summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-05-27 19:19:27 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-05-27 19:19:27 +0200
commitfb1b45e5fcb82e76e303665fbb9d04fb2a800b31 (patch)
tree97baa867e3534b1bd5153067d2bd853462a4b12b
parent47c52f2dc2cc4eb4f5582a7ca50b682548b1708c (diff)
downloadUXP-fb1b45e5fcb82e76e303665fbb9d04fb2a800b31.tar
UXP-fb1b45e5fcb82e76e303665fbb9d04fb2a800b31.tar.gz
UXP-fb1b45e5fcb82e76e303665fbb9d04fb2a800b31.tar.lz
UXP-fb1b45e5fcb82e76e303665fbb9d04fb2a800b31.tar.xz
UXP-fb1b45e5fcb82e76e303665fbb9d04fb2a800b31.zip
Improve origin-clean algorithm
-rw-r--r--dom/canvas/CanvasRenderingContext2D.cpp13
-rw-r--r--dom/canvas/CanvasUtils.cpp20
-rw-r--r--dom/canvas/CanvasUtils.h5
-rw-r--r--dom/canvas/ImageBitmap.cpp34
-rw-r--r--layout/base/nsLayoutUtils.cpp8
5 files changed, 41 insertions, 39 deletions
diff --git a/dom/canvas/CanvasRenderingContext2D.cpp b/dom/canvas/CanvasRenderingContext2D.cpp
index 4849fda57..2bf40732a 100644
--- a/dom/canvas/CanvasRenderingContext2D.cpp
+++ b/dom/canvas/CanvasRenderingContext2D.cpp
@@ -2406,7 +2406,11 @@ CanvasRenderingContext2D::SetStyleFromUnion(const StringOrCanvasGradientOrCanvas
}
if (aValue.IsCanvasPattern()) {
- SetStyleFromPattern(aValue.GetAsCanvasPattern(), aWhichStyle);
+ CanvasPattern& pattern = aValue.GetAsCanvasPattern();
+ SetStyleFromPattern(pattern, aWhichStyle);
+ if (pattern.mForceWriteOnly) {
+ SetWriteOnly();
+ }
return;
}
@@ -2581,11 +2585,12 @@ CanvasRenderingContext2D::CreatePattern(const CanvasImageSource& aSource,
nsLayoutUtils::SurfaceFromElement(element,
nsLayoutUtils::SFE_WANT_FIRST_FRAME, mTarget);
- if (!res.GetSourceSurface()) {
+ RefPtr<SourceSurface> surface = res.GetSourceSurface();
+ if (!surface) {
return nullptr;
}
- RefPtr<CanvasPattern> pat = new CanvasPattern(this, res.GetSourceSurface(), repeatMode,
+ RefPtr<CanvasPattern> pat = new CanvasPattern(this, surface, repeatMode,
res.mPrincipal, res.mIsWriteOnly,
res.mCORSUsed);
return pat.forget();
@@ -4895,8 +4900,8 @@ CanvasRenderingContext2D::CachedSurfaceFromElement(Element* aElement)
res.mSize = res.mSourceSurface->GetSize();
res.mPrincipal = principal.forget();
- res.mIsWriteOnly = false;
res.mImageRequest = imgRequest.forget();
+ res.mIsWriteOnly = CheckWriteOnlySecurity(res.mCORSUsed, res.mPrincipal);
return res;
}
diff --git a/dom/canvas/CanvasUtils.cpp b/dom/canvas/CanvasUtils.cpp
index c7cfed83f..6c9addf59 100644
--- a/dom/canvas/CanvasUtils.cpp
+++ b/dom/canvas/CanvasUtils.cpp
@@ -126,5 +126,25 @@ CoerceDouble(const JS::Value& v, double* d)
return true;
}
+bool CheckWriteOnlySecurity(bool aCORSUsed, nsIPrincipal* aPrincipal) {
+ if (!aPrincipal) {
+ return true;
+ }
+
+ if (!aCORSUsed) {
+ nsIGlobalObject* incumbentSettingsObject = dom::GetIncumbentGlobal();
+ if (NS_WARN_IF(!incumbentSettingsObject)) {
+ return true;
+ }
+
+ nsIPrincipal* principal = incumbentSettingsObject->PrincipalOrNull();
+ if (NS_WARN_IF(!principal) || !(principal->Subsumes(aPrincipal))) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
} // namespace CanvasUtils
} // namespace mozilla
diff --git a/dom/canvas/CanvasUtils.h b/dom/canvas/CanvasUtils.h
index a69b8bd72..264b2b5bb 100644
--- a/dom/canvas/CanvasUtils.h
+++ b/dom/canvas/CanvasUtils.h
@@ -11,6 +11,7 @@
#include "mozilla/dom/ToJSValue.h"
#include "jsapi.h"
#include "mozilla/FloatingPoint.h"
+#include "nsLayoutUtils.h"
class nsIPrincipal;
@@ -156,6 +157,10 @@ DashArrayToJSVal(nsTArray<T>& dashes,
}
}
+// returns true if write-only mode must used for this principal based on
+// the incumbent global.
