Implement the HTML5 canvas tainting rules to prevent potential data leakage
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 7 Mar 2008 07:45:38 +0000 (07:45 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 7 Mar 2008 07:45:38 +0000 (07:45 +0000)
commite78fe567cb4562b43c0a5090a21023b81998dacd
tree6aeec9a5faff55d81f41e04d7565a0fb9c394a03
parentdb7029cb667ac1f529d879504547267ed7d5c465
Implement the HTML5 canvas tainting rules to prevent potential data leakage

Reviewed by Mitz

Added originClean to HTMLCanvasElement and CanvasPattern
to track whether a canvas (or pattern) is tainted by remote
data.
Use originClean flag to determine whether getImageData should
return, well, image data.

Test: http/tests/security/canvas-remote-read-remote-image.html

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@30869 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/canvas-remote-read-remote-image-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/canvas-remote-read-remote-image.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/html/CanvasPattern.cpp
WebCore/html/CanvasPattern.h
WebCore/html/CanvasRenderingContext2D.cpp
WebCore/html/CanvasRenderingContext2D.h
WebCore/html/HTMLCanvasElement.cpp
WebCore/html/HTMLCanvasElement.h