Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge r184434 - When redirecting to data URL use HTTP response for sa…
…me origin policy checks https://bugs.webkit.org/show_bug.cgi?id=145054 rdar://problem/20299050 Reviewed by Alexey Proskuryakov. Source/WebCore: Test: http/tests/security/canvas-remote-read-data-url-image-redirect.html * dom/ScriptElement.cpp: (WebCore::ScriptElement::notifyFinished): * dom/ScriptExecutionContext.cpp: (WebCore::ScriptExecutionContext::sanitizeScriptError): * html/canvas/CanvasRenderingContext.cpp: (WebCore::CanvasRenderingContext::wouldTaintOrigin): * loader/ImageLoader.cpp: (WebCore::ImageLoader::notifyFinished): * loader/MediaResourceLoader.cpp: (WebCore::MediaResourceLoader::responseReceived): * loader/TextTrackLoader.cpp: (WebCore::TextTrackLoader::notifyFinished): * loader/cache/CachedImage.cpp: (WebCore::CachedImage::isOriginClean): * loader/cache/CachedResource.cpp: (WebCore::CachedResource::passesAccessControlCheck): (WebCore::CachedResource::passesSameOriginPolicyCheck): Factor repeatedly used same origin policy test into a function. (WebCore::CachedResource::redirectReceived): When redirecting to a data URL save the redirect response. (WebCore::CachedResource::responseForSameOriginPolicyChecks): In case we got redirected to data use that response instead of the final data response for policy checks. * loader/cache/CachedResource.h: LayoutTests: * http/tests/security/canvas-remote-read-data-url-image-redirect-expected.txt: Added. * http/tests/security/canvas-remote-read-data-url-image-redirect.html: Added.
- Loading branch information
1 parent
6007774
commit f105063
Showing
13 changed files
with
160 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 7 additions & 0 deletions
7
LayoutTests/http/tests/security/canvas-remote-read-data-url-image-redirect-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
CONSOLE MESSAGE: line 17: Unable to get image data from canvas because the canvas has been tainted by cross-origin data. | ||
CONSOLE MESSAGE: line 17: Unable to get image data from canvas because the canvas has been tainted by cross-origin data. | ||
PASS: Calling getImageData() from a canvas tainted by a redirected data URL image was not allowed - Threw error: Error: SecurityError: DOM Exception 18. | ||
PASS: Calling toDataURL() on a canvas tainted by a redirected data URL image was not allowed - Threw error: Error: SecurityError: DOM Exception 18. | ||
PASS: Calling getImageData() from a canvas tainted by a redirected data URL image pattern was not allowed - Threw error: Error: SecurityError: DOM Exception 18. | ||
PASS: Calling toDataURL() on a canvas tainted by a redirected data URL image pattern was not allowed - Threw error: Error: SecurityError: DOM Exception 18. | ||
|
69 changes: 69 additions & 0 deletions
69
LayoutTests/http/tests/security/canvas-remote-read-data-url-image-redirect.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
<pre id="console"></pre> | ||
<script> | ||
if (window.testRunner) { | ||
testRunner.dumpAsText(); | ||
testRunner.waitUntilDone(); | ||
} | ||
|
||
log = function(msg) | ||
{ | ||
document.getElementById('console').appendChild(document.createTextNode(msg + "\n")); | ||
} | ||
|
||
testGetImageData = function(context, description) | ||
{ | ||
description = "Calling getImageData() from a canvas tainted by a " + description; | ||
try { | ||
var imageData = context.getImageData(0,0,100,100); | ||
log("FAIL: " + description + " was allowed."); | ||
} catch (e) { | ||
log("PASS: " + description + " was not allowed - Threw error: " + e + "."); | ||
} | ||
} | ||
|
||
testToDataURL = function(canvas, description) | ||
{ | ||
description = "Calling toDataURL() on a canvas tainted by a " + description; | ||
try { | ||
var dataURL = canvas.toDataURL(); | ||
log("FAIL: " + description + " was allowed."); | ||
} catch (e) { | ||
log("PASS: " + description + " was not allowed - Threw error: " + e + "."); | ||
} | ||
} | ||
|
||
test = function(canvas, description) | ||
{ | ||
testGetImageData(canvas.getContext("2d"), description); | ||
testToDataURL(canvas, description); | ||
} | ||
|
||
var image = new Image(); | ||
image.onload = function() { | ||
var canvas = document.createElement("canvas"); | ||
canvas.width = 100; | ||
canvas.height = 100; | ||
var context = canvas.getContext("2d"); | ||
|
||
// Test reading from a canvas after drawing a data URL image onto it | ||
context.drawImage(image, 0, 0, 100, 100); | ||
|
||
test(canvas, "redirected data URL image"); | ||
|
||
// Test reading after using a data URL pattern | ||
canvas = document.createElement("canvas"); | ||
canvas.width = 100; | ||
canvas.height = 100; | ||
var context = canvas.getContext("2d"); | ||
var remoteImagePattern = context.createPattern(image, "repeat"); | ||
context.fillStyle = remoteImagePattern; | ||
context.fillRect(0, 0, 100, 100); | ||
|
||
test(canvas, "redirected data URL image pattern"); | ||
|
||
if (window.testRunner) | ||
testRunner.notifyDone(); | ||
} | ||
|
||
image.src = "http://localhost:8000/resources/redirect.php?url=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVR42mP4%2F58BAAT%2FAf9jgNErAAAAAElFTkSuQmCC"; | ||
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters