Backed out changeset 71790f0ea832 (bug 967895)

This commit is contained in:
Sebastian Hengst 2017-10-09 19:18:12 +02:00
parent d65084ce8c
commit 92ee8df522
14 changed files with 29 additions and 283 deletions

View File

@ -124,7 +124,7 @@ DOMInterfaces = {
'CanvasRenderingContext2D': {
'implicitJSContext': [
'createImageData', 'getImageData', 'isPointInPath', 'isPointInStroke'
'createImageData', 'getImageData'
],
'binaryNames': {
'mozImageSmoothingEnabled': 'imageSmoothingEnabled'

View File

@ -4907,19 +4907,12 @@ CanvasRenderingContext2D::LineDashOffset() const {
}
bool
CanvasRenderingContext2D::IsPointInPath(JSContext* aCx, double aX, double aY, const CanvasWindingRule& aWinding)
CanvasRenderingContext2D::IsPointInPath(double aX, double aY, const CanvasWindingRule& aWinding)
{
if (!FloatValidate(aX, aY)) {
return false;
}
// Check for site-specific permission and return false if no permission.
if (mCanvasElement) {
nsCOMPtr<nsIDocument> ownerDoc = mCanvasElement->OwnerDoc();
if (!ownerDoc || !CanvasUtils::IsImageExtractionAllowed(ownerDoc, aCx))
return false;
}
EnsureUserSpacePath(aWinding);
if (!mPath) {
return false;
@ -4932,7 +4925,7 @@ CanvasRenderingContext2D::IsPointInPath(JSContext* aCx, double aX, double aY, co
return mPath->ContainsPoint(Point(aX, aY), mTarget->GetTransform());
}
bool CanvasRenderingContext2D::IsPointInPath(JSContext* aCx, const CanvasPath& aPath, double aX, double aY, const CanvasWindingRule& aWinding)
bool CanvasRenderingContext2D::IsPointInPath(const CanvasPath& aPath, double aX, double aY, const CanvasWindingRule& aWinding)
{
if (!FloatValidate(aX, aY)) {
return false;
@ -4949,19 +4942,12 @@ bool CanvasRenderingContext2D::IsPointInPath(JSContext* aCx, const CanvasPath& a
}
bool
CanvasRenderingContext2D::IsPointInStroke(JSContext* aCx, double aX, double aY)
CanvasRenderingContext2D::IsPointInStroke(double aX, double aY)
{
if (!FloatValidate(aX, aY)) {
return false;
}
// Check for site-specific permission and return false if no permission.
if (mCanvasElement) {
nsCOMPtr<nsIDocument> ownerDoc = mCanvasElement->OwnerDoc();
if (!ownerDoc || !CanvasUtils::IsImageExtractionAllowed(ownerDoc, aCx))
return false;
}
EnsureUserSpacePath();
if (!mPath) {
return false;
@ -4983,7 +4969,7 @@ CanvasRenderingContext2D::IsPointInStroke(JSContext* aCx, double aX, double aY)
return mPath->StrokeContainsPoint(strokeOptions, Point(aX, aY), mTarget->GetTransform());
}
bool CanvasRenderingContext2D::IsPointInStroke(JSContext* aCx, const CanvasPath& aPath, double aX, double aY)
bool CanvasRenderingContext2D::IsPointInStroke(const CanvasPath& aPath, double aX, double aY)
{
if (!FloatValidate(aX, aY)) {
return false;
@ -5832,27 +5818,6 @@ CanvasRenderingContext2D::GetImageDataArray(JSContext* aCx,
uint32_t srcStride = rawData.mStride;
uint8_t* src = rawData.mData + srcReadRect.y * srcStride + srcReadRect.x * 4;
// Check for site-specific permission and return all-white, opaque pixel
// data if no permission. This check is not needed if the canvas was
// created with a docshell (that is only done for special internal uses).
bool usePlaceholder = false;
if (mCanvasElement) {
nsCOMPtr<nsIDocument> ownerDoc = mCanvasElement->OwnerDoc();
usePlaceholder = !ownerDoc ||
!CanvasUtils::IsImageExtractionAllowed(ownerDoc, aCx);
}
if (usePlaceholder) {
if (readback) {
readback->Unmap();
}
memset(data, 0xFF, len.value());
*aRetval = darray;
return NS_OK;
}
uint8_t* dst = data + dstWriteRect.y * (aWidth * 4) + dstWriteRect.x * 4;
if (mOpaque) {

