Changeset 88443 in webkit
- Timestamp:
- Jun 9, 2011 5:09:14 AM (13 years ago)
- Location:
- trunk
- Files:
-
- 6 deleted
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r88442 r88443 1 2011-06-09 Sheriff Bot <webkit.review.bot@gmail.com> 2 3 Unreviewed, rolling out r88387. 4 http://trac.webkit.org/changeset/88387 5 https://bugs.webkit.org/show_bug.cgi?id=62368 6 7 New tests introduced in 88387 fail on Leopard,GTK,Qt bots 8 (Requested by Ossy on #webkit). 9 10 * http/tests/canvas/webgl/origin-clean-conformance-expected.txt: 11 * http/tests/canvas/webgl/origin-clean-conformance.html: 12 * http/tests/security/webgl-remote-read-remote-image-allowed-expected.txt: Removed. 13 * http/tests/security/webgl-remote-read-remote-image-allowed-with-credentials-expected.txt: Removed. 14 * http/tests/security/webgl-remote-read-remote-image-allowed-with-credentials.html: Removed. 15 * http/tests/security/webgl-remote-read-remote-image-allowed.html: Removed. 16 * http/tests/security/webgl-remote-read-remote-image-blocked-no-crossorigin-expected.txt: Removed. 17 * http/tests/security/webgl-remote-read-remote-image-blocked-no-crossorigin.html: Removed. 18 * platform/mac-wk2/Skipped: 19 1 20 2011-06-09 Csaba Osztrogonác <ossy@webkit.org> 2 21 -
trunk/LayoutTests/http/tests/canvas/webgl/origin-clean-conformance-expected.txt
r88387 r88443 1 This test ensures WebGL implementations follow proper same-origin restrictions.1 This test ensures WebGL implementations follow proper origin restrictions. 2 2 3 3 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". … … 6 6 PASS img was loaded 7 7 8 check that an attempt to upload an image from another origin throws an exception. 9 PASS texImage2D with cross-origin image should throw exception. 10 PASS texSubImage2D with cross-origin image should throw exception. 11 check that readPixels and toDataURL continue to work against this canvas. 12 PASS readPixels should never throw exception -- not possible to dirty origin of WebGL canvas. 13 PASS should not throw exception by toDataURL for WebGL canvas, which should stay origin clean. 14 check that an attempt to upload a tainted canvas throws an exception. 8 check that copying an img from another origin clears the origin-clean flag. 9 PASS should not throw exception by readPixels for origin clean canvas. 10 PASS should not throw exception by toDataURL for origin clean canvas. 11 PASS should throw exception by readPixels for NON origin clean canvas. 15 12 PASS should throw exception by toDataURL for NON origin clean canvas. 16 PASS texImage2D with NON origin clean canvas should throw exception. 17 PASS texSubImage2D with NON origin clean canvas should throw exception. 18 check that readPixels and toDataURL continue to work against this canvas. 19 PASS readPixels should never throw exception -- not possible to dirty origin of WebGL canvas. 20 PASS should not throw exception by toDataURL for WebGL canvas, which should stay origin clean. 21 check that an attempt to upload a video from another origin throws an exception. 22 PASS texImage2D with cross-origin video should throw exception. 23 PASS texSubImage2D with cross-origin video should throw exception. 24 check that readPixels and toDataURL continue to work against this canvas. 25 PASS readPixels should never throw exception -- not possible to dirty origin of WebGL canvas. 