OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org> | 2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org> |
3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. |
4 * Copyright (C) Research In Motion Limited 2011. All rights reserved. | 4 * Copyright (C) Research In Motion Limited 2011. All rights reserved. |
5 * | 5 * |
6 * Redistribution and use in source and binary forms, with or without | 6 * Redistribution and use in source and binary forms, with or without |
7 * modification, are permitted provided that the following conditions | 7 * modification, are permitted provided that the following conditions |
8 * are met: | 8 * are met: |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 11 matching lines...) Expand all Loading... |
22 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | 22 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
23 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 23 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 */ | 26 */ |
27 | 27 |
28 #include "config.h" | 28 #include "config.h" |
29 | 29 |
30 #include "core/svg/graphics/SVGImage.h" | 30 #include "core/svg/graphics/SVGImage.h" |
31 | 31 |
| 32 #include "core/dom/NodeTraversal.h" |
| 33 #include "core/dom/shadow/ComposedShadowTreeWalker.h" |
32 #include "core/loader/DocumentLoader.h" | 34 #include "core/loader/DocumentLoader.h" |
| 35 #include "core/page/Chrome.h" |
33 #include "core/page/FrameView.h" | 36 #include "core/page/FrameView.h" |
34 #include "core/page/Settings.h" | 37 #include "core/page/Settings.h" |
35 #include "core/platform/graphics/GraphicsContextStateSaver.h" | 38 #include "core/platform/graphics/GraphicsContextStateSaver.h" |
36 #include "core/platform/graphics/ImageBuffer.h" | 39 #include "core/platform/graphics/ImageBuffer.h" |
37 #include "core/platform/graphics/ImageObserver.h" | 40 #include "core/platform/graphics/ImageObserver.h" |
38 #include "core/platform/graphics/IntRect.h" | 41 #include "core/platform/graphics/IntRect.h" |
39 #include "core/rendering/style/RenderStyle.h" | 42 #include "core/rendering/style/RenderStyle.h" |
40 #include "core/rendering/svg/RenderSVGRoot.h" | 43 #include "core/rendering/svg/RenderSVGRoot.h" |
41 #include "core/svg/SVGDocument.h" | 44 #include "core/svg/SVGDocument.h" |
| 45 #include "core/svg/SVGImageElement.h" |
42 #include "core/svg/SVGSVGElement.h" | 46 #include "core/svg/SVGSVGElement.h" |
43 #include "core/svg/graphics/SVGImageChromeClient.h" | 47 #include "core/svg/graphics/SVGImageChromeClient.h" |
44 #include "wtf/PassRefPtr.h" | 48 #include "wtf/PassRefPtr.h" |
45 | 49 |
46 namespace WebCore { | 50 namespace WebCore { |
47 | 51 |
48 SVGImage::SVGImage(ImageObserver* observer) | 52 SVGImage::SVGImage(ImageObserver* observer) |
49 : Image(observer) | 53 : Image(observer) |
50 { | 54 { |
51 } | 55 } |
52 | 56 |
53 SVGImage::~SVGImage() | 57 SVGImage::~SVGImage() |
54 { | 58 { |
55 if (m_page) { | 59 if (m_page) { |
56 // Store m_page in a local variable, clearing m_page, so that SVGImageCh
romeClient knows we're destructed. | 60 // Store m_page in a local variable, clearing m_page, so that SVGImageCh
romeClient knows we're destructed. |
57 OwnPtr<Page> currentPage = m_page.release(); | 61 OwnPtr<Page> currentPage = m_page.release(); |
58 currentPage->mainFrame()->loader()->frameDetached(); // Break both the l
oader and view references to the frame | 62 currentPage->mainFrame()->loader()->frameDetached(); // Break both the l
oader and view references to the frame |
59 } | 63 } |
60 | 64 |
61 // Verify that page teardown destroyed the Chrome | 65 // Verify that page teardown destroyed the Chrome |
62 ASSERT(!m_chromeClient || !m_chromeClient->image()); | 66 ASSERT(!m_chromeClient || !m_chromeClient->image()); |
63 } | 67 } |
64 | 68 |
| 69 bool SVGImage::isInSVGImage(const Element* element) |
| 70 { |
| 71 ASSERT(element); |
| 72 |
| 73 Page* page = element->document()->page(); |
| 74 if (!page) |
| 75 return false; |
| 76 |
| 77 return page->chrome().client().isSVGImageChromeClient(); |
| 78 } |
| 79 |
| 80 bool SVGImage::hasSingleSecurityOrigin() const |
| 81 { |
| 82 if (!m_page) |
| 83 return true; |
| 84 |
| 85 Frame* frame = m_page->mainFrame(); |
| 86 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement()
; |
| 87 if (!rootElement) |
| 88 return true; |
| 89 |
| 90 // Don't allow foreignObject elements or images that are not known to be |
| 91 // single-origin since these can leak cross-origin information. |
| 92 ComposedShadowTreeWalker walker(rootElement); |
| 93 while (Node* node = walker.get()) { |
| 94 if (node->hasTagName(SVGNames::foreignObjectTag)) |
| 95 return false; |
| 96 // FIXME(crbug.com/249037): Images should be allowed but the |
| 97 // implementation is difficult because images can have animations which |
| 98 // cause them to dynamically change their single-origin state. |
| 99 if (node->hasTagName(SVGNames::imageTag)) |
| 100 return false; |
| 101 if (node->hasTagName(SVGNames::feImageTag)) |
| 102 return false; |
| 103 walker.next(); |
| 104 } |
| 105 |
| 106 // Because SVG image rendering disallows external resources and links, these |
| 107 // images effectively are restricted to a single security origin. |
| 108 return true; |
| 109 } |
| 110 |
65 void SVGImage::setContainerSize(const IntSize& size) | 111 void SVGImage::setContainerSize(const IntSize& size) |
66 { | 112 { |
67 if (!m_page || !usesContainerSize()) | 113 if (!m_page || !usesContainerSize()) |
68 return; | 114 return; |
69 | 115 |
70 Frame* frame = m_page->mainFrame(); | 116 Frame* frame = m_page->mainFrame(); |
71 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement()
; | 117 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement()
; |
72 if (!rootElement) | 118 if (!rootElement) |
73 return; | 119 return; |
74 RenderSVGRoot* renderer = toRenderSVGRoot(rootElement->renderer()); | 120 RenderSVGRoot* renderer = toRenderSVGRoot(rootElement->renderer()); |
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
364 return m_page; | 410 return m_page; |
365 } | 411 } |
366 | 412 |
367 String SVGImage::filenameExtension() const | 413 String SVGImage::filenameExtension() const |
368 { | 414 { |
369 return "svg"; | 415 return "svg"; |
370 } | 416 } |
371 | 417 |
372 } | 418 } |
373 | 419 |
OLD | NEW |