View File

@ -204,10 +204,10 @@ public:
bool DrawCustomFocusRing(mozilla::dom::Element& aElement);
void Clip(const CanvasWindingRule& aWinding);
void Clip(const CanvasPath& aPath, const CanvasWindingRule& aWinding);
bool IsPointInPath(JSContext* aCx, double aX, double aY, const CanvasWindingRule& aWinding);
bool IsPointInPath(JSContext* aCx, const CanvasPath& aPath, double aX, double aY, const CanvasWindingRule& aWinding);
bool IsPointInStroke(JSContext* aCx, double aX, double aY);
bool IsPointInStroke(JSContext* aCx, const CanvasPath& aPath, double aX, double aY);
bool IsPointInPath(double aX, double aY, const CanvasWindingRule& aWinding);
bool IsPointInPath(const CanvasPath& aPath, double aX, double aY, const CanvasWindingRule& aWinding);
bool IsPointInStroke(double aX, double aY);
bool IsPointInStroke(const CanvasPath& aPath, double aX, double aY);
void FillText(const nsAString& aText, double aX, double aY,
const Optional<double>& aMaxWidth,
mozilla::ErrorResult& aError);

View File

@ -25,7 +25,6 @@ CanvasRenderingContextHelper::ToBlob(JSContext* aCx,
BlobCallback& aCallback,
const nsAString& aType,
JS::Handle<JS::Value> aParams,
bool aUsePlaceholder,
ErrorResult& aRv)
{
// Encoder callback when encoding is complete.
@ -59,7 +58,7 @@ CanvasRenderingContextHelper::ToBlob(JSContext* aCx,
RefPtr<EncodeCompleteCallback> callback =
new EncodeCallback(aGlobal, &aCallback);
ToBlob(aCx, aGlobal, callback, aType, aParams, aUsePlaceholder, aRv);
ToBlob(aCx, aGlobal, callback, aType, aParams, aRv);
}
void
@ -68,7 +67,6 @@ CanvasRenderingContextHelper::ToBlob(JSContext* aCx,
EncodeCompleteCallback* aCallback,
const nsAString& aType,
JS::Handle<JS::Value> aParams,
bool aUsePlaceholder,
ErrorResult& aRv)
{
nsAutoString type;
@ -109,7 +107,6 @@ CanvasRenderingContextHelper::ToBlob(JSContext* aCx,
Move(imageBuffer),
format,
GetWidthHeight(),
aUsePlaceholder,
callback);
}

View File

@ -58,11 +58,11 @@ protected:
void ToBlob(JSContext* aCx, nsIGlobalObject* global, BlobCallback& aCallback,
const nsAString& aType, JS::Handle<JS::Value> aParams,
bool aUsePlaceholder, ErrorResult& aRv);
ErrorResult& aRv);
void ToBlob(JSContext* aCx, nsIGlobalObject* aGlobal, EncodeCompleteCallback* aCallback,
const nsAString& aType, JS::Handle<JS::Value> aParams,
bool aUsePlaceholder, ErrorResult& aRv);
ErrorResult& aRv);
virtual already_AddRefed<nsICanvasRenderingContextInternal>
CreateContext(CanvasContextType aContextType);

