diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-06-04 23:58:47 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-06-04 23:58:47 +0200 |
commit | f47d45be4b6c8a1fc758d50497a964fc7a75154b (patch) | |
tree | 497657ef7d2d3dc2e2c752146a524a2c725dd26a /dom/canvas/ImageBitmap.cpp | |
parent | 363bfeb2c06e5f57136ebdab8da1ebeba0591520 (diff) | |
download | UXP-f47d45be4b6c8a1fc758d50497a964fc7a75154b.tar UXP-f47d45be4b6c8a1fc758d50497a964fc7a75154b.tar.gz UXP-f47d45be4b6c8a1fc758d50497a964fc7a75154b.tar.lz UXP-f47d45be4b6c8a1fc758d50497a964fc7a75154b.tar.xz UXP-f47d45be4b6c8a1fc758d50497a964fc7a75154b.zip |
Revert "Improve origin-clean algorithm"
This reverts commit e69b3f567c4b8957cc09ba4359e84939f77781c5.
Diffstat (limited to 'dom/canvas/ImageBitmap.cpp')
-rw-r--r-- | dom/canvas/ImageBitmap.cpp | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/dom/canvas/ImageBitmap.cpp b/dom/canvas/ImageBitmap.cpp index 4a1b6e3c2..6efe1b318 100644 --- a/dom/canvas/ImageBitmap.cpp +++ b/dom/canvas/ImageBitmap.cpp @@ -315,6 +315,36 @@ private: const Maybe<IntRect>& mCropRect; }; +static bool +CheckSecurityForHTMLElements(bool aIsWriteOnly, bool aCORSUsed, nsIPrincipal* aPrincipal) +{ + MOZ_ASSERT(aPrincipal); + + if (aIsWriteOnly) { + return false; + } + + if (!aCORSUsed) { + nsIGlobalObject* incumbentSettingsObject = GetIncumbentGlobal(); + if (NS_WARN_IF(!incumbentSettingsObject)) { + return false; + } + + nsIPrincipal* principal = incumbentSettingsObject->PrincipalOrNull(); + if (NS_WARN_IF(!principal) || !(principal->Subsumes(aPrincipal))) { + return false; + } + } + + return true; +} + +static bool +CheckSecurityForHTMLElements(const nsLayoutUtils::SurfaceFromElementResult& aRes) +{ + return CheckSecurityForHTMLElements(aRes.mIsWriteOnly, aRes.mCORSUsed, aRes.mPrincipal); +} + /* * A wrapper to the nsLayoutUtils::SurfaceFromElement() function followed by the * security checking. @@ -335,7 +365,7 @@ GetSurfaceFromElement(nsIGlobalObject* aGlobal, HTMLElementType& aElement, } // Check origin-clean and pass back - *aWriteOnly = res.mIsWriteOnly; + *aWriteOnly = !CheckSecurityForHTMLElements(res); return surface.forget(); } @@ -788,7 +818,7 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLVideoElement& aVideoEl nsCOMPtr<nsIPrincipal> principal = aVideoEl.GetCurrentVideoPrincipal(); bool CORSUsed = aVideoEl.GetCORSMode() != CORS_NONE; - writeOnly = CheckWriteOnlySecurity(CORSUsed, principal); + writeOnly = !CheckSecurityForHTMLElements(false, CORSUsed, principal); // Create ImageBitmap. ImageContainer *container = aVideoEl.GetImageContainer(); |