[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
kbr at google.com
kbr at google.com
Wed Dec 22 13:50:04 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 3b5c5818f2112e78446c1826145cd03634a11521
Author: kbr at google.com <kbr at google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Sep 28 00:41:26 2010 +0000
2010-09-27 Adrienne Walker <enne at google.com>
Reviewed by Adam Barth.
WebGL's readPixels doesn't respect origin-clean flag
Push CanvasRenderingContext2D checkOrigin logic into base class so it can be shared between different kinds of canvas contexts.
https://bugs.webkit.org/show_bug.cgi?id=45718
Test: LayoutTests/http/tests/canvas/webgl/origin-clean-conformance.html
* html/canvas/CanvasRenderingContext.cpp:
(WebCore::CanvasRenderingContext::checkOrigin):
* html/canvas/CanvasRenderingContext.h:
(WebCore::CanvasRenderingContext::~CanvasRenderingContext):
(WebCore::CanvasRenderingContext::canvas):
(WebCore::CanvasRenderingContext::is2d):
(WebCore::CanvasRenderingContext::is3d):
(WebCore::CanvasRenderingContext::isAccelerated):
(WebCore::CanvasRenderingContext::paintRenderingResultsToCanvas):
(WebCore::CanvasRenderingContext::paintsIntoCanvasBuffer):
(WebCore::CanvasRenderingContext::platformLayer):
* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::setStrokeStyle):
(WebCore::CanvasRenderingContext2D::setFillStyle):
(WebCore::CanvasRenderingContext2D::drawImage):
(WebCore::CanvasRenderingContext2D::drawImageFromRect):
* html/canvas/CanvasRenderingContext2D.h:
* html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::readPixels):
(WebCore::WebGLRenderingContext::texImage2D):
(WebCore::WebGLRenderingContext::videoFrameToImage):
(WebCore::WebGLRenderingContext::texSubImage2D):
* html/canvas/WebGLRenderingContext.h:
* html/canvas/WebGLRenderingContext.idl:
2010-09-27 Adrienne Walker <enne at google.com>
Reviewed by Adam Barth.
WebGL's readPixels doesn't respect origin-clean flag
Add new test by converting Khronos conformance test to be able to run within LayoutTests/http.
https://bugs.webkit.org/show_bug.cgi?id=45718
* http/tests/canvas/webgl/origin-clean-conformance-expected.txt: Added.
* http/tests/canvas/webgl/origin-clean-conformance.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@68460 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 679cf86..7a1a3ee 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2010-09-27 Adrienne Walker <enne at google.com>
+
+ Reviewed by Adam Barth.
+
+ WebGL's readPixels doesn't respect origin-clean flag
+
+ Add new test by converting Khronos conformance test to be able to run within LayoutTests/http.
+ https://bugs.webkit.org/show_bug.cgi?id=45718
+
+ * http/tests/canvas/webgl/origin-clean-conformance-expected.txt: Added.
+ * http/tests/canvas/webgl/origin-clean-conformance.html: Added.
+
2010-09-27 Darin Adler <darin at apple.com>
Reviewed by Dan Bernstein.
diff --git a/LayoutTests/http/tests/canvas/webgl/origin-clean-conformance-expected.txt b/LayoutTests/http/tests/canvas/webgl/origin-clean-conformance-expected.txt
new file mode 100644
index 0000000..d205f1b
--- /dev/null
+++ b/LayoutTests/http/tests/canvas/webgl/origin-clean-conformance-expected.txt
@@ -0,0 +1,31 @@
+This test ensures WebGL implementations follow proper origin restrictions.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS Playable video format found
+PASS img was loaded
+
+check that copying an img from another origin clears the origin-clean flag.
+PASS should not throw exception by readPixels for origin clean canvas.
+PASS should not throw exception by toDataURL for origin clean canvas.
+PASS should throw exception by readPixels for NON origin clean canvas.