View File

@ -13,7 +13,6 @@
#include "nsICanvasRenderingContextInternal.h"
#include "nsIHTMLCollection.h"
#include "mozilla/dom/HTMLCanvasElement.h"
#include "mozilla/dom/TabChild.h"
#include "nsIPrincipal.h"
#include "nsGfxCIID.h"
@ -24,150 +23,11 @@
#include "mozilla/gfx/Matrix.h"
#include "WebGL2Context.h"
#include "nsIScriptObjectPrincipal.h"
#include "nsIPermissionManager.h"
#include "nsIObserverService.h"
#include "mozilla/Services.h"
#include "mozIThirdPartyUtil.h"
#include "nsContentUtils.h"
#include "nsUnicharUtils.h"
#include "nsPrintfCString.h"
#include "nsIConsoleService.h"
#include "jsapi.h"
#define TOPIC_CANVAS_PERMISSIONS_PROMPT "canvas-permissions-prompt"
#define PERMISSION_CANVAS_EXTRACT_DATA "canvas/extractData"
using namespace mozilla::gfx;
namespace mozilla {
namespace CanvasUtils {
bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx)
{
// Do the rest of the checks only if privacy.resistFingerprinting is on.
if (!nsContentUtils::ShouldResistFingerprinting()) {
return true;
}
// Don't proceed if we don't have a document or JavaScript context.
if (!aDocument || !aCx) {
return false;
}
// Documents with system principal can always extract canvas data.
nsPIDOMWindowOuter *win = aDocument->GetWindow();
nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(win));
if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal())) {
return true;
}
// Always give permission to chrome scripts (e.g. Page Inspector).
if (nsContentUtils::ThreadsafeIsCallerChrome()) {
return true;
}
// Get the document URI and its spec.
nsIURI *docURI = aDocument->GetDocumentURI();
nsCString docURISpec;
docURI->GetSpec(docURISpec);
// Allow local files to extract canvas data.
bool isFileURL;
(void) docURI->SchemeIs("file", &isFileURL);
if (isFileURL) {
return true;
}
// Get calling script file and line for logging.
JS::AutoFilename scriptFile;
unsigned scriptLine = 0;
bool isScriptKnown = false;
if (JS::DescribeScriptedCaller(aCx, &scriptFile, &scriptLine)) {
isScriptKnown = true;
// Don't show canvas prompt for PDF.js
if (scriptFile.get() &&
strcmp(scriptFile.get(), "resource://pdf.js/build/pdf.js") == 0) {
return true;
}
}
nsIDocument* topLevelDocument = aDocument->GetTopLevelContentDocument();
nsIURI *topLevelDocURI = topLevelDocument ? topLevelDocument->GetDocumentURI() : nullptr;
nsCString topLevelDocURISpec;
if (topLevelDocURI) {
topLevelDocURI->GetSpec(topLevelDocURISpec);
}
// Load Third Party Util service.
nsresult rv;
nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
do_GetService(THIRDPARTYUTIL_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, false);
// Block all third-party attempts to extract canvas.
bool isThirdParty = true;
rv = thirdPartyUtil->IsThirdPartyURI(topLevelDocURI, docURI, &isThirdParty);
NS_ENSURE_SUCCESS(rv, false);
if (isThirdParty) {
nsAutoCString message;
message.AppendPrintf("Blocked third party %s in page %s from extracting canvas data.",
docURISpec.get(), topLevelDocURISpec.get());
if (isScriptKnown) {
message.AppendPrintf(" %s:%u.", scriptFile.get(), scriptLine);
}
nsContentUtils::LogMessageToConsole(message.get());
return false;
}
// Load Permission Manager service.
nsCOMPtr<nsIPermissionManager> permissionManager =
do_GetService(NS_PERMISSIONMANAGER_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, false);
// Check if the site has permission to extract canvas data.
// Either permit or block extraction if a stored permission setting exists.
uint32_t permission;
rv = permissionManager->TestPermission(topLevelDocURI,
PERMISSION_CANVAS_EXTRACT_DATA,
&permission);
NS_ENSURE_SUCCESS(rv, false);
switch (permission) {
case nsIPermissionManager::ALLOW_ACTION:
return true;
case nsIPermissionManager::DENY_ACTION:
return false;
default:
break;
}
// At this point, permission is unknown (nsIPermissionManager::UNKNOWN_ACTION).
nsAutoCString message;
message.AppendPrintf("Blocked %s in page %s from extracting canvas data.",
docURISpec.get(), topLevelDocURISpec.get());
if (isScriptKnown) {
message.AppendPrintf(" %s:%u.", scriptFile.get(), scriptLine);
}
nsContentUtils::LogMessageToConsole(message.get());
// Prompt the user (asynchronous).
if (XRE_IsContentProcess()) {
TabChild* tabChild = TabChild::GetFrom(win);
if (tabChild) {
tabChild->SendShowCanvasPermissionPrompt(topLevelDocURISpec);
}
} else {
nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService();
if (obs) {
obs->NotifyObservers(win, TOPIC_CANVAS_PERMISSIONS_PROMPT,
NS_ConvertUTF8toUTF16(topLevelDocURISpec).get());
}
}
// We don't extract the image for now -- user may override at prompt.
return false;
}
bool
GetCanvasContextType(const nsAString& str, dom::CanvasContextType* const out_type)
{

