Check origin before providing initData in encrypted event

Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "modules/encryptedmedia/HTMLMediaElementEncryptedMedia.h"
 
 #include "bindings/core/v8/ExceptionState.h"
 #include "bindings/core/v8/ScriptPromise.h"
 #include "bindings/core/v8/ScriptPromiseResolver.h"
@@ skipping 28 matching lines @@
         return;
     case WebMediaPlayer::MediaKeyExceptionInvalidAccess:
         exceptionState.throwDOMException(InvalidAccessError, "The session ID provided ('" + sessionId + "') is invalid.");
         return;
     }
 
     ASSERT_NOT_REACHED();
     return;
 }
 
+// Checks to see if the current media src is allowed access to |element|'s
+// origin. Based on !HTMLVideoElement::wouldTaintOrigin().
+static bool canAccessData(HTMLMediaElement& element)

[sandersd (OOO until July 31), 2015/02/03 22:31:59]

I would prefer that there is only one copy of this code. I think the best plan
is to rename this something more serious sounding (basically add Origin to the
method name), then replace HTMLVideoElement::wouldTaintOrigin() calls with calls
to this method.

[jrummell, 2015/02/04 23:28:37]

Done.

+{
+    // If this HTMLMediaElement is mixed content, then not allowed.
+    if (!element.hasSingleSecurityOrigin())
+        return false;
+
+    // If CORS check passed, then we are good.
+    if (element.webMediaPlayer() && element.webMediaPlayer()->didPassCORSAccessCheck())
+        return true;
+
+    // Must be based on whether HTMLMediaElement could request the current src.
+    return element.executionContext()->securityOrigin()->canRequest(element.currentSrc());
+}
+
 // This class allows MediaKeys to be set asynchronously.
 class SetMediaKeysHandler : public ScriptPromiseResolver {
     WTF_MAKE_NONCOPYABLE(SetMediaKeysHandler);
 
 public:
     static ScriptPromise create(ScriptState*, HTMLMediaElement&, MediaKeys*);
     virtual ~SetMediaKeysHandler();
 
     virtual void trace(Visitor*) override;
 
@@ skipping 449 matching lines @@
     event->setTarget(&element);
     element.scheduleEvent(event.release());
 }
 
 void HTMLMediaElementEncryptedMedia::encrypted(HTMLMediaElement& element, const String& initDataType, const unsigned char* initData, unsigned initDataLength)
 {
     WTF_LOG(Media, "HTMLMediaElementEncryptedMedia::encrypted: initDataType=%s", initDataType.utf8().data());
 
     if (RuntimeEnabledFeatures::encryptedMediaEnabled()) {
         // Send event for WD EME.
-        // FIXME: Check origin before providing initData. http://crbug.com/418233.
-        RefPtrWillBeRawPtr<Event> event = createEncryptedEvent(initDataType, initData, initDataLength);
+        RefPtrWillBeRawPtr<Event> event;
+        if (canAccessData(element)) {
+            event = createEncryptedEvent(initDataType, initData, initDataLength);
+        } else {
+            // Current page is not allowed to see content from the media file,
+            // so don't return the initData. However, they still get an event.
+            event = createEncryptedEvent(emptyString(), nullptr, 0);
+        }
+
         event->setTarget(&element);
         element.scheduleEvent(event.release());
     }
 
     if (RuntimeEnabledFeatures::prefixedEncryptedMediaEnabled()) {
         // Send event for v0.1b EME.
         RefPtrWillBeRawPtr<Event> event = createWebkitNeedKeyEvent(initData, initDataLength);
         event->setTarget(&element);
         element.scheduleEvent(event.release());
     }
@@ skipping 21 matching lines @@
     return thisElement.contentDecryptionModule();
 }
 
 void HTMLMediaElementEncryptedMedia::trace(Visitor* visitor)
 {
     visitor->trace(m_mediaKeys);
     WillBeHeapSupplement<HTMLMediaElement>::trace(visitor);
 }
 
 } // namespace blink