26 PASS should not throw exception by toDataURL for WebGL canvas, which should stay origin clean. 13 14 check that copying from 1 unclean 3d canvas to another clears the origin-clean flag on the second canvas. 15 PASS should not throw exception by readPixels for origin clean canvas. 16 PASS should not throw exception by toDataURL for origin clean canvas. 17 PASS should throw exception by readPixels for NON origin clean canvas. 18 PASS should throw exception by toDataURL for NON origin clean canvas. 19 20 check that copying from 1 unclean 3d canvas to a 2d canvas clears the origin-clean flag on the 2d canvas. 21 PASS should not throw exception by toDataURL for origin clean canvas. 22 PASS should throw exception by toDataURL for NON origin clean canvas. 23 24 check that copying a video from another origin clears the origin-clean flag. 25 PASS should not throw exception by readPixels for origin clean canvas. 26 PASS should not throw exception by toDataURL for origin clean canvas. 27 PASS should throw exception by readPixels for NON origin clean canvas. 28 PASS should throw exception by toDataURL for NON origin clean canvas. 27 29 28 30 TEST COMPLETE 29 31 -
trunk/LayoutTests/http/tests/canvas/webgl/origin-clean-conformance.html
r88387 r88443 83 83 } 84 84 85 var testVideo = false;86 87 85 function init() { 88 86 var video = document.getElementById("video"); … … 111 109 video.addEventListener("playing", runTests); 112 110 video.play(); 113 testVideo = true;114 111 } else { 115 112 // Still run the other tests, even if the video failed. … … 119 116 120 117 function runTests() { 121 description("This test ensures WebGL implementations follow proper same-origin restrictions.");118 description("This test ensures WebGL implementations follow proper origin restrictions."); 122 119 var img = document.getElementById("img"); 123 120 assertMsg(img.width > 0 && img.height > 0, "img was loaded"); 124 125 function makeTexImage2D(gl, src) {126 return function() {127 gl.texImage2D(gl.TEXTURE_2D, 0, gl.RGBA, gl.RGBA, gl.UNSIGNED_BYTE, src);128 };129 }130 131 function makeTexSubImage2D(gl, src) {132 return function() {133 gl.texSubImage2D(gl.TEXTURE_2D, 0, 0, 0, gl.RGBA, gl.UNSIGNED_BYTE, src);134 };135 }136 121 137 122 function makeReadPixels(gl) { … … 148 133 } 149 134 135 debug(""); 136 debug("check that copying an img from another origin clears the origin-clean flag."); 150 137 var canvas1 = document.getElementById("canvas1"); 151 var gl = create3DContext(canvas1); 152 153 debug(""); 154 debug("check that an attempt to upload an image from another origin throws an exception."); 155 var tex = gl.createTexture(); 156 gl.bindTexture(gl.TEXTURE_2D, tex); 157 gl.texImage2D(gl.TEXTURE_2D, 0, gl.RGBA, 256, 256, 0, gl.RGBA, gl.UNSIGNED_BYTE, null); 158 assertMsg(causedException(makeTexImage2D(gl, img)), 159 "texImage2D with cross-origin image should throw exception."); 160 assertMsg(causedException(makeTexSubImage2D(gl, img)), 161 "texSubImage2D with cross-origin image should throw exception."); 162 163 debug("check that readPixels and toDataURL continue to work against this canvas."); 164 assertMsg(!causedException(makeReadPixels(gl)), 165 "readPixels should never throw exception -- not possible to dirty origin of WebGL canvas."); 138 var gl1 = create3DContext(canvas1); 139 assertMsg(!causedException(makeReadPixels(gl1)), 140 "should not throw exception by readPixels for origin clean