Changeset 87473 in webkit
- Timestamp:
- May 26, 2011 11:12:45 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 8 added
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r87472 r87473 1 2011-05-26 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 Support cross-origin property for images 6 https://bugs.webkit.org/show_bug.cgi?id=61015 7 8 Test various cases involving CORS requests and canvas tainting. 9 10 * http/tests/security/canvas-remote-read-remote-image-allowed-expected.txt: Added. 11 * http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials-expected.txt: Added. 12 * http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html: Added. 13 * http/tests/security/canvas-remote-read-remote-image-allowed.html: Added. 14 * http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt: Added. 15 * http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html: Added. 16 * http/tests/security/resources/abe-allow-credentials.php: Added. 17 * http/tests/security/resources/abe-allow-star.php: Added. 18 1 19 2011-05-26 Ryosuke Niwa <rniwa@webkit.org> 2 20 -
trunk/Source/WebCore/ChangeLog
r87469 r87473 1 2011-05-26 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 Support cross-origin property for images 6 https://bugs.webkit.org/show_bug.cgi?id=61015 7 8 This patch add support for the crossorigin attribute of images and 9 teaches 2D canvas to respect that flag and not taint a canvas if the 10 image drawn on the canvas is allowed by CORS. 11 12 While I was editing this code, I couldn't resist a couple touch-up 13 changes. 14 15 Tests: http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html 16 http/tests/security/canvas-remote-read-remote-image-allowed.html 17 http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html 18 19 * html/HTMLAttributeNames.in: 20 * html/HTMLCanvasElement.cpp: 21 (WebCore::HTMLCanvasElement::securityOrigin): 22 * html/HTMLCanvasElement.h: 23 * html/HTMLImageElement.idl: 24 * html/canvas/CanvasRenderingContext.cpp: 25 (WebCore::CanvasRenderingContext::checkOrigin): 26 * html/canvas/CanvasRenderingContext2D.cpp: 27 (WebCore::CanvasRenderingContext2D::createPattern): 28 * loader/ImageLoader.cpp: 29 (WebCore::ImageLoader::updateFromElement): 30 * loader/cache/CachedResource.cpp: 31 (WebCore::CachedResource::passesAccessControlCheck): 32 * loader/cache/CachedResource.h: 33 1 34 2011-05-26 Mihai Parparita <mihaip@chromium.org> 2 35 -
trunk/Source/WebCore/html/HTMLAttributeNames.in
r83527 r87473 83 83 controls 84 84 coords 85 crossorigin 85 86 data 86 87 datetime -
trunk/Source/WebCore/html/HTMLCanvasElement.cpp
r87171 r87473 407 407 } 408 408 409 const SecurityOrigin&HTMLCanvasElement::securityOrigin() const410 { 411 return *document()->securityOrigin();409 SecurityOrigin* HTMLCanvasElement::securityOrigin() const 410 { 411 return document()->securityOrigin(); 412 412 } 413 413 -
trunk/Source/WebCore/html/HTMLCanvasElement.h
r87121 r87473 116 116 IntSize convertToValidDeviceSize(float width, float height) const; 117 117 118 const SecurityOrigin&securityOrigin() const;118 SecurityOrigin* securityOrigin() const; 119 119 void setOriginTainted() { m_originClean = false; } 120 120 bool originClean() const { return m_originClean; } -
trunk/Source/WebCore/html/HTMLImageElement.idl
r66327 r87473 27 27 attribute [Reflect] DOMString align; 28 28 attribute [Reflect] DOMString alt; 29 attribute [Reflect] DOMString border; 29 attribute [Reflect] DOMString border; 30 attribute [Reflect] DOMString crossOrigin; 30 31 attribute long height; 31 32 attribute [Reflect] long hspace; -
trunk/Source/WebCore/html/canvas/CanvasRenderingContext.cpp
r84764 r87473 60 60 61 61 CachedImage* cachedImage = image->cachedImage(); 62 checkOrigin(cachedImage->response().url()); 62 if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) 63 checkOrigin(cachedImage->response().url()); 63 64 64 65 if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin()) … … 69 70 { 70 71 #if ENABLE(VIDEO) 71 checkOrigin(KURL(KURL(), video->currentSrc())); 72 // FIXME: HTMLVideoElement::currentSrc() should return a KURL. 73 // https://bugs.webkit.org/show_bug.cgi?id=61578 74 checkOrigin(KURL(ParsedURLString, video->currentSrc())); 72 75 if (canvas()->originClean() && video && !video->hasSingleSecurityOrigin()) 73 76 canvas()->setOriginTainted(); … … 80 83 return; 81 84 82 if (canvas()->securityOrigin() .taintsCanvas(url))85 if (canvas()->securityOrigin()->taintsCanvas(url)) 83 86 canvas()->setOriginTainted(); 84 87 else -
