Changeset 87473 in webkit


Ignore:
Timestamp:
May 26, 2011 11:12:45 PM (13 years ago)
Author:
abarth@webkit.org
Message:

2011-05-26 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.

Support cross-origin property for images
https://bugs.webkit.org/show_bug.cgi?id=61015

Test various cases involving CORS requests and canvas tainting.

  • http/tests/security/canvas-remote-read-remote-image-allowed-expected.txt: Added.
  • http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials-expected.txt: Added.
  • http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html: Added.
  • http/tests/security/canvas-remote-read-remote-image-allowed.html: Added.
  • http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt: Added.
  • http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html: Added.
  • http/tests/security/resources/abe-allow-credentials.php: Added.
  • http/tests/security/resources/abe-allow-star.php: Added.

2011-05-26 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.

Support cross-origin property for images
https://bugs.webkit.org/show_bug.cgi?id=61015

This patch add support for the crossorigin attribute of images and
teaches 2D canvas to respect that flag and not taint a canvas if the
image drawn on the canvas is allowed by CORS.

While I was editing this code, I couldn't resist a couple touch-up
changes.

Tests: http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html

http/tests/security/canvas-remote-read-remote-image-allowed.html
http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html

  • html/HTMLAttributeNames.in:
  • html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::securityOrigin):
  • html/HTMLCanvasElement.h:
  • html/HTMLImageElement.idl:
  • html/canvas/CanvasRenderingContext.cpp: (WebCore::CanvasRenderingContext::checkOrigin):
  • html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::createPattern):
  • loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement):
  • loader/cache/CachedResource.cpp: (WebCore::CachedResource::passesAccessControlCheck):
  • loader/cache/CachedResource.h:
Location:
trunk
Files:
8 added
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r87472 r87473  
     12011-05-26  Adam Barth  <abarth@webkit.org>
     2
     3        Reviewed by Eric Seidel.
     4
     5        Support cross-origin property for images
     6        https://bugs.webkit.org/show_bug.cgi?id=61015
     7
     8        Test various cases involving CORS requests and canvas tainting.
     9
     10        * http/tests/security/canvas-remote-read-remote-image-allowed-expected.txt: Added.
     11        * http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials-expected.txt: Added.
     12        * http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html: Added.
     13        * http/tests/security/canvas-remote-read-remote-image-allowed.html: Added.
     14        * http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt: Added.
     15        * http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html: Added.
     16        * http/tests/security/resources/abe-allow-credentials.php: Added.
     17        * http/tests/security/resources/abe-allow-star.php: Added.
     18
    1192011-05-26  Ryosuke Niwa  <rniwa@webkit.org>
    220
  • trunk/Source/WebCore/ChangeLog

    r87469 r87473  
     12011-05-26  Adam Barth  <abarth@webkit.org>
     2
     3        Reviewed by Eric Seidel.
     4
     5        Support cross-origin property for images
     6        https://bugs.webkit.org/show_bug.cgi?id=61015
     7
     8        This patch add support for the crossorigin attribute of images and
     9        teaches 2D canvas to respect that flag and not taint a canvas if the
     10        image drawn on the canvas is allowed by CORS.
     11
     12        While I was editing this code, I couldn't resist a couple touch-up
     13        changes.
     14
     15        Tests: http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html
     16               http/tests/security/canvas-remote-read-remote-image-allowed.html
     17               http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html
     18
     19        * html/HTMLAttributeNames.in:
     20        * html/HTMLCanvasElement.cpp:
     21        (WebCore::HTMLCanvasElement::securityOrigin):
     22        * html/HTMLCanvasElement.h:
     23        * html/HTMLImageElement.idl:
     24        * html/canvas/CanvasRenderingContext.cpp:
     25        (WebCore::CanvasRenderingContext::checkOrigin):
     26        * html/canvas/CanvasRenderingContext2D.cpp:
     27        (WebCore::CanvasRenderingContext2D::createPattern):
     28        * loader/ImageLoader.cpp:
     29        (WebCore::ImageLoader::updateFromElement):
     30        * loader/cache/CachedResource.cpp:
     31        (WebCore::CachedResource::passesAccessControlCheck):
     32        * loader/cache/CachedResource.h:
     33
    1342011-05-26  Mihai Parparita  <mihaip@chromium.org>
    235
  • trunk/Source/WebCore/html/HTMLAttributeNames.in

    r83527 r87473  
    8383controls
    8484coords
     85crossorigin
    8586data
    8687datetime
  • trunk/Source/WebCore/html/HTMLCanvasElement.cpp

    r87171 r87473  
    407407}
    408408
    409 const SecurityOrigin& HTMLCanvasElement::securityOrigin() const
    410 {
    411     return *document()->securityOrigin();
     409SecurityOrigin* HTMLCanvasElement::securityOrigin() const
     410{
     411    return document()->securityOrigin();
    412412}
    413413
  • trunk/Source/WebCore/html/HTMLCanvasElement.h

    r87121 r87473  
    116116    IntSize convertToValidDeviceSize(float width, float height) const;
    117117
    118     const SecurityOrigin& securityOrigin() const;
     118    SecurityOrigin* securityOrigin() const;
    119119    void setOriginTainted() { m_originClean = false; }
    120120    bool originClean() const { return m_originClean; }
  • trunk/Source/WebCore/html/HTMLImageElement.idl

    r66327 r87473  
    2727        attribute [Reflect] DOMString align;
    2828        attribute [Reflect] DOMString alt;
    29         attribute [Reflect] DOMString border;       
     29        attribute [Reflect] DOMString border;
     30        attribute [Reflect] DOMString crossOrigin;
    3031        attribute long height;
    3132        attribute [Reflect] long hspace;
  • trunk/Source/WebCore/html/canvas/CanvasRenderingContext.cpp

    r84764 r87473  
    6060
    6161    CachedImage* cachedImage = image->cachedImage();
    62     checkOrigin(cachedImage->response().url());
     62    if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin()))
     63        checkOrigin(cachedImage->response().url());
    6364
    6465    if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin())
     