canvas."); 166 141 assertMsg(!causedException(makeToDataURL(canvas1)), 167 "should not throw exception by toDataURL for WebGL canvas, which should stay origin clean."); 168 169 debug("check that an attempt to upload a tainted canvas throws an exception."); 142 "should not throw exception by toDataURL for origin clean canvas."); 143 144 var tex = gl1.createTexture(); 145 gl1.bindTexture(gl1.TEXTURE_2D, tex); 146 gl1.texImage2D(gl1.TEXTURE_2D, 0, gl1.RGBA, gl1.RGBA, gl1.UNSIGNED_BYTE, img); 147 148 assertMsg(causedException(makeReadPixels(gl1)), 149 "should throw exception by readPixels for NON origin clean canvas."); 150 assertMsg(causedException(makeToDataURL(canvas1)), 151 "should throw exception by toDataURL for NON origin clean canvas."); 152 153 debug(""); 154 debug("check that copying from 1 unclean 3d canvas to another clears the origin-clean flag on the second canvas."); 170 155 var canvas2 = document.getElementById("canvas2"); 171 var ctx2d = canvas2.getContext("2d"); 172 ctx2d.drawImage(img, 0, 0); 156 var gl2 = create3DContext(canvas2); 157 158 assertMsg(!causedException(makeReadPixels(gl2)), 159 "should not throw exception by readPixels for origin clean canvas."); 160 assertMsg(!causedException(makeToDataURL(canvas2)), 161 "should not throw exception by toDataURL for origin clean canvas."); 162 163 var tex = gl2.createTexture(); 164 gl2.bindTexture(gl2.TEXTURE_2D, tex); 165 gl2.texImage2D( 166 gl2.TEXTURE_2D, 0, gl2.RGBA, gl2.RGBA, gl2.UNSIGNED_BYTE, canvas1); 167 168 assertMsg(causedException(makeReadPixels(gl2)), 169 "should throw exception by readPixels for NON origin clean canvas."); 173 170 assertMsg(causedException(makeToDataURL(canvas2)), 174 171 "should throw exception by toDataURL for NON origin clean canvas."); 175 assertMsg(causedException(makeTexImage2D(gl, canvas2)), 176 "texImage2D with NON origin clean canvas should throw exception."); 177 assertMsg(causedException(makeTexSubImage2D(gl, canvas2)), 178 "texSubImage2D with NON origin clean canvas should throw exception."); 179 180 debug("check that readPixels and toDataURL continue to work against this canvas."); 181 assertMsg(!causedException(makeReadPixels(gl)), 182 "readPixels should never throw exception -- not possible to dirty origin of WebGL canvas."); 183 assertMsg(!causedException(makeToDataURL(canvas1)), 184 "should not throw exception by toDataURL for WebGL canvas, which should stay origin clean."); 185 186 if (testVideo) { 187 debug("check that an attempt to upload a video from another origin throws an exception."); 188 var video = document.getElementById("video"); 189 assertMsg(causedException(makeTexImage2D(gl, video)), 190 "texImage2D with cross-origin video should throw exception."); 191 assertMsg(causedException(makeTexSubImage2D(gl, video)), 192 "texSubImage2D with cross-origin video should throw exception."); 193 194 debug("check that readPixels and toDataURL continue to work against this canvas."); 195 assertMsg(!causedException(makeReadPixels(gl)), 196 "readPixels should never throw exception -- not possible to dirty origin of WebGL canvas."); 197 assertMsg(!causedException(makeToDataURL(canvas1)), 198 "should not throw exception by toDataURL for WebGL canvas, which should stay origin clean."); 199 } 172 173 debug(""); 174 debug("check that copying from 1 unclean 3d canvas to a 2d canvas clears the origin-clean flag on the 2d canvas."); 