View File

@ -49,9 +49,6 @@ void DoDrawImageSecurityCheck(dom::HTMLCanvasElement *aCanvasElement,
// Check if the context is chrome or has the permission to drawWindow
bool HasDrawWindowPrivilege(JSContext* aCx, JSObject* aObj);
// Check site-specific permission and display prompt if appropriate.
bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx);
// Make a double out of |v|, treating undefined values as 0.0 (for
// the sake of sparse arrays). Return true iff coercion
// succeeded.

View File

@ -284,13 +284,8 @@ OffscreenCanvas::ToBlob(JSContext* aCx,
RefPtr<EncodeCompleteCallback> callback =
new EncodeCallback(global, promise);
// TODO: Can we obtain the context and document here somehow
// so that we can decide when usePlaceholder should be true/false?
// See https://trac.torproject.org/18599
// For now, we always return a placeholder if fingerprinting resistance is on.
bool usePlaceholder = nsContentUtils::ShouldResistFingerprinting();
CanvasRenderingContextHelper::ToBlob(aCx, global, callback, aType, aParams,
usePlaceholder, aRv);
CanvasRenderingContextHelper::ToBlob(aCx, global,
callback, aType, aParams, aRv);
return promise.forget();
}

View File

@ -44,7 +44,6 @@
#include "nsRefreshDriver.h"
#include "nsStreamUtils.h"
#include "ActiveLayerTracker.h"
#include "CanvasUtils.h"
#include "VRManagerChild.h"
#include "WebGL1Context.h"
#include "WebGL2Context.h"
@ -63,10 +62,8 @@ class RequestedFrameRefreshObserver : public nsARefreshObserver
public:
RequestedFrameRefreshObserver(HTMLCanvasElement* const aOwningElement,
nsRefreshDriver* aRefreshDriver,
bool aReturnPlaceholderData)
nsRefreshDriver* aRefreshDriver)
: mRegistered(false),
mReturnPlaceholderData(aReturnPlaceholderData),
mOwningElement(aOwningElement),
mRefreshDriver(aRefreshDriver)
{
@ -74,8 +71,7 @@ public:
}
static already_AddRefed<DataSourceSurface>
CopySurface(const RefPtr<SourceSurface>& aSurface,
bool aReturnPlaceholderData)
CopySurface(const RefPtr<SourceSurface>& aSurface)
{
RefPtr<DataSourceSurface> data = aSurface->GetDataSurface();
if (!data) {
@ -104,23 +100,12 @@ public:
MOZ_ASSERT(data->GetSize() == copy->GetSize());
MOZ_ASSERT(data->GetFormat() == copy->GetFormat());
if (aReturnPlaceholderData) {
// If returning placeholder data, fill the frame copy with white pixels.
memset(write.GetData(), 0xFF,
write.GetStride() * copy->GetSize().height);
} else {
memcpy(write.GetData(), read.GetData(),
write.GetStride() * copy->GetSize().height);
}
memcpy(write.GetData(), read.GetData(),
write.GetStride() * copy->GetSize().height);
return copy.forget();
}
void SetReturnPlaceholderData(bool aReturnPlaceholderData)
{
mReturnPlaceholderData = aReturnPlaceholderData;
}
void WillRefresh(TimeStamp aTime) override
{
MOZ_ASSERT(NS_IsMainThread());
@ -159,7 +144,7 @@ public:
{
AUTO_PROFILER_LABEL(
"RequestedFrameRefreshObserver::WillRefresh:CopySurface", OTHER);
copy = CopySurface(snapshot, mReturnPlaceholderData);
copy = CopySurface(snapshot);
if (!copy) {
return;
}
@ -216,7 +201,6 @@ private:
}
bool mRegistered;
bool mReturnPlaceholderData;
HTMLCanvasElement* const mOwningElement;
RefPtr<nsRefreshDriver> mRefreshDriver;
};
@ -768,14 +752,7 @@ HTMLCanvasElement::CaptureStream(const Optional<double>& aFrameRate,