+PASS should throw exception by toDataURL for NON origin clean canvas.
+
+check that copying from 1 unclean 3d canvas to another clears the origin-clean flag on the second canvas.
+PASS should not throw exception by readPixels for origin clean canvas.
+PASS should not throw exception by toDataURL for origin clean canvas.
+PASS should throw exception by readPixels for NON origin clean canvas.
+PASS should throw exception by toDataURL for NON origin clean canvas.
+
+check that copying from 1 unclean 3d canvas to a 2d canvas clears the origin-clean flag on the 2d canvas.
+PASS should not throw exception by toDataURL for origin clean canvas.
+PASS should throw exception by toDataURL for NON origin clean canvas.
+
+check that copying a video from another origin clears the origin-clean flag.
+PASS should not throw exception by readPixels for origin clean canvas.
+PASS should not throw exception by toDataURL for origin clean canvas.
+PASS should throw exception by readPixels for NON origin clean canvas.
+PASS should throw exception by toDataURL for NON origin clean canvas.
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/canvas/webgl/origin-clean-conformance.html b/LayoutTests/http/tests/canvas/webgl/origin-clean-conformance.html
new file mode 100644
index 0000000..33bb054
--- /dev/null
+++ b/LayoutTests/http/tests/canvas/webgl/origin-clean-conformance.html
@@ -0,0 +1,219 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>WebGL Origin Restrictions Conformance Tests</title>
+<script>
+function create3DContext(canvas, attributes)
+{
+ if (!canvas)
+ canvas = document.createElement("canvas");
+ var context = null;
+ try {
+ context = canvas.getContext("experimental-webgl", attributes);
+ } catch(e) {}
+ if (!context) {
+ try {
+ context = canvas.getContext("webkit-3d", attributes);
+ } catch(e) {}
+ }
+ if (!context) {
+ try {
+ context = canvas.getContext("moz-webgl", attributes);
+ } catch(e) {}
+ }
+ if (!context) {
+ throw "Unable to fetch WebGL rendering context for Canvas";
+ }
+ return context;
+}
+
+function description(msg)
+{
+ // For MSIE 6 compatibility
+ var span = document.createElement("span");
+ span.innerHTML = '<p>' + msg + '</p><p>On success, you will see a series of "<span class="pass">PASS</span>" messages, followed by "<span class="pass">TEST COMPLETE</span>".</p>';
+ var description = document.getElementById("description");
+ if (description.firstChild)
+ description.replaceChild(span, description.firstChild);
+ else
+ description.appendChild(span);
+}
+
+function debug(msg)
+{
+ var span = document.createElement("span");
+ document.getElementById("console").appendChild(span); // insert it first so XHTML knows the namespace
+ span.innerHTML = msg + '<br />';
+}
+
+function escapeHTML(text)
+{
+ return text.replace(/&/g, "&").replace(/</g, "<").replace(/\0/g, "\\0");
+}
+
+function testPassed(msg)
+{
+ debug('<span><span class="pass">PASS</span> ' + escapeHTML(msg) + '</span>');
+}
+
+function testFailed(msg)
+{
+ debug('<span><span class="fail">FAIL</span> ' + escapeHTML(msg) + '</span>');
+}
+
+function assertMsg(assertion, msg) {
+ if (assertion) {
+ testPassed(msg);
+ } else {
+ testFailed(msg);
+ }
+}
+
+// Checks if function throws an exception.
+function causedException(func) {
+ var hadException = false;
+ try {
+ func();
+ } catch(e) {
+ hadException = true;
+ }
+ return hadException;
+}
+
+function init() {
+ var video = document.getElementById("video");
+
+ var base = "http://localhost:8000/resources/";
+ var videos = [
+ ["video/mp4", base + "test.mp4"],
+ ["video/ogg", base + "test.ogv"],
+ ];
+ var videoFile = null;
+ for (var i = 0; i < videos.length; ++i) {
+ if (video.canPlayType(videos[i][0])) {
+ videoFile = videos[i][1];
+ break;
+ }
+ }
+ assertMsg(videoFile, "Playable video format found");
+
+ if (videoFile) {
+ if (window.layoutTestController) {
+ layoutTestController.overridePreference("WebKitWebGLEnabled", "1");
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ }
+ video.src = videoFile;
+ video.addEventListener("playing", runTests);
+ video.play();
+ } else {
+ // Still run the other tests, even if the video failed.
