summaryrefslogtreecommitdiffstats
path: root/Source/WebCore/html/canvas/CanvasRenderingContext.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'Source/WebCore/html/canvas/CanvasRenderingContext.cpp')
-rw-r--r--Source/WebCore/html/canvas/CanvasRenderingContext.cpp63
1 files changed, 44 insertions, 19 deletions
diff --git a/Source/WebCore/html/canvas/CanvasRenderingContext.cpp b/Source/WebCore/html/canvas/CanvasRenderingContext.cpp
index c814c66..3622b06 100644
--- a/Source/WebCore/html/canvas/CanvasRenderingContext.cpp
+++ b/Source/WebCore/html/canvas/CanvasRenderingContext.cpp
@@ -51,48 +51,73 @@ void CanvasRenderingContext::deref()
m_canvas->deref();
}
-void CanvasRenderingContext::checkOrigin(const CanvasPattern* pattern)
+bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern)
{
if (canvas()->originClean() && pattern && !pattern->originClean())
- canvas()->setOriginTainted();
+ return true;
+ return false;
}
-void CanvasRenderingContext::checkOrigin(const HTMLCanvasElement* sourceCanvas)
+bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas)
{
if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean())
- canvas()->setOriginTainted();
+ return true;
+ return false;
}
-void CanvasRenderingContext::checkOrigin(const HTMLImageElement* image)
+bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image)
{
if (!image || !canvas()->originClean())
- return;
+ return false;
CachedImage* cachedImage = image->cachedImage();
- checkOrigin(cachedImage->response().url());
+ if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) {
+ if (wouldTaintOrigin(cachedImage->response().url()))
+ return true;
+ }
- if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin())
- canvas()->setOriginTainted();
+ if (!cachedImage->image()->hasSingleSecurityOrigin())
+ return true;
+
+ return false;
}
-void CanvasRenderingContext::checkOrigin(const HTMLVideoElement* video)
+bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video)
{
#if ENABLE(VIDEO)
- checkOrigin(KURL(KURL(), video->currentSrc()));
- if (canvas()->originClean() && video && !video->hasSingleSecurityOrigin())
- canvas()->setOriginTainted();
+ // FIXME: This check is likely wrong when a redirect is involved. We need
+ // to test the finalURL. Please be careful when fixing this issue not to
+ // make currentSrc be the final URL because then the
+ // HTMLMediaElement.currentSrc DOM API would leak redirect destinations!
+ if (!video || !canvas()->originClean())
+ return false;
+
+ if (wouldTaintOrigin(video->currentSrc()))
+ return true;
+
+ if (!video->hasSingleSecurityOrigin())
+ return true;
#endif
+
+ return false;
}
-void CanvasRenderingContext::checkOrigin(const KURL& url)
+bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url)
{
- if (!canvas()->originClean() || m_cleanOrigins.contains(url.string()))
- return;
+ if (!canvas()->originClean() || m_cleanURLs.contains(url.string()))
+ return false;
- if (canvas()->securityOrigin().taintsCanvas(url))
+ if (canvas()->securityOrigin()->taintsCanvas(url))
+ return true;
+
+ m_cleanURLs.add(url.string());
+ return false;
+}
+
+void CanvasRenderingContext::checkOrigin(const KURL& url)
+{
+ if (wouldTaintOrigin(url))
canvas()->setOriginTainted();
- else
- m_cleanOrigins.add(url.string());
}
} // namespace WebCore
generated by cgit v1.1 at 2024-05-03 03:56:05 +0000