1 /* 2 * Copyright (C) 2009 Apple Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 #include "config.h" 27 #include "core/html/canvas/CanvasRenderingContext.h" 28 29 #include "core/html/HTMLCanvasElement.h" 30 #include "core/html/HTMLImageElement.h" 31 #include "core/html/HTMLVideoElement.h" 32 #include "core/html/canvas/CanvasPattern.h" 33 #include "core/loader/cache/ImageResource.h" 34 #include "weborigin/SecurityOrigin.h" 35 36 namespace WebCore { 37 38 CanvasRenderingContext::CanvasRenderingContext(HTMLCanvasElement* canvas) 39 : m_canvas(canvas) 40 { 41 ScriptWrappable::init(this); 42 } 43 44 bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern) 45 { 46 if (canvas()->originClean() && pattern && !pattern->originClean()) 47 return true; 48 return false; 49 } 50 51 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas) 52 { 53 if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean()) 54 return true; 55 return false; 56 } 57 58 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image) 59 { 60 if (!image || !canvas()->originClean()) 61 return false; 62 63 ImageResource* cachedImage = image->cachedImage(); 64 if (!cachedImage->image()->hasSingleSecurityOrigin()) 65 return true; 66 67 return wouldTaintOrigin(cachedImage->response().url()) && !cachedImage->passesAccessControlCheck(canvas()->securityOrigin()); 68 } 69 70 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video) 71 { 72 // FIXME: This check is likely wrong when a redirect is involved. We need 73 // to test the finalURL. Please be careful when fixing this issue not to 74 // make currentSrc be the final URL because then the 75 // HTMLMediaElement.currentSrc DOM API would leak redirect destinations! 76 if (!video || !canvas()->originClean()) 77 return false; 78 79 if (!video->hasSingleSecurityOrigin()) 80 return true; 81 82 if (!(video->player() && video->player()->didPassCORSAccessCheck()) && wouldTaintOrigin(video->currentSrc())) 83 return true; 84 85 return false; 86 } 87 88 bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url) 89 { 90 if (!canvas()->originClean() || m_cleanURLs.contains(url.string())) 91 return false; 92 93 if (canvas()->securityOrigin()->taintsCanvas(url)) 94 return true; 95 96 if (url.protocolIsData()) 97 return false; 98 99 m_cleanURLs.add(url.string()); 100 return false; 101 } 102 103 void CanvasRenderingContext::checkOrigin(const KURL& url) 104 { 105 if (wouldTaintOrigin(url)) 106 canvas()->setOriginTainted(); 107 } 108 109 } // namespace WebCore 110