+ runTests();
+ }
+}
+
+function runTests() {
+ description("This test ensures WebGL implementations follow proper origin restrictions.");
+ var img = document.getElementById("img");
+ assertMsg(img.width > 0 && img.height > 0, "img was loaded");
+
+ function makeReadPixels(gl) {
+ return function() {
+ var buf = new Uint8Array(4);
+ gl.readPixels(0, 0, 1, 1, gl.RGBA, gl.UNSIGNED_BYTE, buf);
+ };
+ }
+
+ function makeToDataURL(canvas) {
+ return function() {
+ var data = canvas.toDataURL();
+ }
+ }
+
+ debug("");
+ debug("check that copying an img from another origin clears the origin-clean flag.");
+ var canvas1 = document.getElementById("canvas1");
+ var gl1 = create3DContext(canvas1);
+ assertMsg(!causedException(makeReadPixels(gl1)),
+ "should not throw exception by readPixels for origin clean canvas.");
+ assertMsg(!causedException(makeToDataURL(canvas1)),
+ "should not throw exception by toDataURL for origin clean canvas.");
+
+ var tex = gl1.createTexture();
+ gl1.bindTexture(gl1.TEXTURE_2D, tex);
+ gl1.texImage2D(gl1.TEXTURE_2D, 0, gl1.RGBA, gl1.RGBA, gl1.UNSIGNED_BYTE, img);
+
+ assertMsg(causedException(makeReadPixels(gl1)),
+ "should throw exception by readPixels for NON origin clean canvas.");
+ assertMsg(causedException(makeToDataURL(canvas1)),
+ "should throw exception by toDataURL for NON origin clean canvas.");
+
+ debug("");
+ debug("check that copying from 1 unclean 3d canvas to another clears the origin-clean flag on the second canvas.");
+ var canvas2 = document.getElementById("canvas2");
+ var gl2 = create3DContext(canvas2);
+
+ assertMsg(!causedException(makeReadPixels(gl2)),
+ "should not throw exception by readPixels for origin clean canvas.");
+ assertMsg(!causedException(makeToDataURL(canvas2)),
+ "should not throw exception by toDataURL for origin clean canvas.");
+
+ var tex = gl2.createTexture();
+ gl2.bindTexture(gl2.TEXTURE_2D, tex);
+ gl2.texImage2D(
+ gl2.TEXTURE_2D, 0, gl2.RGBA, gl2.RGBA, gl2.UNSIGNED_BYTE, canvas1);
+
+ assertMsg(causedException(makeReadPixels(gl2)),
+ "should throw exception by readPixels for NON origin clean canvas.");
+ assertMsg(causedException(makeToDataURL(canvas2)),
+ "should throw exception by toDataURL for NON origin clean canvas.");
+
+ debug("");
+ debug("check that copying from 1 unclean 3d canvas to a 2d canvas clears the origin-clean flag on the 2d canvas.");
+ var canvas3 = document.getElementById("canvas3");
+ var ctx2d = canvas3.getContext("2d");
+ assertMsg(!causedException(makeToDataURL(canvas3)),
+ "should not throw exception by toDataURL for origin clean canvas.");
+ ctx2d.drawImage(canvas2, 0, 0);
+ assertMsg(causedException(makeToDataURL(canvas3)),
+ "should throw exception by toDataURL for NON origin clean canvas.");
+
+ debug("");
+ debug("check that copying a video from another origin clears the origin-clean flag.");
+ var canvas4 = document.getElementById("canvas4");
+ var gl4 = create3DContext(canvas4);
+ assertMsg(!causedException(makeReadPixels(gl4)),
