2011-05-26 Adam Barth <abarth@webkit.org>
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 May 2011 06:12:45 +0000 (06:12 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 May 2011 06:12:45 +0000 (06:12 +0000)
commit01d7c90ab99a1f185e8d29e3760f0fd1b0ffac0f
treecc458b0f240c22e9862e3fd4cb437cb51a835fc5
parent5645f2fe1608ac733dac2a122e940ceb429b4a64
2011-05-26  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Support cross-origin property for images
        https://bugs.webkit.org/show_bug.cgi?id=61015

        Test various cases involving CORS requests and canvas tainting.

        * http/tests/security/canvas-remote-read-remote-image-allowed-expected.txt: Added.
        * http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials-expected.txt: Added.
        * http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html: Added.
        * http/tests/security/canvas-remote-read-remote-image-allowed.html: Added.
        * http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt: Added.
        * http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html: Added.
        * http/tests/security/resources/abe-allow-credentials.php: Added.
        * http/tests/security/resources/abe-allow-star.php: Added.
2011-05-26  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Support cross-origin property for images
        https://bugs.webkit.org/show_bug.cgi?id=61015

        This patch add support for the crossorigin attribute of images and
        teaches 2D canvas to respect that flag and not taint a canvas if the
        image drawn on the canvas is allowed by CORS.

        While I was editing this code, I couldn't resist a couple touch-up
        changes.

        Tests: http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html
               http/tests/security/canvas-remote-read-remote-image-allowed.html
               http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html

        * html/HTMLAttributeNames.in:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::securityOrigin):
        * html/HTMLCanvasElement.h:
        * html/HTMLImageElement.idl:
        * html/canvas/CanvasRenderingContext.cpp:
        (WebCore::CanvasRenderingContext::checkOrigin):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::createPattern):
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::updateFromElement):
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::passesAccessControlCheck):
        * loader/cache/CachedResource.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@87473 268f45cc-cd09-0410-ab3c-d52691b4dbfc
19 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/canvas-remote-read-remote-image-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html [new file with mode: 0644]
LayoutTests/http/tests/security/canvas-remote-read-remote-image-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/abe-allow-credentials.php [new file with mode: 0644]
LayoutTests/http/tests/security/resources/abe-allow-star.php [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLAttributeNames.in
Source/WebCore/html/HTMLCanvasElement.cpp
Source/WebCore/html/HTMLCanvasElement.h
Source/WebCore/html/HTMLImageElement.idl
Source/WebCore/html/canvas/CanvasRenderingContext.cpp
Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp
Source/WebCore/loader/ImageLoader.cpp
Source/WebCore/loader/cache/CachedResource.cpp
Source/WebCore/loader/cache/CachedResource.h