| Index: Source/WebCore/html/canvas/CanvasRenderingContext.cpp
|
| ===================================================================
|
| --- Source/WebCore/html/canvas/CanvasRenderingContext.cpp (revision 88897)
|
| +++ Source/WebCore/html/canvas/CanvasRenderingContext.cpp (working copy)
|
| @@ -41,53 +41,73 @@
|
| {
|
| }
|
|
|
| -void CanvasRenderingContext::checkOrigin(const CanvasPattern* pattern)
|
| +bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern)
|
| {
|
| if (canvas()->originClean() && pattern && !pattern->originClean())
|
| - canvas()->setOriginTainted();
|
| + return true;
|
| + return false;
|
| }
|
|
|
| -void CanvasRenderingContext::checkOrigin(const HTMLCanvasElement* sourceCanvas)
|
| +bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas)
|
| {
|
| if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean())
|
| - canvas()->setOriginTainted();
|
| + return true;
|
| + return false;
|
| }
|
|
|
| -void CanvasRenderingContext::checkOrigin(const HTMLImageElement* image)
|
| +bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image)
|
| {
|
| if (!image || !canvas()->originClean())
|
| - return;
|
| + return false;
|
|
|
| CachedImage* cachedImage = image->cachedImage();
|
| - if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin()))
|
| - checkOrigin(cachedImage->response().url());
|
| + if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) {
|
| + if (wouldTaintOrigin(cachedImage->response().url()))
|
| + return true;
|
| + }
|
|
|
| - if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin())
|
| - canvas()->setOriginTainted();
|
| + if (!cachedImage->image()->hasSingleSecurityOrigin())
|
| + return true;
|
| +
|
| + return false;
|
| }
|
|
|
| -void CanvasRenderingContext::checkOrigin(const HTMLVideoElement* video)
|
| +bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video)
|
| {
|
| #if ENABLE(VIDEO)
|
| // FIXME: This check is likely wrong when a redirect is involved. We need
|
| // to test the finalURL. Please be careful when fixing this issue not to
|
| // make currentSrc be the final URL because then the
|
| // HTMLMediaElement.currentSrc DOM API would leak redirect destinations!
|
| - checkOrigin(video->currentSrc());
|
| - if (canvas()->originClean() && video && !video->hasSingleSecurityOrigin())
|
| - canvas()->setOriginTainted();
|
| + if (!video || !canvas()->originClean())
|
| + return false;
|
| +
|
| + if (wouldTaintOrigin(video->currentSrc()))
|
| + return true;
|
| +
|
| + if (!video->hasSingleSecurityOrigin())
|
| + return true;
|
| #endif
|
| +
|
| + return false;
|
| }
|
|
|
| -void CanvasRenderingContext::checkOrigin(const KURL& url)
|
| +bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url)
|
| {
|
| - if (!canvas()->originClean() || m_cleanOrigins.contains(url.string()))
|
| - return;
|
| + if (!canvas()->originClean() || m_cleanURLs.contains(url.string()))
|
| + return false;
|
|
|
| if (canvas()->securityOrigin()->taintsCanvas(url))
|
| + return true;
|
| +
|
| + m_cleanURLs.add(url.string());
|
| + return false;
|
| +}
|
| +
|
| +void CanvasRenderingContext::checkOrigin(const KURL& url)
|
| +{
|
| + if (wouldTaintOrigin(url))
|
| canvas()->setOriginTainted();
|
| - else
|
| - m_cleanOrigins.add(url.string());
|
| }
|
|
|
| } // namespace WebCore
|
|
|
Chromium Code Reviews
Issue 7171012:
Merge 88489 - 2011-06-09 Kenneth Russell <kbr@google.com> (Closed)
Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/782/