+ "should not throw exception by readPixels for origin clean canvas.");
+ assertMsg(!causedException(makeToDataURL(canvas4)),
+ "should not throw exception by toDataURL for origin clean canvas.");
+ var tex4 = gl4.createTexture();
+ gl4.bindTexture(gl4.TEXTURE_2D, tex4);
+ gl4.texImage2D(
+ gl4.TEXTURE_2D, 0, gl4.RGBA, gl4.RGBA, gl4.UNSIGNED_BYTE, video);
+ assertMsg(causedException(makeReadPixels(gl4)),
+ "should throw exception by readPixels for NON origin clean canvas.");
+ assertMsg(causedException(makeToDataURL(canvas4)),
+ "should throw exception by toDataURL for NON origin clean canvas.");
+
+ debug('<br /><span class="pass">TEST COMPLETE</span>');
+ if (window.layoutTestController)
+ layoutTestController.waitUntilDone();
+ if (window.layoutTestController) {
+ layoutTestController.notifyDone();
+ }
+}
+</script>
+</head>
+<body onload="init()">
+<div id="description"></div>
+<div id="console"></div>
+<canvas id="canvas1"></canvas>
+<canvas id="canvas2"></canvas>
+<canvas id="canvas3"></canvas>
+<canvas id="canvas4"></canvas>
+<img id="img" src="http://localhost:8000/local/resources/abe.png" style="display:none;">
+<video id="video" style="display:none;"/>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 644b86d..f91caab 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,39 @@
+2010-09-27 Adrienne Walker <enne at google.com>
+
+ Reviewed by Adam Barth.
+
+ WebGL's readPixels doesn't respect origin-clean flag
+
+ Push CanvasRenderingContext2D checkOrigin logic into base class so it can be shared between different kinds of canvas contexts.
+ https://bugs.webkit.org/show_bug.cgi?id=45718
+
+ Test: LayoutTests/http/tests/canvas/webgl/origin-clean-conformance.html
+
+ * html/canvas/CanvasRenderingContext.cpp:
+ (WebCore::CanvasRenderingContext::checkOrigin):
+ * html/canvas/CanvasRenderingContext.h:
+ (WebCore::CanvasRenderingContext::~CanvasRenderingContext):
+ (WebCore::CanvasRenderingContext::canvas):
+ (WebCore::CanvasRenderingContext::is2d):
+ (WebCore::CanvasRenderingContext::is3d):
+ (WebCore::CanvasRenderingContext::isAccelerated):
+ (WebCore::CanvasRenderingContext::paintRenderingResultsToCanvas):
+ (WebCore::CanvasRenderingContext::paintsIntoCanvasBuffer):
+ (WebCore::CanvasRenderingContext::platformLayer):
+ * html/canvas/CanvasRenderingContext2D.cpp:
+ (WebCore::CanvasRenderingContext2D::setStrokeStyle):
+ (WebCore::CanvasRenderingContext2D::setFillStyle):
+ (WebCore::CanvasRenderingContext2D::drawImage):
+ (WebCore::CanvasRenderingContext2D::drawImageFromRect):
+ * html/canvas/CanvasRenderingContext2D.h:
+ * html/canvas/WebGLRenderingContext.cpp:
+ (WebCore::WebGLRenderingContext::readPixels):
+ (WebCore::WebGLRenderingContext::texImage2D):
+ (WebCore::WebGLRenderingContext::videoFrameToImage):
+ (WebCore::WebGLRenderingContext::texSubImage2D):
+ * html/canvas/WebGLRenderingContext.h:
+ * html/canvas/WebGLRenderingContext.idl:
+
2010-09-27 Darin Adler <darin at apple.com>
Reviewed by Dan Bernstein.
