Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1214)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/svg/graphics/SVGImage.cpp

Issue 22604008: Allow SVG images to not taint the canvas with drawImage/drawPattern (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Rebase after r156375 Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/svg/graphics/SVGImage.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/svg/graphics/SVGImage.cpp
diff --git a/Source/core/svg/graphics/SVGImage.cpp b/Source/core/svg/graphics/SVGImage.cpp
index 8bc7095769101494476c286abb9b590c16776b11..395f2db1e4c341aa3724ec4a8f3824d2a4620042 100644
--- a/Source/core/svg/graphics/SVGImage.cpp
+++ b/Source/core/svg/graphics/SVGImage.cpp
@@ -29,7 +29,10 @@
#include "core/svg/graphics/SVGImage.h"
+#include "core/dom/NodeTraversal.h"
+#include "core/dom/shadow/ComposedShadowTreeWalker.h"
#include "core/loader/DocumentLoader.h"
+#include "core/page/Chrome.h"
#include "core/page/FrameView.h"
#include "core/page/Settings.h"
#include "core/platform/graphics/GraphicsContextStateSaver.h"
@@ -39,6 +42,7 @@
#include "core/rendering/style/RenderStyle.h"
#include "core/rendering/svg/RenderSVGRoot.h"
#include "core/svg/SVGDocument.h"
+#include "core/svg/SVGImageElement.h"
#include "core/svg/SVGSVGElement.h"
#include "core/svg/graphics/SVGImageChromeClient.h"
#include "wtf/PassRefPtr.h"
@@ -62,6 +66,48 @@ SVGImage::~SVGImage()
ASSERT(!m_chromeClient || !m_chromeClient->image());
}
+bool SVGImage::isInSVGImage(const Element* element)
+{
+ ASSERT(element);
+
+ Page* page = element->document()->page();
+ if (!page)
+ return false;
+
+ return page->chrome().client().isSVGImageChromeClient();
+}
+
+bool SVGImage::hasSingleSecurityOrigin() const
+{
+ if (!m_page)
+ return true;
+
+ Frame* frame = m_page->mainFrame();
+ SVGSVGElement* rootElement = toSVGDocument(frame->document())->rootElement();
+ if (!rootElement)
+ return true;
+
+ // Don't allow foreignObject elements or images that are not known to be
+ // single-origin since these can leak cross-origin information.
+ ComposedShadowTreeWalker walker(rootElement);
+ while (Node* node = walker.get()) {
+ if (node->hasTagName(SVGNames::foreignObjectTag))
+ return false;
+ // FIXME(crbug.com/249037): Images should be allowed but the
+ // implementation is difficult because images can have animations which
+ // cause them to dynamically change their single-origin state.
+ if (node->hasTagName(SVGNames::imageTag))
+ return false;
+ if (node->hasTagName(SVGNames::feImageTag))
+ return false;
+ walker.next();
+ }
+
+ // Because SVG image rendering disallows external resources and links, these
+ // images effectively are restricted to a single security origin.
+ return true;
+}
+
void SVGImage::setContainerSize(const IntSize& size)
{
if (!m_page || !usesContainerSize())
« no previous file with comments | « Source/core/svg/graphics/SVGImage.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698