mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-23 10:15:41 +00:00
c1750b75c7
Backed out changeset fc04c5d43550 (bug 709490) Backed out changeset cd8f9410d335 (bug 709490) Backed out changeset 6e687c9143c1 (bug 709490) Backed out changeset 9b20f2c833c4 (bug 709490) Backed out changeset f9d130aea88e (bug 709490) Backed out changeset fc513b410949 (bug 709490) Backed out changeset acf6220b431a (bug 709490) Backed out changeset 9bceaf913791 (bug 709490) Backed out changeset 37fba20111e2 (bug 709490) Backed out changeset 2285ce1596b8 (bug 709490) Backed out changeset fb4e09920569 (bug 709490)
91 lines
2.4 KiB
C++
91 lines
2.4 KiB
C++
/* -*- Mode: C++; tab-width: 20; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include <stdlib.h>
|
|
#include <stdarg.h>
|
|
|
|
#include "prprf.h"
|
|
|
|
#include "nsIServiceManager.h"
|
|
|
|
#include "nsIConsoleService.h"
|
|
#include "nsIDOMCanvasRenderingContext2D.h"
|
|
#include "nsICanvasRenderingContextInternal.h"
|
|
#include "nsIHTMLCollection.h"
|
|
#include "mozilla/dom/HTMLCanvasElement.h"
|
|
#include "nsIPrincipal.h"
|
|
|
|
#include "nsGfxCIID.h"
|
|
|
|
#include "nsTArray.h"
|
|
|
|
#include "CanvasUtils.h"
|
|
#include "mozilla/gfx/Matrix.h"
|
|
|
|
using namespace mozilla::gfx;
|
|
|
|
namespace mozilla {
|
|
namespace CanvasUtils {
|
|
|
|
/**
|
|
* This security check utility might be called from an source that never taints
|
|
* others. For example, while painting a CanvasPattern, which is created from an
|
|
* ImageBitmap, onto a canvas. In this case, the caller could set the CORSUsed
|
|
* true in order to pass this check and leave the aPrincipal to be a nullptr
|
|
* since the aPrincipal is not going to be used.
|
|
*/
|
|
void
|
|
DoDrawImageSecurityCheck(dom::HTMLCanvasElement *aCanvasElement,
|
|
nsIPrincipal *aPrincipal,
|
|
bool forceWriteOnly,
|
|
bool CORSUsed)
|
|
{
|
|
// Callers should ensure that mCanvasElement is non-null before calling this
|
|
if (!aCanvasElement) {
|
|
NS_WARNING("DoDrawImageSecurityCheck called without canvas element!");
|
|
return;
|
|
}
|
|
|
|
if (aCanvasElement->IsWriteOnly())
|
|
return;
|
|
|
|
// If we explicitly set WriteOnly just do it and get out
|
|
if (forceWriteOnly) {
|
|
aCanvasElement->SetWriteOnly();
|
|
return;
|
|
}
|
|
|
|
// No need to do a security check if the image used CORS for the load
|
|
if (CORSUsed)
|
|
return;
|
|
|
|
NS_PRECONDITION(aPrincipal, "Must have a principal here");
|
|
|
|
if (aCanvasElement->NodePrincipal()->Subsumes(aPrincipal)) {
|
|
// This canvas has access to that image anyway
|
|
return;
|
|
}
|
|
|
|
aCanvasElement->SetWriteOnly();
|
|
}
|
|
|
|
bool
|
|
CoerceDouble(JS::Value v, double* d)
|
|
{
|
|
if (v.isDouble()) {
|
|
*d = v.toDouble();
|
|
} else if (v.isInt32()) {
|
|
*d = double(v.toInt32());
|
|
} else if (v.isUndefined()) {
|
|
*d = 0.0;
|
|
} else {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
} // namespace CanvasUtils
|
|
} // namespace mozilla
|