diff options
Diffstat (limited to 'Source/WebCore/html/canvas/CanvasRenderingContext.cpp')
-rw-r--r-- | Source/WebCore/html/canvas/CanvasRenderingContext.cpp | 63 |
1 files changed, 44 insertions, 19 deletions
diff --git a/Source/WebCore/html/canvas/CanvasRenderingContext.cpp b/Source/WebCore/html/canvas/CanvasRenderingContext.cpp index c814c66..3622b06 100644 --- a/Source/WebCore/html/canvas/CanvasRenderingContext.cpp +++ b/Source/WebCore/html/canvas/CanvasRenderingContext.cpp @@ -51,48 +51,73 @@ void CanvasRenderingContext::deref() m_canvas->deref(); } -void CanvasRenderingContext::checkOrigin(const CanvasPattern* pattern) +bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern) { if (canvas()->originClean() && pattern && !pattern->originClean()) - canvas()->setOriginTainted(); + return true; + return false; } -void CanvasRenderingContext::checkOrigin(const HTMLCanvasElement* sourceCanvas) +bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas) { if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean()) - canvas()->setOriginTainted(); + return true; + return false; } -void CanvasRenderingContext::checkOrigin(const HTMLImageElement* image) +bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image) { if (!image || !canvas()->originClean()) - return; + return false; CachedImage* cachedImage = image->cachedImage(); - checkOrigin(cachedImage->response().url()); + if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) { + if (wouldTaintOrigin(cachedImage->response().url())) + return true; + } - if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin()) - canvas()->setOriginTainted(); + if (!cachedImage->image()->hasSingleSecurityOrigin()) + return true; + + return false; } -void CanvasRenderingContext::checkOrigin(const HTMLVideoElement* video) +bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video) { #if ENABLE(VIDEO) - checkOrigin(KURL(KURL(), video->currentSrc())); - if (canvas()->originClean() && video && !video->hasSingleSecurityOrigin()) - canvas()->setOriginTainted(); + // FIXME: This check is likely wrong when a redirect is involved. We need + // to test the finalURL. Please be careful when fixing this issue not to + // make currentSrc be the final URL because then the + // HTMLMediaElement.currentSrc DOM API would leak redirect destinations! + if (!video || !canvas()->originClean()) + return false; + + if (wouldTaintOrigin(video->currentSrc())) + return true; + + if (!video->hasSingleSecurityOrigin()) + return true; #endif + + return false; } -void CanvasRenderingContext::checkOrigin(const KURL& url) +bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url) { - if (!canvas()->originClean() || m_cleanOrigins.contains(url.string())) - return; + if (!canvas()->originClean() || m_cleanURLs.contains(url.string())) + return false; - if (canvas()->securityOrigin().taintsCanvas(url)) + if (canvas()->securityOrigin()->taintsCanvas(url)) + return true; + + m_cleanURLs.add(url.string()); + return false; +} + +void CanvasRenderingContext::checkOrigin(const KURL& url) +{ + if (wouldTaintOrigin(url)) canvas()->setOriginTainted(); - else - m_cleanOrigins.add(url.string()); } } // namespace WebCore |