175 var canvas3 = document.getElementById("canvas3"); 176 var ctx2d = canvas3.getContext("2d"); 177 assertMsg(!causedException(makeToDataURL(canvas3)), 178 "should not throw exception by toDataURL for origin clean canvas."); 179 ctx2d.drawImage(canvas2, 0, 0); 180 assertMsg(causedException(makeToDataURL(canvas3)), 181 "should throw exception by toDataURL for NON origin clean canvas."); 182 183 debug(""); 184 debug("check that copying a video from another origin clears the origin-clean flag."); 185 var canvas4 = document.getElementById("canvas4"); 186 var gl4 = create3DContext(canvas4); 187 assertMsg(!causedException(makeReadPixels(gl4)), 188 "should not throw exception by readPixels for origin clean canvas."); 189 assertMsg(!causedException(makeToDataURL(canvas4)), 190 "should not throw exception by toDataURL for origin clean canvas."); 191 var tex4 = gl4.createTexture(); 192 gl4.bindTexture(gl4.TEXTURE_2D, tex4); 193 gl4.texImage2D( 194 gl4.TEXTURE_2D, 0, gl4.RGBA, gl4.RGBA, gl4.UNSIGNED_BYTE, video); 195 assertMsg(causedException(makeReadPixels(gl4)), 196 "should throw exception by readPixels for NON origin clean canvas."); 197 assertMsg(causedException(makeToDataURL(canvas4)), 198 "should throw exception by toDataURL for NON origin clean canvas."); 200 199 201 200 debug('<br /><span class="pass">TEST COMPLETE</span>'); … … 213 212 <canvas id="canvas1"></canvas> 214 213 <canvas id="canvas2"></canvas> 214 <canvas id="canvas3"></canvas> 215 <canvas id="canvas4"></canvas> 215 216 <img id="img" src="http://localhost:8000/local/resources/abe.png" style="display:none;"> 216 217 <video id="video" style="display:none;"/> -
trunk/LayoutTests/platform/mac-wk2/Skipped
r88387 r88443 985 985 http/tests/navigation/ping-cross-origin.html 986 986 http/tests/navigation/ping-same-origin.html 987 http/tests/security/webgl-remote-read-remote-image-allowed.html988 http/tests/security/webgl-remote-read-remote-image-allowed-with-credentials.html989 http/tests/security/webgl-remote-read-remote-image-blocked-no-crossorigin.html990 987 loader/go-back-to-different-window-size.html 991 988 media/restore-from-page-cache.html -
trunk/Source/WebCore/ChangeLog
r88434 r88443 1 2011-06-09 Sheriff Bot <webkit.review.bot@gmail.com> 2 3 Unreviewed, rolling out r88387. 4 http://trac.webkit.org/changeset/88387 5 https://bugs.webkit.org/show_bug.cgi?id=62368 6 7 New tests introduced in 88387 fail on Leopard,GTK,Qt bots 8 (Requested by Ossy on #webkit). 9 10 * html/canvas/CanvasRenderingContext.cpp: 11 (WebCore::CanvasRenderingContext::checkOrigin): 12 * html/canvas/CanvasRenderingContext.h: 13 * html/canvas/WebGLRenderingContext.cpp: 14 (WebCore::WebGLRenderingContext::readPixels): 15 (WebCore::WebGLRenderingContext::texImage2D): 16 (WebCore::WebGLRenderingContext::videoFrameToImage): 17 (WebCore::WebGLRenderingContext::texSubImage2D): 18 * html/canvas/WebGLRenderingContext.h: 19 1 20 2011-06-09 Adam Barth <abarth@webkit.org> 2 21 -
trunk/Source/WebCore/html/canvas/CanvasRenderingContext.cpp
