 40 : m_canvas(canvas) |
| 41 { | 41 { |
| 42 } | 42 } |
| 43 | 43 |
| 44 void CanvasRenderingContext::checkOrigin(const CanvasPattern* pattern) | 44 bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern) |
| 45 { | 45 { |
| 46 if (canvas()->originClean() && pattern && !pattern->originClean()) | 46 if (canvas()->originClean() && pattern && !pattern->originClean()) |
| 47 canvas()->setOriginTainted(); | 47 return true; |
| 48 return false; |
| 48 } | 49 } |
| 49 | 50 |
| 50 void CanvasRenderingContext::checkOrigin(const HTMLCanvasElement* sourceCanvas) | 51 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCan
vas) |
| 51 { | 52 { |
| 52 if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean()) | 53 if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean()) |
| 53 canvas()->setOriginTainted(); | 54 return true; |
| 55 return false; |
| 54 } | 56 } |
| 55 | 57 |
| 56 void CanvasRenderingContext::checkOrigin(const HTMLImageElement* image) | 58 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image) |
| 57 { | 59 { |
| 58 if (!image || !canvas()->originClean()) | 60 if (!image || !canvas()->originClean()) |
| 59 return; | 61 return false; |
| 60 | 62 |
| 61 CachedImage* cachedImage = image->cachedImage(); | 63 CachedImage* cachedImage = image->cachedImage(); |
| 62 if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) | 64 if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) { |
| 63 checkOrigin(cachedImage->response().url()); | 65 if (wouldTaintOrigin(cachedImage->response().url())) |
| 66 return true; |
| 67 } |
| 64 | 68 |
| 65 if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigi
n()) | 69 if (!cachedImage->image()->hasSingleSecurityOrigin()) |
| 66 canvas()->setOriginTainted(); | 70 return true; |
| 71 |
| 72 return false; |
| 67 } | 73 } |
| 68 | 74 |
| 69 void CanvasRenderingContext::checkOrigin(const HTMLVideoElement* video) | 75 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video) |
| 70 { | 76 { |
| 71 #if ENABLE(VIDEO) | 77 #if ENABLE(VIDEO) |
| 72 // FIXME: This check is likely wrong when a redirect is involved. We need | 78 // FIXME: This check is likely wrong when a redirect is involved. We need |
| 73 // to test the finalURL. Please be careful when fixing this issue not to | 79 // to test the finalURL. Please be careful when fixing this issue not to |
| 74 // make currentSrc be the final URL because then the | 80 // make currentSrc be the final URL because then the |
| 75 // HTMLMediaElement.currentSrc DOM API would leak redirect destinations! | 81 // HTMLMediaElement.currentSrc DOM API would leak redirect destinations! |
| 76 checkOrigin(video->currentSrc()); | 82 if (!video || !canvas()->originClean()) |
| 77 if (canvas()->originClean() && video && !video->hasSingleSecurityOrigin()) | 83 return false; |
| 78 canvas()->setOriginTainted(); | 84 |
| 85 if (wouldTaintOrigin(video->currentSrc())) |
| 86 return true; |
| 87 |
| 88 if (!video->hasSingleSecurityOrigin()) |
| 89 return true; |
| 79 #endif | 90 #endif |
| 91 |
| 92 return false; |
| 93 } |
| 94 |
| 95 bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url) |
| 96 { |
| 97 if (!canvas()->originClean() || m_cleanURLs.contains(url.string())) |
| 98 return false; |
| 99 |
| 100 if (canvas()->securityOrigin()->taintsCanvas(url)) |
| 101 return true; |
| 102 |
| 103 m_cleanURLs.add(url.string()); |
| 104 return false; |
| 80 } | 105 } |
| 81 | 106 |
| 82 void CanvasRenderingContext::checkOrigin(const KURL& url) | 107 void CanvasRenderingContext::checkOrigin(const KURL& url) |
| 83 { | 108 { |
| 84 if (!canvas()->originClean() || m_cleanOrigins.contains(url.string())) | 109 if (wouldTaintOrigin(url)) |
| 85 return; | |
| 86 | |
| 87 if (canvas()->securityOrigin()->taintsCanvas(url)) | |
| 88 canvas()->setOriginTainted(); | 110 canvas()->setOriginTainted(); |
| 89 else | |
| 90 m_cleanOrigins.add(url.string()); | |
| 91 } | 111 } |
| 92 | 112 |
| 93 } // namespace WebCore | 113 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7171012:
Merge 88489 - 2011-06-09 Kenneth Russell <kbr@google.com> (Closed)
Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/782/