Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(30)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/html/HTMLMediaElement.cpp

Issue 893123004: Check origin before providing initData in encrypted event (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: split test Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/html/HTMLMediaElement.h ('K') | « Source/core/html/HTMLMediaElement.h ('k') | Source/core/html/HTMLVideoElement.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012, 2013 Apple Inc. All rights reserved. 2 * Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012, 2013 Apple Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 1546 matching lines...) Expand 10 before | Expand all | Expand 10 after
1557 } 1557 }
1558 1558
1559 if (!document().contentSecurityPolicy()->allowMediaFromSource(url)) { 1559 if (!document().contentSecurityPolicy()->allowMediaFromSource(url)) {
1560 WTF_LOG(Media, "HTMLMediaElement::isSafeToLoadURL(%p, %s) -> rejected by Content Security Policy", this, urlForLoggingMedia(url).utf8().data()); 1560 WTF_LOG(Media, "HTMLMediaElement::isSafeToLoadURL(%p, %s) -> rejected by Content Security Policy", this, urlForLoggingMedia(url).utf8().data());
1561 return false; 1561 return false;
1562 } 1562 }
1563 1563
1564 return true; 1564 return true;
1565 } 1565 }
1566 1566
1567 bool HTMLMediaElement::isMediaDataCORSSameOrigin(SecurityOrigin* origin) const
1568 {
1569 // hasSingleSecurityOrigin() tells us whether the origin in the src is
1570 // the same as the actual request (i.e. after redirect).
1571 // didPassCORSAccessCheck() means it was a successful CORS-enabled fetch
1572 // (vs. non-CORS-enabled or failed).
1573 // taintsCanvas() does checkAccess() on the URL plus allow data sources,
1574 // to ensure that it is not a URL that requires CORS (basically same
1575 // origin).
1576 return hasSingleSecurityOrigin() && ((webMediaPlayer() && webMediaPlayer()-> didPassCORSAccessCheck()) || !origin->taintsCanvas(currentSrc()));
1577 }
1578
1567 void HTMLMediaElement::startProgressEventTimer() 1579 void HTMLMediaElement::startProgressEventTimer()
1568 { 1580 {
1569 if (m_progressEventTimer.isActive()) 1581 if (m_progressEventTimer.isActive())
1570 return; 1582 return;
1571 1583
1572 m_previousProgressTime = WTF::currentTime(); 1584 m_previousProgressTime = WTF::currentTime();
1573 // 350ms is not magic, it is in the spec! 1585 // 350ms is not magic, it is in the spec!
1574 m_progressEventTimer.startRepeating(0.350, FROM_HERE); 1586 m_progressEventTimer.startRepeating(0.350, FROM_HERE);
1575 } 1587 }
1576 1588
(...skipping 2534 matching lines...) Expand 10 before | Expand all | Expand 10 after
4111 4123
4112 #if ENABLE(WEB_AUDIO) 4124 #if ENABLE(WEB_AUDIO)
4113 void HTMLMediaElement::clearWeakMembers(Visitor* visitor) 4125 void HTMLMediaElement::clearWeakMembers(Visitor* visitor)
4114 { 4126 {
4115 if (!visitor->isAlive(m_audioSourceNode) && audioSourceProvider()) 4127 if (!visitor->isAlive(m_audioSourceNode) && audioSourceProvider())
4116 audioSourceProvider()->setClient(nullptr); 4128 audioSourceProvider()->setClient(nullptr);
4117 } 4129 }
4118 #endif 4130 #endif
4119 4131
4120 } 4132 }
OLDNEW
« Source/core/html/HTMLMediaElement.h ('K') | « Source/core/html/HTMLMediaElement.h ('k') | Source/core/html/HTMLVideoElement.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698