CanvasRenderingContext.cpp [plain text]
#include "config.h"
#include "CanvasRenderingContext.h"
#include "CachedImage.h"
#include "CanvasPattern.h"
#include "HTMLImageElement.h"
#include "HTMLVideoElement.h"
#include "Image.h"
#include "URL.h"
#include "SecurityOrigin.h"
namespace WebCore {
CanvasRenderingContext::CanvasRenderingContext(HTMLCanvasElement& canvas)
: m_canvas(canvas)
{
}
bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern)
{
if (canvas().originClean() && pattern && !pattern->originClean())
return true;
return false;
}
bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas)
{
if (canvas().originClean() && sourceCanvas && !sourceCanvas->originClean())
return true;
return false;
}
bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* element)
{
if (!element || !canvas().originClean())
return false;
auto* cachedImage = element->cachedImage();
if (!cachedImage)
return false;
auto* image = cachedImage->image();
if (!image)
return false;
if (!image->hasSingleSecurityOrigin())
return true;
if (!cachedImage->isCORSSameOrigin())
return true;
ASSERT(canvas().securityOrigin());
ASSERT(cachedImage->origin());
ASSERT(canvas().securityOrigin()->toString() == cachedImage->origin()->toString());
return false;
}
bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video)
{
#if ENABLE(VIDEO)
if (!video || !canvas().originClean())
return false;
if (!video->hasSingleSecurityOrigin())
return true;
if (!(video->player() && video->player()->didPassCORSAccessCheck()) && wouldTaintOrigin(video->currentSrc()))
return true;
#else
UNUSED_PARAM(video);
#endif
return false;
}
bool CanvasRenderingContext::wouldTaintOrigin(const URL& url)
{
if (!canvas().originClean())
return false;
if (url.protocolIsData())
return false;
return !canvas().securityOrigin()->canRequest(url);
}
void CanvasRenderingContext::checkOrigin(const URL& url)
{
if (wouldTaintOrigin(url))
canvas().setOriginTainted();
}
}