diff --git a/WebCore/html/canvas/CanvasRenderingContext.cpp b/WebCore/html/canvas/CanvasRenderingContext.cpp
index e019332..9f9cd82 100644
--- a/WebCore/html/canvas/CanvasRenderingContext.cpp
+++ b/WebCore/html/canvas/CanvasRenderingContext.cpp
@@ -25,7 +25,14 @@
#include "config.h"
#include "CanvasRenderingContext.h"
+
+#include "CachedImage.h"
+#include "CanvasPattern.h"
#include "HTMLCanvasElement.h"
+#include "HTMLImageElement.h"
+#include "HTMLVideoElement.h"
+#include "KURL.h"
+#include "SecurityOrigin.h"
namespace WebCore {
@@ -44,4 +51,46 @@ void CanvasRenderingContext::deref()
m_canvas->deref();
}
+void CanvasRenderingContext::checkOrigin(const CanvasPattern* pattern)
+{
+ if (canvas()->originClean() && pattern && !pattern->originClean())
+ canvas()->setOriginTainted();
+}
+
+void CanvasRenderingContext::checkOrigin(const HTMLCanvasElement* sourceCanvas)
+{
+ if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean())
+ canvas()->setOriginTainted();
+}
+
+void CanvasRenderingContext::checkOrigin(const HTMLImageElement* image)
+{
+ if (!image || !canvas()->originClean())
+ return;
+
+ CachedImage* cachedImage = image->cachedImage();
+ checkOrigin(cachedImage->response().url());
+
+ if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin())
+ canvas()->setOriginTainted();
+}
+
+void CanvasRenderingContext::checkOrigin(const HTMLVideoElement* video)
+{
+ checkOrigin(KURL(KURL(), video->currentSrc()));
+ if (canvas()->originClean() && video && !video->hasSingleSecurityOrigin())
+ canvas()->setOriginTainted();
+}
+
+void CanvasRenderingContext::checkOrigin(const KURL& url)
+{
+ if (!canvas()->originClean() || m_cleanOrigins.contains(url.string()))
+ return;
+
+ if (canvas()->securityOrigin().taintsCanvas(url))
+ canvas()->setOriginTainted();
+ else
+ m_cleanOrigins.add(url.string());
+}
+
} // namespace WebCore
diff --git a/WebCore/html/canvas/CanvasRenderingContext.h b/WebCore/html/canvas/CanvasRenderingContext.h
index 8499b47..a25e8a1 100644
--- a/WebCore/html/canvas/CanvasRenderingContext.h
+++ b/WebCore/html/canvas/CanvasRenderingContext.h
@@ -28,38 +28,52 @@
#include "GraphicsLayer.h"
+#include <wtf/HashSet.h>
#include <wtf/Noncopyable.h>
+#include <wtf/text/StringHash.h>
namespace WebCore {
- class WebGLObject;
- class HTMLCanvasElement;
+class CanvasPattern;
+class HTMLCanvasElement;
+class HTMLImageElement;
+class HTMLVideoElement;
+class KURL;
+class WebGLObject;
- class CanvasRenderingContext : public Noncopyable {
- public:
- CanvasRenderingContext(HTMLCanvasElement*);
- virtual ~CanvasRenderingContext() { }
-
- // Ref and deref the m_canvas
- void ref();
- void deref();
-
- HTMLCanvasElement* canvas() const { return m_canvas; }
-
- virtual bool is2d() const { return false; }
- virtual bool is3d() const { return false; }
- virtual bool isAccelerated() const { return false; }
-
- virtual void paintRenderingResultsToCanvas() {}
- virtual bool paintsIntoCanvasBuffer() const { return true; }
+class CanvasRenderingContext : public Noncopyable {
+public:
+ CanvasRenderingContext(HTMLCanvasElement*);
