| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Apple Inc. All rights reserved. | 2 * Copyright (C) 2009 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 70 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video) | 70 bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video) |
| 71 { | 71 { |
| 72 #if ENABLE(VIDEO) | 72 #if ENABLE(VIDEO) |
| 73 // FIXME: This check is likely wrong when a redirect is involved. We need | 73 // FIXME: This check is likely wrong when a redirect is involved. We need |
| 74 // to test the finalURL. Please be careful when fixing this issue not to | 74 // to test the finalURL. Please be careful when fixing this issue not to |
| 75 // make currentSrc be the final URL because then the | 75 // make currentSrc be the final URL because then the |
| 76 // HTMLMediaElement.currentSrc DOM API would leak redirect destinations! | 76 // HTMLMediaElement.currentSrc DOM API would leak redirect destinations! |
| 77 if (!video || !canvas()->originClean()) | 77 if (!video || !canvas()->originClean()) |
| 78 return false; | 78 return false; |
| 79 | 79 |
| 80 if (wouldTaintOrigin(video->currentSrc())) | 80 if (!video->hasSingleSecurityOrigin()) |
| 81 return true; | 81 return true; |
| 82 | 82 |
| 83 if (!video->hasSingleSecurityOrigin()) | 83 if (!(video->player() && video->player()->didPassCORSAccessCheck()) && would
TaintOrigin(video->currentSrc())) |
| 84 return true; | 84 return true; |
| 85 |
| 85 #else | 86 #else |
| 86 UNUSED_PARAM(video); | 87 UNUSED_PARAM(video); |
| 87 #endif | 88 #endif |
| 88 | 89 |
| 89 return false; | 90 return false; |
| 90 } | 91 } |
| 91 | 92 |
| 92 bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url) | 93 bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url) |
| 93 { | 94 { |
| 94 if (!canvas()->originClean() || m_cleanURLs.contains(url.string())) | 95 if (!canvas()->originClean() || m_cleanURLs.contains(url.string())) |
| 95 return false; | 96 return false; |
| 96 | 97 |
| 97 if (canvas()->securityOrigin()->taintsCanvas(url)) | 98 if (canvas()->securityOrigin()->taintsCanvas(url)) |
| 98 return true; | 99 return true; |
| 99 | 100 |
| 100 if (url.protocolIsData()) | 101 if (url.protocolIsData()) |
| 101 return false; | 102 return false; |
| 102 | 103 |
| 103 m_cleanURLs.add(url.string()); | 104 m_cleanURLs.add(url.string()); |
| 104 return false; | 105 return false; |
| 105 } | 106 } |
| 106 | 107 |
| 107 void CanvasRenderingContext::checkOrigin(const KURL& url) | 108 void CanvasRenderingContext::checkOrigin(const KURL& url) |
| 108 { | 109 { |
| 109 if (wouldTaintOrigin(url)) | 110 if (wouldTaintOrigin(url)) |
| 110 canvas()->setOriginTainted(); | 111 canvas()->setOriginTainted(); |
| 111 } | 112 } |
| 112 | 113 |
| 113 } // namespace WebCore | 114 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10536097:
Merge 119742 - Plumb CORS attribute information from HTMLMediaElement to media players so it can be… (Closed)
Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/1132/