From 3cb9c5f39d49c72a583bc13c335f4cf775d898bf Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Wed, 5 Jun 2019 00:00:19 +0200 Subject: Revert "Improve origin-clean algorithm" This reverts commit e69b3f567c4b8957cc09ba4359e84939f77781c5. --- dom/canvas/CanvasRenderingContext2D.cpp | 13 ++++--------- dom/canvas/CanvasUtils.cpp | 20 ------------------- dom/canvas/CanvasUtils.h | 5 ----- dom/canvas/ImageBitmap.cpp | 34 +++++++++++++++++++++++++++++++-- layout/base/nsLayoutUtils.cpp | 8 +++----- 5 files changed, 39 insertions(+), 41 deletions(-) diff --git a/dom/canvas/CanvasRenderingContext2D.cpp b/dom/canvas/CanvasRenderingContext2D.cpp index 2bf40732a..4849fda57 100644 --- a/dom/canvas/CanvasRenderingContext2D.cpp +++ b/dom/canvas/CanvasRenderingContext2D.cpp @@ -2406,11 +2406,7 @@ CanvasRenderingContext2D::SetStyleFromUnion(const StringOrCanvasGradientOrCanvas } if (aValue.IsCanvasPattern()) { - CanvasPattern& pattern = aValue.GetAsCanvasPattern(); - SetStyleFromPattern(pattern, aWhichStyle); - if (pattern.mForceWriteOnly) { - SetWriteOnly(); - } + SetStyleFromPattern(aValue.GetAsCanvasPattern(), aWhichStyle); return; } @@ -2585,12 +2581,11 @@ CanvasRenderingContext2D::CreatePattern(const CanvasImageSource& aSource, nsLayoutUtils::SurfaceFromElement(element, nsLayoutUtils::SFE_WANT_FIRST_FRAME, mTarget); - RefPtr surface = res.GetSourceSurface(); - if (!surface) { + if (!res.GetSourceSurface()) { return nullptr; } - RefPtr pat = new CanvasPattern(this, surface, repeatMode, + RefPtr pat = new CanvasPattern(this, res.GetSourceSurface(), repeatMode, res.mPrincipal, res.mIsWriteOnly, res.mCORSUsed); return pat.forget(); @@ -4900,8 +4895,8 @@ CanvasRenderingContext2D::CachedSurfaceFromElement(Element* aElement) res.mSize = res.mSourceSurface->GetSize(); res.mPrincipal = principal.forget(); + res.mIsWriteOnly = false; res.mImageRequest = imgRequest.forget(); - res.mIsWriteOnly = CheckWriteOnlySecurity(res.mCORSUsed, res.mPrincipal); return res; } diff --git a/dom/canvas/CanvasUtils.cpp b/dom/canvas/CanvasUtils.cpp index 6c9addf59..c7cfed83f 100644 --- a/dom/canvas/CanvasUtils.cpp +++ b/dom/canvas/CanvasUtils.cpp @@ -126,25 +126,5 @@ CoerceDouble(const JS::Value& v, double* d) return true; } -bool CheckWriteOnlySecurity(bool aCORSUsed, nsIPrincipal* aPrincipal) { - if (!aPrincipal) { - return true; - } - - if (!aCORSUsed) { - nsIGlobalObject* incumbentSettingsObject = dom::GetIncumbentGlobal(); - if (NS_WARN_IF(!incumbentSettingsObject)) { - return true; - } - - nsIPrincipal* principal = incumbentSettingsObject->PrincipalOrNull(); - if (NS_WARN_IF(!principal) || !(principal->Subsumes(aPrincipal))) { - return true; - } - } - - return false; -} - } // namespace CanvasUtils } // namespace mozilla diff --git a/dom/canvas/CanvasUtils.h b/dom/canvas/CanvasUtils.h index 264b2b5bb..a69b8bd72 100644 --- a/dom/canvas/CanvasUtils.h +++ b/dom/canvas/CanvasUtils.h @@ -11,7 +11,6 @@ #include "mozilla/dom/ToJSValue.h" #include "jsapi.h" #include "mozilla/FloatingPoint.h" -#include "nsLayoutUtils.h" class nsIPrincipal; @@ -157,10 +156,6 @@ DashArrayToJSVal(nsTArray& dashes, } } -// returns