+ virtual ~CanvasRenderingContext() { }
+
+ // Ref and deref the m_canvas
+ void ref();
+ void deref();
+
+ HTMLCanvasElement* canvas() const { return m_canvas; }
+
+ virtual bool is2d() const { return false; }
+ virtual bool is3d() const { return false; }
+ virtual bool isAccelerated() const { return false; }
+
+ virtual void paintRenderingResultsToCanvas() {}
+ virtual bool paintsIntoCanvasBuffer() const { return true; }
#if USE(ACCELERATED_COMPOSITING)
- virtual PlatformLayer* platformLayer() const { return 0; }
+ virtual PlatformLayer* platformLayer() const { return 0; }
#endif
- private:
- HTMLCanvasElement* m_canvas;
- };
+protected:
+ void checkOrigin(const CanvasPattern*);
+ void checkOrigin(const HTMLCanvasElement*);
+ void checkOrigin(const HTMLImageElement*);
+ void checkOrigin(const HTMLVideoElement*);
+ void checkOrigin(const KURL&);
+
+private:
+ HTMLCanvasElement* m_canvas;
+ HashSet<String> m_cleanOrigins;
+};
} // namespace WebCore
diff --git a/WebCore/html/canvas/CanvasRenderingContext2D.cpp b/WebCore/html/canvas/CanvasRenderingContext2D.cpp
index 134ab67..ec120dd 100644
--- a/WebCore/html/canvas/CanvasRenderingContext2D.cpp
+++ b/WebCore/html/canvas/CanvasRenderingContext2D.cpp
@@ -249,12 +249,7 @@ void CanvasRenderingContext2D::setStrokeStyle(PassRefPtr<CanvasStyle> style)
if (state().m_strokeStyle && state().m_strokeStyle->isEquivalentColor(*style))
return;
- if (canvas()->originClean()) {
- if (CanvasPattern* pattern = style->canvasPattern()) {
- if (!pattern->originClean())
- canvas()->setOriginTainted();
- }
- }
+ checkOrigin(style->canvasPattern());
state().m_strokeStyle = style;
GraphicsContext* c = drawingContext();
@@ -277,12 +272,7 @@ void CanvasRenderingContext2D::setFillStyle(PassRefPtr<CanvasStyle> style)
if (state().m_fillStyle && state().m_fillStyle->isEquivalentColor(*style))
return;
- if (canvas()->originClean()) {
- if (CanvasPattern* pattern = style->canvasPattern()) {
- if (!pattern->originClean())
- canvas()->setOriginTainted();
- }
- }
+ checkOrigin(style->canvasPattern());
state().m_fillStyle = style;
GraphicsContext* c = drawingContext();
@@ -1121,25 +1111,6 @@ static inline FloatRect normalizeRect(const FloatRect& rect)
max(rect.height(), -rect.height()));
}
-void CanvasRenderingContext2D::checkOrigin(const KURL& url)
-{
- if (m_cleanOrigins.contains(url.string()))
- return;
-
- if (canvas()->securityOrigin().taintsCanvas(url))
- canvas()->setOriginTainted();
- else
- m_cleanOrigins.add(url.string());
-}
-
-void CanvasRenderingContext2D::checkOrigin(const String& url)
-{
- if (m_cleanOrigins.contains(url))
- return;
-
- checkOrigin(KURL(KURL(), url));
-}
-
void CanvasRenderingContext2D::drawImage(HTMLImageElement* image, float x, float y, ExceptionCode& ec)
{
if (!image) {
@@ -1211,11 +1182,7 @@ void CanvasRenderingContext2D::drawImage(HTMLImageElement* image, const FloatRec
if (!cachedImage)
return;
- if (canvas()->originClean())
- checkOrigin(cachedImage->response().url());
-
- if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin())
