diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-05-27 19:19:27 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-05-27 19:19:27 +0200 |
commit | fb1b45e5fcb82e76e303665fbb9d04fb2a800b31 (patch) | |
tree | 97baa867e3534b1bd5153067d2bd853462a4b12b | |
parent | 47c52f2dc2cc4eb4f5582a7ca50b682548b1708c (diff) | |
download | UXP-fb1b45e5fcb82e76e303665fbb9d04fb2a800b31.tar UXP-fb1b45e5fcb82e76e303665fbb9d04fb2a800b31.tar.gz UXP-fb1b45e5fcb82e76e303665fbb9d04fb2a800b31.tar.lz UXP-fb1b45e5fcb82e76e303665fbb9d04fb2a800b31.tar.xz UXP-fb1b45e5fcb82e76e303665fbb9d04fb2a800b31.zip |
Improve origin-clean algorithm
-rw-r--r-- | dom/canvas/CanvasRenderingContext2D.cpp | 13 | ||||
-rw-r--r-- | dom/canvas/CanvasUtils.cpp | 20 | ||||
-rw-r--r-- | dom/canvas/CanvasUtils.h | 5 | ||||
-rw-r--r-- | dom/canvas/ImageBitmap.cpp | 34 | ||||
-rw-r--r-- | layout/base/nsLayoutUtils.cpp | 8 |
5 files changed, 41 insertions, 39 deletions
diff --git a/dom/canvas/CanvasRenderingContext2D.cpp b/dom/canvas/CanvasRenderingContext2D.cpp index 4849fda57..2bf40732a 100644 --- a/dom/canvas/CanvasRenderingContext2D.cpp +++ b/dom/canvas/CanvasRenderingContext2D.cpp @@ -2406,7 +2406,11 @@ CanvasRenderingContext2D::SetStyleFromUnion(const StringOrCanvasGradientOrCanvas } if (aValue.IsCanvasPattern()) { - SetStyleFromPattern(aValue.GetAsCanvasPattern(), aWhichStyle); + CanvasPattern& pattern = aValue.GetAsCanvasPattern(); + SetStyleFromPattern(pattern, aWhichStyle); + if (pattern.mForceWriteOnly) { + SetWriteOnly(); + } return; } @@ -2581,11 +2585,12 @@ CanvasRenderingContext2D::CreatePattern(const CanvasImageSource& aSource, nsLayoutUtils::SurfaceFromElement(element, nsLayoutUtils::SFE_WANT_FIRST_FRAME, mTarget); - if (!res.GetSourceSurface()) { + RefPtr<SourceSurface> surface = res.GetSourceSurface(); + if (!surface) { return nullptr; } - RefPtr<CanvasPattern> pat = new CanvasPattern(this, res.GetSourceSurface(), repeatMode, + RefPtr<CanvasPattern> pat = new CanvasPattern(this, surface, repeatMode, res.mPrincipal, res.mIsWriteOnly, res.mCORSUsed); return pat.forget(); @@ -4895,8 +4900,8 @@ CanvasRenderingContext2D::CachedSurfaceFromElement(Element* aElement) res.mSize = res.mSourceSurface->GetSize(); res.mPrincipal = principal.forget(); - res.mIsWriteOnly = false; res.mImageRequest = imgRequest.forget(); + res.mIsWriteOnly = CheckWriteOnlySecurity(res.mCORSUsed, res.mPrincipal); return res; } diff --git a/dom/canvas/CanvasUtils.cpp b/dom/canvas/CanvasUtils.cpp index c7cfed83f..6c9addf59 100644 --- a/dom/canvas/CanvasUtils.cpp +++ b/dom/canvas/CanvasUtils.cpp @@ -126,5 +126,25 @@ CoerceDouble(const JS::Value& v, double* d) return true; } +bool CheckWriteOnlySecurity(bool aCORSUsed, nsIPrincipal* aPrincipal) { + if (!aPrincipal) { + return true; + } + + if (!aCORSUsed) { + nsIGlobalObject* incumbentSettingsObject = dom::GetIncumbentGlobal(); + if (NS_WARN_IF(!incumbentSettingsObject)) { + return true; + } + + nsIPrincipal* principal = incumbentSettingsObject->PrincipalOrNull(); + if (NS_WARN_IF(!principal) || !