trunk/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp
r87307 r87473 90 90 static const char* const defaultFont = "10px sans-serif"; 91 91 92 static bool isOriginClean(CachedImage* cachedImage, SecurityOrigin* securityOrigin) 93 { 94 if (!cachedImage->image()->hasSingleSecurityOrigin()) 95 return false; 96 if (cachedImage->passesAccessControlCheck(securityOrigin)) 97 return true; 98 return !securityOrigin->taintsCanvas(cachedImage->response().url()); 99 } 92 100 93 101 class CanvasStrokeStyleApplier : public StrokeStyleApplier { … … 1578 1586 return CanvasPattern::create(Image::nullImage(), repeatX, repeatY, true); 1579 1587 1580 bool originClean = !canvas()->securityOrigin().taintsCanvas(KURL(KURL(), cachedImage->response().url())) && cachedImage->image()->hasSingleSecurityOrigin();1588 bool originClean = isOriginClean(cachedImage, canvas()->securityOrigin()); 1581 1589 return CanvasPattern::create(cachedImage->image(), repeatX, repeatY, originClean); 1582 1590 } -
trunk/Source/WebCore/loader/ImageLoader.cpp
r87239 r87473 25 25 #include "CachedImage.h" 26 26 #include "CachedResourceLoader.h" 27 #include "CrossOriginAccessControl.h" 27 28 #include "Document.h" 28 29 #include "Element.h" … … 159 160 CachedImage* newImage = 0; 160 161 if (!(attr.isNull() || (attr.isEmpty() && document->baseURI().isLocalFile()))) { 162 ResourceRequest request = ResourceRequest(document->completeURL(sourceURI(attr))); 163 164 String crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossoriginAttr); 165 if (!crossOriginMode.isNull()) { 166 bool allowCredentials = equalIgnoringCase(crossOriginMode, "use-credentials"); 167 updateRequestForAccessControl(request, document->securityOrigin(), allowCredentials); 168 } 169 161 170 if (m_loadManually) { 162 171 bool autoLoadOtherImages = document->cachedResourceLoader()->autoLoadImages(); 163 172 document->cachedResourceLoader()->setAutoLoadImages(false); 164 ResourceRequest request = ResourceRequest(document->completeURL(sourceURI(attr)));165 173 newImage = new CachedImage(request); 166 174 newImage->setLoading(true); … … 168 176 document->cachedResourceLoader()->m_documentResources.set(newImage->url(), newImage); 169 177 document->cachedResourceLoader()->setAutoLoadImages(autoLoadOtherImages); 170 } else { 171 ResourceRequest request(document->completeURL(sourceURI(attr))); 178 } else 172 179 newImage = document->cachedResourceLoader()->requestImage(request); 173 }174 180 175 181 // If we do not have an image here, it means that a cross-site -
trunk/Source/WebCore/loader/cache/CachedResource.cpp
r87344 r87473 32 32 #include "CachedResourceLoader.h" 33 33 #include "CachedResourceRequest.h" 34 #include "CrossOriginAccessControl.h" 34 35 #include "Frame.h" 35 36 #include "FrameLoaderClient.h" … … 173 174 } 174 175 176 bool CachedResource::passesAccessControlCheck(SecurityOrigin* securityOrigin) 177 { 178 String errorDescription; 179 return WebCore::passesAccessControlCheck(m_response, resourceRequest().allowCookies(), securityOrigin, errorDescription); 180 } 181 175 182 bool CachedResource::isExpired() const 176 183 { -
trunk/Source/WebCore/loader/cache/CachedResource.h
r87239 r87473 48 48 class InspectorResource; 49 49 class PurgeableBuffer; 50 class SecurityOrigin; 50 51 51 52 // A resource that is held in the cache. Classes who want to use this object should derive … … 150 151 void finish(); 151 152 153 bool passesAccessControlCheck(SecurityOrigin*); 154 152 155 // Called by the cache if the object has been removed from the cache 153 156 // while still being referenced. This means the object should delete itself
Note: See TracChangeset
for help on using the changeset viewer.