- canvas()->setOriginTainted();
+ checkOrigin(image);
FloatRect sourceRect = c->roundToDevicePixels(normalizedSrcRect);
FloatRect destRect = c->roundToDevicePixels(normalizedDstRect);
@@ -1288,8 +1255,7 @@ void CanvasRenderingContext2D::drawImage(HTMLCanvasElement* sourceCanvas, const
if (!buffer)
return;
- if (!sourceCanvas->originClean())
- canvas()->setOriginTainted();
+ checkOrigin(sourceCanvas);
#if ENABLE(ACCELERATED_2D_CANVAS)
// If we're drawing from one accelerated canvas 2d to another, avoid calling sourceCanvas->makeRenderingResultsAvailable()
@@ -1363,11 +1329,7 @@ void CanvasRenderingContext2D::drawImage(HTMLVideoElement* video, const FloatRec
if (!state().m_invertibleCTM)
return;
- if (canvas()->originClean())
- checkOrigin(video->currentSrc());
-
- if (canvas()->originClean() && !video->hasSingleSecurityOrigin())
- canvas()->setOriginTainted();
+ checkOrigin(video);
FloatRect sourceRect = c->roundToDevicePixels(srcRect);
FloatRect destRect = c->roundToDevicePixels(dstRect);
@@ -1396,11 +1358,7 @@ void CanvasRenderingContext2D::drawImageFromRect(HTMLImageElement* image,
if (!cachedImage)
return;
- if (canvas()->originClean())
- checkOrigin(cachedImage->response().url());
-
- if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin())
- canvas()->setOriginTainted();
+ checkOrigin(image);
GraphicsContext* c = drawingContext();
if (!c)
diff --git a/WebCore/html/canvas/CanvasRenderingContext2D.h b/WebCore/html/canvas/CanvasRenderingContext2D.h
index 91b6549..2c88a31 100644
--- a/WebCore/html/canvas/CanvasRenderingContext2D.h
+++ b/WebCore/html/canvas/CanvasRenderingContext2D.h
@@ -36,7 +36,6 @@
#include "PlatformString.h"
#include <wtf/Vector.h>
-#include <wtf/text/StringHash.h>
#if PLATFORM(CG)
#include <ApplicationServices/ApplicationServices.h>
@@ -57,7 +56,6 @@ class HTMLCanvasElement;
class HTMLImageElement;
class HTMLVideoElement;
class ImageData;
-class KURL;
class TextMetrics;
#if ENABLE(ACCELERATED_2D_CANVAS)
@@ -289,11 +287,6 @@ private:
void prepareGradientForDashboard(CanvasGradient* gradient) const;
- HashSet<String> m_cleanOrigins;
-
- void checkOrigin(const KURL&);
- void checkOrigin(const String&);
-
Vector<State, 1> m_stateStack;
bool m_usesCSSCompatibilityParseMode;
#if ENABLE(DASHBOARD_SUPPORT)
diff --git a/WebCore/html/canvas/WebGLRenderingContext.cpp b/WebCore/html/canvas/WebGLRenderingContext.cpp
index 80800b0..d1bb0cd 100644
--- a/WebCore/html/canvas/WebGLRenderingContext.cpp
+++ b/WebCore/html/canvas/WebGLRenderingContext.cpp
@@ -1940,8 +1940,12 @@ void WebGLRenderingContext::polygonOffset(double factor, double units)
cleanupAfterGraphicsCall(false);
}
-void WebGLRenderingContext::readPixels(long x, long y, long width, long height, unsigned long format, unsigned long type, ArrayBufferView* pixels)
+void WebGLRenderingContext::readPixels(long x, long y, long width, long height, unsigned long format, unsigned long type, ArrayBufferView* pixels, ExceptionCode& ec)
{
+ if (!canvas()->originClean()) {
+ ec = SECURITY_ERR;
+ return;
+ }
// Validate input parameters.