(principal->Subsumes(aPrincipal))) { + return true; + } + } + + return false; +} + } // namespace CanvasUtils } // namespace mozilla diff --git a/dom/canvas/CanvasUtils.h b/dom/canvas/CanvasUtils.h index a69b8bd72..264b2b5bb 100644 --- a/dom/canvas/CanvasUtils.h +++ b/dom/canvas/CanvasUtils.h @@ -11,6 +11,7 @@ #include "mozilla/dom/ToJSValue.h" #include "jsapi.h" #include "mozilla/FloatingPoint.h" +#include "nsLayoutUtils.h" class nsIPrincipal; @@ -156,6 +157,10 @@ DashArrayToJSVal(nsTArray<T>& dashes, } } +// returns true if write-only mode must used for this principal based on +// the incumbent global. +bool CheckWriteOnlySecurity(bool aCORSUsed, nsIPrincipal* aPrincipal); + } // namespace CanvasUtils } // namespace mozilla diff --git a/dom/canvas/ImageBitmap.cpp b/dom/canvas/ImageBitmap.cpp index 6efe1b318..4a1b6e3c2 100644 --- a/dom/canvas/ImageBitmap.cpp +++ b/dom/canvas/ImageBitmap.cpp @@ -315,36 +315,6 @@ private: const Maybe<IntRect>& mCropRect; }; -static bool -CheckSecurityForHTMLElements(bool aIsWriteOnly, bool aCORSUsed, nsIPrincipal* aPrincipal) -{ - MOZ_ASSERT(aPrincipal); - - if (aIsWriteOnly) { - return false; - } - - if (!aCORSUsed) { - nsIGlobalObject* incumbentSettingsObject = GetIncumbentGlobal(); - if (NS_WARN_IF(!incumbentSettingsObject)) { - return false; - } - - nsIPrincipal* principal = incumbentSettingsObject->PrincipalOrNull(); - if (NS_WARN_IF(!principal) || !(principal->Subsumes(aPrincipal))) { - return false; - } - } - - return true; -} - -static bool -CheckSecurityForHTMLElements(const nsLayoutUtils::SurfaceFromElementResult& aRes) -{ - return CheckSecurityForHTMLElements(aRes.mIsWriteOnly, aRes.mCORSUsed, aRes.mPrincipal); -} - /* * A wrapper to the nsLayoutUtils::SurfaceFromElement() function followed by the * security checking. @@ -365,7 +335,7 @@ GetSurfaceFromElement(nsIGlobalObject* aGlobal, HTMLElementType& aElement, } // Check origin-clean and pass back - *aWriteOnly = !CheckSecurityForHTMLElements(res); + *aWriteOnly = res.mIsWriteOnly; return surface.forget(); } @@ -818,7 +788,7 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLVideoElement& aVideoEl nsCOMPtr<nsIPrincipal> principal = aVideoEl.GetCurrentVideoPrincipal(); bool CORSUsed = aVideoEl.GetCORSMode() != CORS_NONE; - writeOnly = !CheckSecurityForHTMLElements(false, CORSUsed, principal); + writeOnly = CheckWriteOnlySecurity(CORSUsed, principal); // Create ImageBitmap. ImageContainer *container = aVideoEl.GetImageContainer(); diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp index 07befdc81..17ece8e61 100644 --- a/layout/base/nsLayoutUtils.cpp +++ b/layout/base/nsLayoutUtils.cpp @@ -8,6 +8,7 @@ #include "mozilla/ArrayUtils.h" #include "mozilla/BasicEvents.h" +#include "mozilla/dom/CanvasUtils.h" #include "mozilla/ClearOnShutdown.h" #include "mozilla/EffectCompositor.h" #include "mozilla/EffectSet.h" @@ -7285,10 +7286,10 @@ nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement, } result.mPrincipal = principal.forget(); - // no images, including SVG images, can load content from another domain. - result.mIsWriteOnly = false; result.mImageRequest = imgRequest.forget(); return result; + result.mIsWriteOnly = + CanvasUtils::CheckWriteOnlySecurity(result.mCORSUsed, result.mPrincipal); } nsLayoutUtils::SurfaceFromElementResult @@ -7400,7 +7401,8 @@ nsLayoutUtils::SurfaceFromElement(HTMLVideoElement* aElement, result.mHasSize = true; result.mSize = result.mLayersImage->GetSize(); result.mPrincipal = principal.forget(); - result.mIsWriteOnly = false; + result.mIsWriteOnly = + CanvasUtils::CheckWriteOnlySecurity(result.mCORSUsed, result.mPrincipal); return result; } |