Index: Source/WebCore/html/canvas/WebGLRenderingContext.cpp |
=================================================================== |
--- Source/WebCore/html/canvas/WebGLRenderingContext.cpp (revision 88897) |
+++ Source/WebCore/html/canvas/WebGLRenderingContext.cpp (working copy) |
@@ -2807,14 +2807,13 @@ |
cleanupAfterGraphicsCall(false); |
} |
-void WebGLRenderingContext::readPixels(GC3Dint x, GC3Dint y, GC3Dsizei width, GC3Dsizei height, GC3Denum format, GC3Denum type, ArrayBufferView* pixels, ExceptionCode& ec) |
+void WebGLRenderingContext::readPixels(GC3Dint x, GC3Dint y, GC3Dsizei width, GC3Dsizei height, GC3Denum format, GC3Denum type, ArrayBufferView* pixels, ExceptionCode&) |
{ |
if (isContextLost()) |
return; |
- if (!canvas()->originClean()) { |
- ec = SECURITY_ERR; |
- return; |
- } |
+ // Due to WebGL's same-origin restrictions, it is not possible to |
+ // taint the origin using the WebGL API. |
+ ASSERT(canvas()->originClean()); |
// Validate input parameters. |
if (!pixels) { |
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE); |
@@ -3157,7 +3156,11 @@ |
return; |
if (!validateHTMLImageElement(image)) |
return; |
- checkOrigin(image); |
+ if (wouldTaintOrigin(image)) { |
+ ec = SECURITY_ERR; |
+ return; |
+ } |
+ |
texImage2DImpl(target, level, internalformat, format, type, image->cachedImage()->image(), |
m_unpackFlipY, m_unpackPremultiplyAlpha, ec); |
} |
@@ -3172,7 +3175,10 @@ |
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE); |
return; |
} |
- checkOrigin(canvas); |
+ if (wouldTaintOrigin(canvas)) { |
+ ec = SECURITY_ERR; |
+ return; |
+ } |
RefPtr<ImageData> imageData = canvas->getImageData(); |
if (imageData) |
texImage2D(target, level, internalformat, format, type, imageData.get(), ec); |
@@ -3182,7 +3188,7 @@ |
} |
#if ENABLE(VIDEO) |
-PassRefPtr<Image> WebGLRenderingContext::videoFrameToImage(HTMLVideoElement* video) |
+PassRefPtr<Image> WebGLRenderingContext::videoFrameToImage(HTMLVideoElement* video, ExceptionCode& ec) |
{ |
if (!video || !video->videoWidth() || !video->videoHeight()) { |
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE); |
@@ -3194,7 +3200,10 @@ |
m_context->synthesizeGLError(GraphicsContext3D::OUT_OF_MEMORY); |
return 0; |
} |
- checkOrigin(video); |
+ if (wouldTaintOrigin(video)) { |
+ ec = SECURITY_ERR; |
+ return 0; |
+ } |
IntRect destRect(0, 0, size.width(), size.height()); |
// FIXME: Turn this into a GPU-GPU texture copy instead of CPU readback. |
video->paintCurrentFrameInContext(buf->context(), destRect); |
@@ -3207,8 +3216,8 @@ |
ec = 0; |
if (isContextLost()) |
return; |
- RefPtr<Image> image = videoFrameToImage(video); |
- if (!video) |
+ RefPtr<Image> image = videoFrameToImage(video, ec); |
+ if (!image) |
return; |
texImage2DImpl(target, level, internalformat, format, type, image.get(), m_unpackFlipY, m_unpackPremultiplyAlpha, ec); |
} |
@@ -3349,7 +3358,10 @@ |
return; |
if (!validateHTMLImageElement(image)) |
return; |
- checkOrigin(image); |
+ if (wouldTaintOrigin(image)) { |
+ ec = SECURITY_ERR; |
+ return; |
+ } |
texSubImage2DImpl(target, level, xoffset, yoffset, format, type, image->cachedImage()->image(), |
m_unpackFlipY, m_unpackPremultiplyAlpha, ec); |
} |
@@ -3364,7 +3376,10 @@ |
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE); |
return; |
} |
- checkOrigin(canvas); |
+ if (wouldTaintOrigin(canvas)) { |
+ ec = SECURITY_ERR; |
+ return; |
+ } |
RefPtr<ImageData> imageData = canvas->getImageData(); |
if (imageData) |
texSubImage2D(target, level, xoffset, yoffset, format, type, imageData.get(), ec); |
@@ -3380,8 +3395,8 @@ |
ec = 0; |
if (isContextLost()) |
return; |
- RefPtr<Image> image = videoFrameToImage(video); |
- if (!video) |
+ RefPtr<Image> image = videoFrameToImage(video, ec); |
+ if (!image) |
return; |
texSubImage2DImpl(target, level, xoffset, yoffset, format, type, image.get(), m_unpackFlipY, m_unpackPremultiplyAlpha, ec); |
} |