unsigned long componentsPerPixel, bytesPerComponent;
if (!m_context->computeFormatAndTypeParameters(format, type, &componentsPerPixel, &bytesPerComponent)) {
@@ -2183,6 +2187,7 @@ void WebGLRenderingContext::texImage2D(unsigned target, unsigned level, unsigned
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
return;
}
+ checkOrigin(image);
texImage2DImpl(target, level, internalformat, format, type, image->cachedImage()->image(),
m_unpackFlipY, m_unpackPremultiplyAlpha, ec);
}
@@ -2195,7 +2200,7 @@ void WebGLRenderingContext::texImage2D(unsigned target, unsigned level, unsigned
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
return;
}
-
+ checkOrigin(canvas);
texImage2DImpl(target, level, internalformat, format, type, canvas->copiedImage(),
m_unpackFlipY, m_unpackPremultiplyAlpha, ec);
}
@@ -2212,6 +2217,7 @@ PassRefPtr<Image> WebGLRenderingContext::videoFrameToImage(HTMLVideoElement* vid
m_context->synthesizeGLError(GraphicsContext3D::OUT_OF_MEMORY);
return 0;
}
+ checkOrigin(video);
IntRect destRect(0, 0, size.width(), size.height());
// FIXME: Turn this into a GPU-GPU texture copy instead of CPU readback.
video->paintCurrentFrameInContext(buf->context(), destRect);
@@ -2344,6 +2350,7 @@ void WebGLRenderingContext::texSubImage2D(unsigned target, unsigned level, unsig
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
return;
}
+ checkOrigin(image);
texSubImage2DImpl(target, level, xoffset, yoffset, format, type, image->cachedImage()->image(),
m_unpackFlipY, m_unpackPremultiplyAlpha, ec);
}
@@ -2356,7 +2363,7 @@ void WebGLRenderingContext::texSubImage2D(unsigned target, unsigned level, unsig
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
return;
}
-
+ checkOrigin(canvas);
texSubImage2DImpl(target, level, xoffset, yoffset, format, type, canvas->copiedImage(),
m_unpackFlipY, m_unpackPremultiplyAlpha, ec);
}
diff --git a/WebCore/html/canvas/WebGLRenderingContext.h b/WebCore/html/canvas/WebGLRenderingContext.h
index a52cbb7..f507054 100644
--- a/WebCore/html/canvas/WebGLRenderingContext.h
+++ b/WebCore/html/canvas/WebGLRenderingContext.h
@@ -186,7 +186,7 @@ public:
void linkProgram(WebGLProgram*, ExceptionCode&);
void pixelStorei(unsigned long pname, long param);
void polygonOffset(double factor, double units);
- void readPixels(long x, long y, long width, long height, unsigned long format, unsigned long type, ArrayBufferView* pixels);
+ void readPixels(long x, long y, long width, long height, unsigned long format, unsigned long type, ArrayBufferView* pixels, ExceptionCode&);
void releaseShaderCompiler();
void renderbufferStorage(unsigned long target, unsigned long internalformat, unsigned long width, unsigned long height);
void sampleCoverage(double value, bool invert);
diff --git a/WebCore/html/canvas/WebGLRenderingContext.idl b/WebCore/html/canvas/WebGLRenderingContext.idl
index 260d878..f76646d 100644
--- a/WebCore/html/canvas/WebGLRenderingContext.idl
+++ b/WebCore/html/canvas/WebGLRenderingContext.idl
@@ -590,7 +590,7 @@ module html {
[StrictTypeChecking] void pixelStorei(in unsigned long pname, in long param);
[StrictTypeChecking] void polygonOffset(in double factor, in double units);
- [StrictTypeChecking] void readPixels(in long x, in long y, in long width, in long height, in unsigned long format, in unsigned long type, in ArrayBufferView pixels);
+ [StrictTypeChecking] void readPixels(in long x, in long y, in long width, in long height, in unsigned long format, in unsigned long type, in ArrayBufferView pixels) raises(DOMException);
[StrictTypeChecking] void releaseShaderCompiler();
[StrictTypeChecking] void renderbufferStorage(in unsigned long target, in unsigned long internalformat, in unsigned long width, in unsigned long height);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list