new CanvasCaptureTrackSource(principal, stream));
stream->AddTrackInternal(track);
// Check site-specific permission and display prompt if appropriate.
// If no permission, arrange for the frame capture listener to return
// all-white, opaque image data.
bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(
OwnerDoc(),
nsContentUtils::GetCurrentJSContext());
rv = RegisterFrameCaptureListener(stream->FrameCaptureListener(), usePlaceholder);
rv = RegisterFrameCaptureListener(stream->FrameCaptureListener());
if (NS_FAILED(rv)) {
aRv.Throw(rv);
return nullptr;
@ -785,18 +762,13 @@ HTMLCanvasElement::CaptureStream(const Optional<double>& aFrameRate,
}
nsresult
HTMLCanvasElement::ExtractData(JSContext* aCx,
nsAString& aType,
HTMLCanvasElement::ExtractData(nsAString& aType,
const nsAString& aOptions,
nsIInputStream** aStream)
{
// Check site-specific permission and display prompt if appropriate.
// If no permission, return all-white, opaque image data.
bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc(), aCx);
return ImageEncoder::ExtractData(aType,
aOptions,
GetSize(),
usePlaceholder,
mCurrentContext,
mAsyncCanvasRenderer,
aStream);
@ -826,12 +798,12 @@ HTMLCanvasElement::ToDataURLImpl(JSContext* aCx,
}
nsCOMPtr<nsIInputStream> stream;
rv = ExtractData(aCx, type, params, getter_AddRefs(stream));
rv = ExtractData(type, params, getter_AddRefs(stream));
// If there are unrecognized custom parse options, we should fall back to
// the default values for the encoder without any options at all.
if (rv == NS_ERROR_INVALID_ARG && usingCustomParseOptions) {
rv = ExtractData(aCx, type, EmptyString(), getter_AddRefs(stream));
rv = ExtractData(type, EmptyString(), getter_AddRefs(stream));
}
NS_ENSURE_SUCCESS(rv, rv);
@ -881,11 +853,8 @@ HTMLCanvasElement::ToBlob(JSContext* aCx,
return;
}
// Check site-specific permission and display prompt if appropriate.
// If no permission, return all-white, opaque image data.
bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc(), aCx);
CanvasRenderingContextHelper::ToBlob(aCx, global, aCallback, aType,
aParams, usePlaceholder, aRv);
aParams, aRv);
}
@ -954,8 +923,7 @@ HTMLCanvasElement::MozGetAsFileImpl(const nsAString& aName,
{
nsCOMPtr<nsIInputStream> stream;
nsAutoString type(aType);
nsresult rv = ExtractData(nsContentUtils::GetCurrentJSContext(),
type, EmptyString(), getter_AddRefs(stream));
nsresult rv = ExtractData(type, EmptyString(), getter_AddRefs(stream));
NS_ENSURE_SUCCESS(rv, rv);
uint64_t imgSize;
@ -1276,8 +1244,7 @@ HTMLCanvasElement::IsContextCleanForFrameCapture()
}
nsresult
HTMLCanvasElement::RegisterFrameCaptureListener(FrameCaptureListener* aListener,
bool aReturnPlaceholderData)
HTMLCanvasElement::RegisterFrameCaptureListener(FrameCaptureListener* aListener)
{
WeakPtr<FrameCaptureListener> listener = aListener;
@ -1316,9 +1283,7 @@ HTMLCanvasElement::RegisterFrameCaptureListener(FrameCaptureListener* aListener,
}
mRequestedFrameRefreshObserver =
new RequestedFrameRefreshObserver(this, driver, aReturnPlaceholderData);
} else {
mRequestedFrameRefreshObserver->SetReturnPlaceholderData(aReturnPlaceholderData);
new RequestedFrameRefreshObserver(this, driver);
}
mRequestedFrameListeners.AppendElement(listener);