    6970{
    7071#if ENABLE(VIDEO)
    71     checkOrigin(KURL(KURL(), video->currentSrc()));
     72    // FIXME: HTMLVideoElement::currentSrc() should return a KURL.
     73    // https://bugs.webkit.org/show_bug.cgi?id=61578
     74    checkOrigin(KURL(ParsedURLString, video->currentSrc()));
    7275    if (canvas()->originClean() && video && !video->hasSingleSecurityOrigin())
    7376        canvas()->setOriginTainted();
     
    8083        return;
    8184
    82     if (canvas()->securityOrigin().taintsCanvas(url))
     85    if (canvas()->securityOrigin()->taintsCanvas(url))
    8386        canvas()->setOriginTainted();
    8487    else
  • trunk/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp

    r87307 r87473  
    9090static const char* const defaultFont = "10px sans-serif";
    9191
     92static bool isOriginClean(CachedImage* cachedImage, SecurityOrigin* securityOrigin)
     93{
     94    if (!cachedImage->image()->hasSingleSecurityOrigin())
     95        return false;
     96    if (cachedImage->passesAccessControlCheck(securityOrigin))
     97        return true;
     98    return !securityOrigin->taintsCanvas(cachedImage->response().url());
     99}
    92100
    93101class CanvasStrokeStyleApplier : public StrokeStyleApplier {
     
    15781586        return CanvasPattern::create(Image::nullImage(), repeatX, repeatY, true);
    15791587
    1580     bool originClean = !canvas()->securityOrigin().taintsCanvas(KURL(KURL(), cachedImage->response().url())) && cachedImage->image()->hasSingleSecurityOrigin();
     1588    bool originClean = isOriginClean(cachedImage, canvas()->securityOrigin());
    15811589    return CanvasPattern::create(cachedImage->image(), repeatX, repeatY, originClean);
    15821590}
  • trunk/Source/WebCore/loader/ImageLoader.cpp

    r87239 r87473  
    2525#include "CachedImage.h"
    2626#include "CachedResourceLoader.h"
     27#include "CrossOriginAccessControl.h"
    2728#include "Document.h"
    2829#include "Element.h"
     
    159160    CachedImage* newImage = 0;
    160161    if (!(attr.isNull() || (attr.isEmpty() && document->baseURI().isLocalFile()))) {
     162        ResourceRequest request = ResourceRequest(document->completeURL(sourceURI(attr)));
     163
     164        String crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossoriginAttr);
     165        if (!crossOriginMode.isNull()) {
     166            bool allowCredentials = equalIgnoringCase(crossOriginMode, "use-credentials");
     167            updateRequestForAccessControl(request, document->securityOrigin(), allowCredentials);
     168        }
     169
    161170        if (m_loadManually) {
    162171            bool autoLoadOtherImages = document->cachedResourceLoader()->autoLoadImages();
    163172            document->cachedResourceLoader()->setAutoLoadImages(false);
    164             ResourceRequest request = ResourceRequest(document->completeURL(sourceURI(attr)));
    165173            newImage = new CachedImage(request);
    166174            newImage->setLoading(true);
     
    168176            document->cachedResourceLoader()->m_documentResources.set(newImage->url(), newImage);
    169177            document->cachedResourceLoader()->setAutoLoadImages(autoLoadOtherImages);
    170         } else {
    171             ResourceRequest request(document->completeURL(sourceURI(attr)));
     178        } else
    172179            newImage = document->cachedResourceLoader()->requestImage(request);
    173         }
    174180
    175181        // If we do not have an image here, it means that a cross-site
  • trunk/Source/WebCore/loader/cache/CachedResource.cpp

    r87344 r87473  
    3232#include "CachedResourceLoader.h"
    3333#include "CachedResourceRequest.h"
     34#include "CrossOriginAccessControl.h"
    3435#include "Frame.h"
    3536#include "FrameLoaderClient.h"
     
    173174}
    174175
     176bool CachedResource::passesAccessControlCheck(SecurityOrigin* securityOrigin)
     177{
     178    String errorDescription;
     179    return WebCore::passesAccessControlCheck(m_response, resourceRequest().allowCookies(), securityOrigin, errorDescription);
     180}
     181
    175182bool CachedResource::isExpired() const
    176183{
  • trunk/Source/WebCore/loader/cache/CachedResource.h

    r87239 r87473  
    4848class InspectorResource;
    4949class PurgeableBuffer;
     50class SecurityOrigin;
    5051
    5152// A resource that is held in the cache. Classes who want to use this object should derive
     
    150151    void finish();
    151152
     153    bool passesAccessControlCheck(SecurityOrigin*);
     154
    152155    // Called by the cache if the object has been removed from the cache
    153156    // while still being referenced. This means the object should delete itself
Note: See TracChangeset for help on using the changeset viewer.