2009-06-25 13:30:56 -07:00
|
|
|
/* -*- Mode: C++; tab-width: 20; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
2012-05-21 04:12:37 -07:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2009-06-25 13:30:56 -07:00
|
|
|
|
2009-09-02 17:47:49 -07:00
|
|
|
#include <stdlib.h>
|
|
|
|
#include <stdarg.h>
|
|
|
|
|
2009-09-04 14:57:33 -07:00
|
|
|
#include "prprf.h"
|
2009-06-25 13:30:56 -07:00
|
|
|
|
|
|
|
#include "nsIServiceManager.h"
|
|
|
|
|
2009-09-02 17:47:49 -07:00
|
|
|
#include "nsIConsoleService.h"
|
2009-06-25 13:30:56 -07:00
|
|
|
#include "nsIDOMCanvasRenderingContext2D.h"
|
|
|
|
#include "nsICanvasRenderingContextInternal.h"
|
2012-11-10 15:30:15 -08:00
|
|
|
#include "nsIHTMLCollection.h"
|
2013-01-03 21:16:14 -08:00
|
|
|
#include "mozilla/dom/HTMLCanvasElement.h"
|
2009-06-25 13:30:56 -07:00
|
|
|
#include "nsIPrincipal.h"
|
|
|
|
|
|
|
|
#include "nsGfxCIID.h"
|
|
|
|
|
|
|
|
#include "nsTArray.h"
|
|
|
|
|
|
|
|
#include "CanvasUtils.h"
|
2011-06-29 14:34:58 -07:00
|
|
|
#include "mozilla/gfx/Matrix.h"
|
2009-06-25 13:30:56 -07:00
|
|
|
|
2012-10-27 10:24:04 -07:00
|
|
|
using namespace mozilla::gfx;
|
|
|
|
|
2011-06-29 14:34:58 -07:00
|
|
|
namespace mozilla {
|
|
|
|
namespace CanvasUtils {
|
2009-06-25 13:30:56 -07:00
|
|
|
|
2015-07-30 11:49:00 -07:00
|
|
|
/**
|
|
|
|
* This security check utility might be called from an source that never taints
|
|
|
|
* others. For example, while painting a CanvasPattern, which is created from an
|
|
|
|
* ImageBitmap, onto a canvas. In this case, the caller could set the CORSUsed
|
|
|
|
* true in order to pass this check and leave the aPrincipal to be a nullptr
|
|
|
|
* since the aPrincipal is not going to be used.
|
|
|
|
*/
|
2009-06-25 13:30:56 -07:00
|
|
|
void
|
2013-01-03 21:16:14 -08:00
|
|
|
DoDrawImageSecurityCheck(dom::HTMLCanvasElement *aCanvasElement,
|
2011-06-29 14:34:58 -07:00
|
|
|
nsIPrincipal *aPrincipal,
|
2011-09-28 23:19:26 -07:00
|
|
|
bool forceWriteOnly,
|
|
|
|
bool CORSUsed)
|
2009-06-25 13:30:56 -07:00
|
|
|
{
|
|
|
|
// Callers should ensure that mCanvasElement is non-null before calling this
|
|
|
|
if (!aCanvasElement) {
|
|
|
|
NS_WARNING("DoDrawImageSecurityCheck called without canvas element!");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (aCanvasElement->IsWriteOnly())
|
|
|
|
return;
|
|
|
|
|
|
|
|
// If we explicitly set WriteOnly just do it and get out
|
|
|
|
if (forceWriteOnly) {
|
|
|
|
aCanvasElement->SetWriteOnly();
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-09-09 14:58:35 -07:00
|
|
|
// No need to do a security check if the image used CORS for the load
|
|
|
|
if (CORSUsed)
|
|
|
|
return;
|
|
|
|
|
2015-07-30 11:49:00 -07:00
|
|
|
NS_PRECONDITION(aPrincipal, "Must have a principal here");
|
|
|
|
|
2014-02-13 18:57:36 -08:00
|
|
|
if (aCanvasElement->NodePrincipal()->Subsumes(aPrincipal)) {
|
2011-03-23 20:13:18 -07:00
|
|
|
// This canvas has access to that image anyway
|
|
|
|
return;
|
2009-06-25 13:30:56 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
aCanvasElement->SetWriteOnly();
|
|
|
|
}
|
2009-09-02 17:47:49 -07:00
|
|
|
|
2011-06-29 14:34:58 -07:00
|
|
|
bool
|
2013-03-22 22:05:20 -07:00
|
|
|
CoerceDouble(JS::Value v, double* d)
|
2011-06-29 14:34:58 -07:00
|
|
|
{
|
2014-04-27 19:35:40 -07:00
|
|
|
if (v.isDouble()) {
|
2014-04-27 19:38:31 -07:00
|
|
|
*d = v.toDouble();
|
2014-04-27 19:47:02 -07:00
|
|
|
} else if (v.isInt32()) {
|
2014-04-27 19:55:08 -07:00
|
|
|
*d = double(v.toInt32());
|
2014-04-27 19:32:05 -07:00
|
|
|
} else if (v.isUndefined()) {
|
2011-06-29 14:34:58 -07:00
|
|
|
*d = 0.0;
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace CanvasUtils
|
|
|
|
} // namespace mozilla
|