Changeset 95900 in webkit
- Timestamp:
- Sep 23, 2011 8:51:55 PM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r95899 r95900 1 2011-09-23 Adam Barth <abarth@webkit.org> 2 3 Canvas security checks show up on HTML5GamingTest benchmark 4 https://bugs.webkit.org/show_bug.cgi?id=68743 5 6 Reviewed by Oliver Hunt. 7 8 Prior to this patch, the canvas security checks took as much as 4% of 9 the time on the HTML5GamingTest benchmark: 10 11 http://craftymind.com/factory/guimark2/HTML5GamingTest.html 12 13 This patch uses a couple of AtomicStrings and shuffles around the order 14 of the security check to take this down to around 0.1% (which is near 15 the noise floor of what I can measure with my profiler). 16 17 * html/canvas/CanvasRenderingContext.cpp: 18 (WebCore::CanvasRenderingContext::wouldTaintOrigin): 19 * loader/CrossOriginAccessControl.cpp: 20 (WebCore::passesAccessControlCheck): 21 1 22 2011-09-23 Justin Novosad <junov@chromium.org> 2 23 -
trunk/Source/WebCore/html/canvas/CanvasRenderingContext.cpp
r88489 r95900 62 62 63 63 CachedImage* cachedImage = image->cachedImage(); 64 if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) {65 if (wouldTaintOrigin(cachedImage->response().url()))66 return true;67 }68 69 64 if (!cachedImage->image()->hasSingleSecurityOrigin()) 70 65 return true; 71 66 72 return false;67 return wouldTaintOrigin(cachedImage->response().url()) && !cachedImage->passesAccessControlCheck(canvas()->securityOrigin()); 73 68 } 74 69 -
trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp
r94640 r95900 137 137 bool passesAccessControlCheck(const ResourceResponse& response, StoredCredentials includeCredentials, SecurityOrigin* securityOrigin, String& errorDescription) 138 138 { 139 AtomicallyInitializedStatic(AtomicString, accessControlAllowOrigin = "access-control-allow-origin"); 140 AtomicallyInitializedStatic(AtomicString, accessControlAllowCredentials = "access-control-allow-credentials"); 141 139 142 // A wildcard Access-Control-Allow-Origin can not be used if credentials are to be sent, 140 143 // even with Access-Control-Allow-Credentials set to true. 141 const String& accessControlOriginString = response.httpHeaderField( "Access-Control-Allow-Origin");144 const String& accessControlOriginString = response.httpHeaderField(accessControlAllowOrigin); 142 145 if (accessControlOriginString == "*" && includeCredentials == DoNotAllowStoredCredentials) 143 146 return true; … … 159 162 160 163 if (includeCredentials == AllowStoredCredentials) { 161 const String& accessControlCredentialsString = response.httpHeaderField( "Access-Control-Allow-Credentials");164 const String& accessControlCredentialsString = response.httpHeaderField(accessControlAllowCredentials); 162 165 if (accessControlCredentialsString != "true") { 163 166 errorDescription = "Credentials flag is true, but Access-Control-Allow-Credentials is not \"true\".";
Note: See TracChangeset
for help on using the changeset viewer.