+bool CheckWriteOnlySecurity(bool aCORSUsed, nsIPrincipal* aPrincipal);
+
} // namespace CanvasUtils
} // namespace mozilla
diff --git a/dom/canvas/ImageBitmap.cpp b/dom/canvas/ImageBitmap.cpp
index 6efe1b318..4a1b6e3c2 100644
--- a/dom/canvas/ImageBitmap.cpp
+++ b/dom/canvas/ImageBitmap.cpp
@@ -315,36 +315,6 @@ private:
const Maybe<IntRect>& mCropRect;
};
-static bool
-CheckSecurityForHTMLElements(bool aIsWriteOnly, bool aCORSUsed, nsIPrincipal* aPrincipal)
-{
- MOZ_ASSERT(aPrincipal);
-
- if (aIsWriteOnly) {
- return false;
- }
-
- if (!aCORSUsed) {
- nsIGlobalObject* incumbentSettingsObject = GetIncumbentGlobal();
- if (NS_WARN_IF(!incumbentSettingsObject)) {
- return false;
- }
-
- nsIPrincipal* principal = incumbentSettingsObject->PrincipalOrNull();
- if (NS_WARN_IF(!principal) || !(principal->Subsumes(aPrincipal))) {
- return false;
- }
- }
-
- return true;
-}
-
-static bool
-CheckSecurityForHTMLElements(const nsLayoutUtils::SurfaceFromElementResult& aRes)
-{
- return CheckSecurityForHTMLElements(aRes.mIsWriteOnly, aRes.mCORSUsed, aRes.mPrincipal);
-}
-
/*
* A wrapper to the nsLayoutUtils::SurfaceFromElement() function followed by the
* security checking.
@@ -365,7 +335,7 @@ GetSurfaceFromElement(nsIGlobalObject* aGlobal, HTMLElementType& aElement,
}
// Check origin-clean and pass back
- *aWriteOnly = !CheckSecurityForHTMLElements(res);
+ *aWriteOnly = res.mIsWriteOnly;
return surface.forget();
}
@@ -818,7 +788,7 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLVideoElement& aVideoEl
nsCOMPtr<nsIPrincipal> principal = aVideoEl.GetCurrentVideoPrincipal();
bool CORSUsed = aVideoEl.GetCORSMode() != CORS_NONE;
- writeOnly = !CheckSecurityForHTMLElements(false, CORSUsed, principal);
+ writeOnly = CheckWriteOnlySecurity(CORSUsed, principal);
// Create ImageBitmap.
ImageContainer *container = aVideoEl.GetImageContainer();
diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp
index 07befdc81..17ece8e61 100644
--- a/layout/base/nsLayoutUtils.cpp
+++ b/layout/base/nsLayoutUtils.cpp
@@ -8,6 +8,7 @@
#include "mozilla/ArrayUtils.h"
#include "mozilla/BasicEvents.h"
+#include "mozilla/dom/CanvasUtils.h"
#include "mozilla/ClearOnShutdown.h"
#include "mozilla/EffectCompositor.h"
#include "mozilla/EffectSet.h"
@@ -7285,10 +7286,10 @@ nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement,
}
result.mPrincipal = principal.forget();
- // no images, including SVG images, can load content from another domain.
- result.mIsWriteOnly = false;
result.mImageRequest = imgRequest.forget();
return result;
+ result.mIsWriteOnly =
+ CanvasUtils::CheckWriteOnlySecurity(result.mCORSUsed, result.mPrincipal);
}
nsLayoutUtils::SurfaceFromElementResult
@@ -7400,7 +7401,8 @@ nsLayoutUtils::SurfaceFromElement(HTMLVideoElement* aElement,
result.mHasSize = true;
result.mSize = result.mLayersImage->GetSize();
result.mPrincipal = principal.forget();
- result.mIsWriteOnly = false;
+ result.mIsWriteOnly =
+ CanvasUtils::CheckWriteOnlySecurity(result.mCORSUsed, result.mPrincipal);
return result;
}