diff options
Diffstat (limited to 'Source/WebCore/html/canvas/CanvasRenderingContext.cpp')
| -rw-r--r-- | Source/WebCore/html/canvas/CanvasRenderingContext.cpp | 45 |
1 files changed, 27 insertions, 18 deletions
diff --git a/Source/WebCore/html/canvas/CanvasRenderingContext.cpp b/Source/WebCore/html/canvas/CanvasRenderingContext.cpp index e8bf03a90..2b718e6ba 100644 --- a/Source/WebCore/html/canvas/CanvasRenderingContext.cpp +++ b/Source/WebCore/html/canvas/CanvasRenderingContext.cpp @@ -10,10 +10,10 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR @@ -36,35 +36,48 @@ namespace WebCore { -CanvasRenderingContext::CanvasRenderingContext(HTMLCanvasElement* canvas) +CanvasRenderingContext::CanvasRenderingContext(HTMLCanvasElement& canvas) : m_canvas(canvas) { } bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern) { - if (canvas()->originClean() && pattern && !pattern->originClean()) + if (canvas().originClean() && pattern && !pattern->originClean()) return true; return false; } bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas) { - if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean()) + if (canvas().originClean() && sourceCanvas && !sourceCanvas->originClean()) return true; return false; } -bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image) +bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* element) { - if (!image || !canvas()->originClean()) + if (!element || !canvas().originClean()) return false; - CachedImage* cachedImage = image->cachedImage(); - if (!cachedImage->image()->hasSingleSecurityOrigin()) + auto* cachedImage = element->cachedImage(); + if (!cachedImage) + return false; + + auto* image = cachedImage->image(); + if (!image) + return false; + + if (!image->hasSingleSecurityOrigin()) + return true; + + if (!cachedImage->isCORSSameOrigin()) return true; - return wouldTaintOrigin(cachedImage->response().url()) && !cachedImage->passesAccessControlCheck(canvas()->securityOrigin()); + ASSERT(canvas().securityOrigin()); + ASSERT(cachedImage->origin()); + ASSERT(canvas().securityOrigin()->toString() == cachedImage->origin()->toString()); + return false; } bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video) @@ -74,7 +87,7 @@ bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video) // to test the finalURL. Please be careful when fixing this issue not to // make currentSrc be the final URL because then the // HTMLMediaElement.currentSrc DOM API would leak redirect destinations! - if (!video || !canvas()->originClean()) + if (!video || !canvas().originClean()) return false; if (!video->hasSingleSecurityOrigin()) @@ -92,23 +105,19 @@ bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video) bool CanvasRenderingContext::wouldTaintOrigin(const URL& url) { - if (!canvas()->originClean() || m_cleanURLs.contains(url.string())) + if (!canvas().originClean()) return false; - if (canvas()->securityOrigin()->taintsCanvas(url)) - return true; - if (url.protocolIsData()) return false; - m_cleanURLs.add(url.string()); - return false; + return !canvas().securityOrigin()->canRequest(url); } void CanvasRenderingContext::checkOrigin(const URL& url) { if (wouldTaintOrigin(url)) - canvas()->setOriginTainted(); + canvas().setOriginTainted(); } } // namespace WebCore |