r88387 r88443 42 42 } 43 43 44 bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern)44 void CanvasRenderingContext::checkOrigin(const CanvasPattern* pattern) 45 45 { 46 46 if (canvas()->originClean() && pattern && !pattern->originClean()) 47 return true; 48 return false; 47 canvas()->setOriginTainted(); 49 48 } 50 49 51 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas)50 void CanvasRenderingContext::checkOrigin(const HTMLCanvasElement* sourceCanvas) 52 51 { 53 52 if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean()) 54 return true; 55 return false; 53 canvas()->setOriginTainted(); 56 54 } 57 55 58 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image)56 void CanvasRenderingContext::checkOrigin(const HTMLImageElement* image) 59 57 { 60 58 if (!image || !canvas()->originClean()) 61 return false;59 return; 62 60 63 61 CachedImage* cachedImage = image->cachedImage(); 64 if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) { 65 if (wouldTaintOrigin(cachedImage->response().url())) 66 return true; 67 } 62 if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) 63 checkOrigin(cachedImage->response().url()); 68 64 69 if (!cachedImage->image()->hasSingleSecurityOrigin()) 70 return true; 71 72 return false; 65 if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin()) 66 canvas()->setOriginTainted(); 73 67 } 74 68 75 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video)69 void CanvasRenderingContext::checkOrigin(const HTMLVideoElement* video) 76 70 { 77 71 #if ENABLE(VIDEO) … … 80 74 // make currentSrc be the final URL because then the 81 75 // HTMLMediaElement.currentSrc DOM API would leak redirect destinations! 82 if (!video || !canvas()->originClean()) 83 return false; 84 85 if (wouldTaintOrigin(video->currentSrc())) 86 return true; 87 88 if (!video->hasSingleSecurityOrigin()) 89 return true; 76 checkOrigin(video->currentSrc()); 77 if (canvas()->originClean() && video && !video->hasSingleSecurityOrigin()) 78 canvas()->setOriginTainted(); 90 79 #endif 91 92 return false;93 }94 95 bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url)96 {97 if (!canvas()->originClean() || m_cleanURLs.contains(url.string()))98 return false;99 100 if (canvas()->securityOrigin()->taintsCanvas(url))101 return true;102 103 m_cleanURLs.add(url.string());104 return false;105 80 } 106 81 107 82 void CanvasRenderingContext::checkOrigin(const KURL& url) 108 83 { 109 if (wouldTaintOrigin(url)) 84 if (!canvas()->originClean() || m_cleanOrigins.contains(url.string())) 85 return; 86 87 if (canvas()->securityOrigin()->taintsCanvas(url)) 110 88 canvas()->setOriginTainted(); 89 else 90 m_cleanOrigins.add(url.string()); 111 91 } 112 92 -
trunk/Source/WebCore/html/canvas/CanvasRenderingContext.h
r88387 r88443 64 64 protected: 65 65 CanvasRenderingContext(HTMLCanvasElement*); 66 bool wouldTaintOrigin(const CanvasPattern*); 67 bool wouldTaintOrigin(const HTMLCanvasElement*); 68 bool wouldTaintOrigin(const HTMLImageElement*); 69 bool wouldTaintOrigin(const HTMLVideoElement*); 70 bool wouldTaintOrigin(const KURL&); 71 72 template<class T> void checkOrigin(const T* arg) 73 { 74 if (wouldTaintOrigin(arg)) 75 canvas()->setOriginTainted(); 76 } 66 void checkOrigin(const CanvasPattern*); 67 void checkOrigin(const HTMLCanvasElement*); 68 void checkOrigin(const HTMLImageElement*); 69 void checkOrigin(const HTMLVideoElement*); 77 70 void checkOrigin(const KURL&); 78 71 79 72 private: 80 73 HTMLCanvasElement* m_canvas; 81 HashSet<String> m_clean URLs;74 HashSet<String> m_cleanOrigins; 82 75 }; 83 76 -
trunk/Source/WebCore/html/canvas/WebGLRenderingContext.cpp