View File

@ -262,8 +262,7 @@ public:
* caller's responsibility to keep them alive. Once a registered
* FrameCaptureListener is destroyed it will be automatically deregistered.
*/
nsresult RegisterFrameCaptureListener(FrameCaptureListener* aListener,
bool aReturnPlaceholderData);
nsresult RegisterFrameCaptureListener(FrameCaptureListener* aListener);
/*
* Returns true when there is at least one registered FrameCaptureListener
@ -349,8 +348,7 @@ protected:
virtual already_AddRefed<nsICanvasRenderingContextInternal>
CreateContext(CanvasContextType aContextType) override;
nsresult ExtractData(JSContext* aCx,
nsAString& aType,
nsresult ExtractData(nsAString& aType,
const nsAString& aOptions,
nsIInputStream** aStream);
nsresult ToDataURLImpl(JSContext* aCx,

View File

@ -594,14 +594,6 @@ parent:
*/
async RequestCrossBrowserNavigation(uint32_t aGlobalIndex);
/**
* This function is used to notify the parent that it should display a
* canvas permission prompt.
*
* @param aFirstPartyURI first party of the tab that is requesting access.
*/
async ShowCanvasPermissionPrompt(nsCString aFirstPartyURI);
child:
/**
* Notify the remote browser that it has been Show()n on this

View File

@ -3604,27 +3604,6 @@ TabParent::RecvRequestCrossBrowserNavigation(const uint32_t& aGlobalIndex)
return IPC_OK();
}
mozilla::ipc::IPCResult
TabParent::RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI)
{
nsCOMPtr<nsIBrowser> browser = do_QueryInterface(mFrameElement);
if (!browser) {
// If the tab is being closed, the browser may not be available.
// In this case we can ignore the request.
return IPC_OK();
}
nsCOMPtr<nsIObserverService> os = services::GetObserverService();
if (!os) {
return IPC_FAIL_NO_REASON(this);
}
nsresult rv = os->NotifyObservers(browser, "canvas-permissions-prompt",
NS_ConvertUTF8toUTF16(aFirstPartyURI).get());
if (NS_FAILED(rv)) {
return IPC_FAIL_NO_REASON(this);
}
return IPC_OK();
}
void
TabParent::LiveResizeStarted()
{

View File

@ -646,7 +646,6 @@ protected:
const bool& aTruncate) override;
virtual mozilla::ipc::IPCResult RecvRequestCrossBrowserNavigation(const uint32_t& aGlobalIndex) override;
virtual mozilla::ipc::IPCResult RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI) override;
ContentCacheInParent mContentCache;

View File

@ -157,7 +157,6 @@ CaptureTask::SetCurrentFrames(const VideoSegment& aSegment)
options,
false,
image,
false,
new EncodeComplete(this));
if (NS_FAILED(rv)) {
PostTrackEndEvent();