true if write-only mode must used for this principal based on -// the incumbent global. -bool CheckWriteOnlySecurity(bool aCORSUsed, nsIPrincipal* aPrincipal); - } // namespace CanvasUtils } // namespace mozilla diff --git a/dom/canvas/ImageBitmap.cpp b/dom/canvas/ImageBitmap.cpp index 4a1b6e3c2..6efe1b318 100644 --- a/dom/canvas/ImageBitmap.cpp +++ b/dom/canvas/ImageBitmap.cpp @@ -315,6 +315,36 @@ private: const Maybe& mCropRect; }; +static bool +CheckSecurityForHTMLElements(bool aIsWriteOnly, bool aCORSUsed, nsIPrincipal* aPrincipal) +{ + MOZ_ASSERT(aPrincipal); + + if (aIsWriteOnly) { + return false; + } + + if (!aCORSUsed) { + nsIGlobalObject* incumbentSettingsObject = GetIncumbentGlobal(); + if (NS_WARN_IF(!incumbentSettingsObject)) { + return false; + } + + nsIPrincipal* principal = incumbentSettingsObject->PrincipalOrNull(); + if (NS_WARN_IF(!principal) || !(principal->Subsumes(aPrincipal))) { + return false; + } + } + + return true; +} + +static bool +CheckSecurityForHTMLElements(const nsLayoutUtils::SurfaceFromElementResult& aRes) +{ + return CheckSecurityForHTMLElements(aRes.mIsWriteOnly, aRes.mCORSUsed, aRes.mPrincipal); +} + /* * A wrapper to the nsLayoutUtils::SurfaceFromElement() function followed by the * security checking. @@ -335,7 +365,7 @@ GetSurfaceFromElement(nsIGlobalObject* aGlobal, HTMLElementType& aElement, } // Check origin-clean and pass back - *aWriteOnly = res.mIsWriteOnly; + *aWriteOnly = !CheckSecurityForHTMLElements(res); return surface.forget(); } @@ -788,7 +818,7 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLVideoElement& aVideoEl nsCOMPtr principal = aVideoEl.GetCurrentVideoPrincipal(); bool CORSUsed = aVideoEl.GetCORSMode() != CORS_NONE; - writeOnly = CheckWriteOnlySecurity(CORSUsed, principal); + writeOnly = !CheckSecurityForHTMLElements(false, CORSUsed, principal); // Create ImageBitmap. ImageContainer *container = aVideoEl.GetImageContainer(); diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp index 17ece8e61..07befdc81 100644 --- a/layout/base/nsLayoutUtils.cpp +++ b/layout/base/nsLayoutUtils.cpp @@ -8,7 +8,6 @@ #include "mozilla/ArrayUtils.h" #include "mozilla/BasicEvents.h" -#include "mozilla/dom/CanvasUtils.h" #include "mozilla/ClearOnShutdown.h" #include "mozilla/EffectCompositor.h" #include "mozilla/EffectSet.h" @@ -7286,10 +7285,10 @@ nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement, } result.mPrincipal = principal.forget(); + // no images, including SVG images, can load content from another domain. + result.mIsWriteOnly = false; result.mImageRequest = imgRequest.forget(); return result; - result.mIsWriteOnly = - CanvasUtils::CheckWriteOnlySecurity(result.mCORSUsed, result.mPrincipal); } nsLayoutUtils::SurfaceFromElementResult @@ -7401,8 +7400,7 @@ nsLayoutUtils::SurfaceFromElement(HTMLVideoElement* aElement, result.mHasSize = true; result.mSize = result.mLayersImage->GetSize(); result.mPrincipal = principal.forget(); - result.mIsWriteOnly = - CanvasUtils::CheckWriteOnlySecurity(result.mCORSUsed, result.mPrincipal); + result.mIsWriteOnly = false; return result; } -- cgit v1.2.3