r88387 r88443 2808 2808 } 2809 2809 2810 void WebGLRenderingContext::readPixels(GC3Dint x, GC3Dint y, GC3Dsizei width, GC3Dsizei height, GC3Denum format, GC3Denum type, ArrayBufferView* pixels, ExceptionCode&) 2811 { 2812 if (isContextLost()) 2813 return; 2814 // Due to WebGL's same-origin restrictions, it is not possible to 2815 // taint the origin using the WebGL API. 2816 ASSERT(canvas()->originClean()); 2810 void WebGLRenderingContext::readPixels(GC3Dint x, GC3Dint y, GC3Dsizei width, GC3Dsizei height, GC3Denum format, GC3Denum type, ArrayBufferView* pixels, ExceptionCode& ec) 2811 { 2812 if (isContextLost()) 2813 return; 2814 if (!canvas()->originClean()) { 2815 ec = SECURITY_ERR; 2816 return; 2817 } 2817 2818 // Validate input parameters. 2818 2819 if (!pixels) { … … 3157 3158 if (!validateHTMLImageElement(image)) 3158 3159 return; 3159 if (wouldTaintOrigin(image)) { 3160 ec = SECURITY_ERR; 3161 return; 3162 } 3163 3160 checkOrigin(image); 3164 3161 texImage2DImpl(target, level, internalformat, format, type, image->cachedImage()->image(), 3165 3162 m_unpackFlipY, m_unpackPremultiplyAlpha, ec); … … 3176 3173 return; 3177 3174 } 3178 if (wouldTaintOrigin(canvas)) { 3179 ec = SECURITY_ERR; 3180 return; 3181 } 3175 checkOrigin(canvas); 3182 3176 RefPtr<ImageData> imageData = canvas->getImageData(); 3183 3177 if (imageData) … … 3189 3183 3190 3184 #if ENABLE(VIDEO) 3191 PassRefPtr<Image> WebGLRenderingContext::videoFrameToImage(HTMLVideoElement* video , ExceptionCode& ec)3185 PassRefPtr<Image> WebGLRenderingContext::videoFrameToImage(HTMLVideoElement* video) 3192 3186 { 3193 3187 if (!video || !video->videoWidth() || !video->videoHeight()) { … … 3201 3195 return 0; 3202 3196 } 3203 if (wouldTaintOrigin(video)) { 3204 ec = SECURITY_ERR; 3205 return 0; 3206 } 3197 checkOrigin(video); 3207 3198 IntRect destRect(0, 0, size.width(), size.height()); 3208 3199 // FIXME: Turn this into a GPU-GPU texture copy instead of CPU readback. … … 3217 3208 if (isContextLost()) 3218 3209 return; 3219 RefPtr<Image> image = videoFrameToImage(video , ec);3220 if (! image)3210 RefPtr<Image> image = videoFrameToImage(video); 3211 if (!video) 3221 3212 return; 3222 3213 texImage2DImpl(target, level, internalformat, format, type, image.get(), m_unpackFlipY, m_unpackPremultiplyAlpha, ec); … … 3359 3350 if (!validateHTMLImageElement(image)) 3360 3351 return; 3361 if (wouldTaintOrigin(image)) { 3362 ec = SECURITY_ERR; 3363 return; 3364 } 3352 checkOrigin(image); 3365 3353 texSubImage2DImpl(target, level, xoffset, yoffset, format, type, image->cachedImage()->image(), 3366 3354 m_unpackFlipY, m_unpackPremultiplyAlpha, ec); … … 3377 3365 return; 3378 3366 } 3379 if (wouldTaintOrigin(canvas)) { 3380 ec = SECURITY_ERR; 3381 return; 3382 } 3367 checkOrigin(canvas); 3383 3368 RefPtr<ImageData> imageData = canvas->getImageData(); 3384 3369 if (imageData) … … 3396 3381 if (isContextLost()) 3397 3382 return; 3398 RefPtr<Image> image = videoFrameToImage(video , ec);3399 if (! image)3383 RefPtr<Image> image = videoFrameToImage(video); 3384 if (!video) 3400 3385 return; 3401 3386 texSubImage2DImpl(target, level, xoffset, yoffset, format, type, image.get(), m_unpackFlipY, m_unpackPremultiplyAlpha, ec); -
trunk/Source/WebCore/html/canvas/WebGLRenderingContext.h
r88387 r88443 345 345 346 346 #if ENABLE(VIDEO) 347 PassRefPtr<Image> videoFrameToImage(HTMLVideoElement* , ExceptionCode&);347 PassRefPtr<Image> videoFrameToImage(HTMLVideoElement*); 348 348 #endif 349 349
Note: See TracChangeset
for help on using the changeset viewer.