Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(74)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/svg/graphics/SVGImage.cpp

Issue 22604008: Allow SVG images to not taint the canvas with drawImage/drawPattern (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Rebase after r156375 Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/svg/graphics/SVGImage.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org> 2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org>
3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved. 3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
4 * Copyright (C) Research In Motion Limited 2011. All rights reserved. 4 * Copyright (C) Research In Motion Limited 2011. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 11 matching lines...) Expand all
22 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 22 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
23 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */ 26 */
27 27
28 #include "config.h" 28 #include "config.h"
29 29
30 #include "core/svg/graphics/SVGImage.h" 30 #include "core/svg/graphics/SVGImage.h"
31 31
32 #include "core/dom/NodeTraversal.h"
33 #include "core/dom/shadow/ComposedShadowTreeWalker.h"
32 #include "core/loader/DocumentLoader.h" 34 #include "core/loader/DocumentLoader.h"
35 #include "core/page/Chrome.h"
33 #include "core/page/FrameView.h" 36 #include "core/page/FrameView.h"
34 #include "core/page/Settings.h" 37 #include "core/page/Settings.h"
35 #include "core/platform/graphics/GraphicsContextStateSaver.h" 38 #include "core/platform/graphics/GraphicsContextStateSaver.h"
36 #include "core/platform/graphics/ImageBuffer.h" 39 #include "core/platform/graphics/ImageBuffer.h"
37 #include "core/platform/graphics/ImageObserver.h" 40 #include "core/platform/graphics/ImageObserver.h"
38 #include "core/platform/graphics/IntRect.h" 41 #include "core/platform/graphics/IntRect.h"
39 #include "core/rendering/style/RenderStyle.h" 42 #include "core/rendering/style/RenderStyle.h"
40 #include "core/rendering/svg/RenderSVGRoot.h" 43 #include "core/rendering/svg/RenderSVGRoot.h"
41 #include "core/svg/SVGDocument.h" 44 #include "core/svg/SVGDocument.h"
45 #include "core/svg/SVGImageElement.h"
42 #include "core/svg/SVGSVGElement.h" 46 #include "core/svg/SVGSVGElement.h"
43 #include "core/svg/graphics/SVGImageChromeClient.h" 47 #include "core/svg/graphics/SVGImageChromeClient.h"
44 #include "wtf/PassRefPtr.h" 48 #include "wtf/PassRefPtr.h"
45 49
46 namespace WebCore { 50 namespace WebCore {
47 51
48 SVGImage::SVGImage(ImageObserver* observer) 52 SVGImage::SVGImage(ImageObserver* observer)
49 : Image(observer) 53 : Image(observer)
50 { 54 {
51 } 55 }
52 56
53 SVGImage::~SVGImage() 57 SVGImage::~SVGImage()
54 { 58 {
55 if (m_page) { 59 if (m_page) {
56 // Store m_page in a local variable, clearing m_page, so that SVGImageCh romeClient knows we're destructed. 60 // Store m_page in a local variable, clearing m_page, so that SVGImageCh romeClient knows we're destructed.
57 OwnPtr<Page> currentPage = m_page.release(); 61 OwnPtr<Page> currentPage = m_page.release();
58 currentPage->mainFrame()->loader()->frameDetached(); // Break both the l oader and view references to the frame 62 currentPage->mainFrame()->loader()->frameDetached(); // Break both the l oader and view references to the frame
59 } 63 }
60 64
61 // Verify that page teardown destroyed the Chrome 65 // Verify that page teardown destroyed the Chrome
62 ASSERT(!m_chromeClient || !m_chromeClient->image()); 66 ASSERT(!m_chromeClient || !m_chromeClient->image());
63 } 67 }
64 68
69 bool SVGImage::isInSVGImage(const Element* element)
70 {
71 ASSERT(element);
72
73 Page* page = element->document()->page();
74 if (!page)
75 return false;
76
77 return page->chrome().client().isSVGImageChromeClient();
78 }
79
80 bool SVGImage::hasSingleSecurityOrigin() const
81 {
82 if (!m_page)
83 return true;
84
85 Frame* frame = m_page->mainFrame();
86 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement() ;
87 if (!rootElement)
88 return true;
89
90 // Don't allow foreignObject elements or images that are not known to be
91 // single-origin since these can leak cross-origin information.
92 ComposedShadowTreeWalker walker(rootElement);
93 while (Node* node = walker.get()) {
94 if (node->hasTagName(SVGNames::foreignObjectTag))
95 return false;
96 // FIXME(crbug.com/249037): Images should be allowed but the
97 // implementation is difficult because images can have animations which
98 // cause them to dynamically change their single-origin state.
99 if (node->hasTagName(SVGNames::imageTag))
100 return false;
101 if (node->hasTagName(SVGNames::feImageTag))
102 return false;
103 walker.next();
104 }
105
106 // Because SVG image rendering disallows external resources and links, these
107 // images effectively are restricted to a single security origin.
108 return true;
109 }
110
65 void SVGImage::setContainerSize(const IntSize& size) 111 void SVGImage::setContainerSize(const IntSize& size)
66 { 112 {
67 if (!m_page || !usesContainerSize()) 113 if (!m_page || !usesContainerSize())
68 return; 114 return;
69 115
70 Frame* frame = m_page->mainFrame(); 116 Frame* frame = m_page->mainFrame();
71 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement() ; 117 SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement() ;
72 if (!rootElement) 118 if (!rootElement)
73 return; 119 return;
74 RenderSVGRoot* renderer = toRenderSVGRoot(rootElement->renderer()); 120 RenderSVGRoot* renderer = toRenderSVGRoot(rootElement->renderer());
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after
364 return m_page; 410 return m_page;
365 } 411 }
366 412
367 String SVGImage::filenameExtension() const 413 String SVGImage::filenameExtension() const
368 { 414 {
369 return "svg"; 415 return "svg";
370 } 416 }
371 417
372 } 418 }
373 419
OLDNEW
« no previous file with comments | « Source/core/svg/graphics/SVGImage.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698