summaryrefslogtreecommitdiffstats
path: root/dom/canvas/CanvasUtils.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'dom/canvas/CanvasUtils.cpp')
-rw-r--r--dom/canvas/CanvasUtils.cpp43
1 files changed, 42 insertions, 1 deletions
diff --git a/dom/canvas/CanvasUtils.cpp b/dom/canvas/CanvasUtils.cpp
index 5ab2aa7..a76885b 100644
--- a/dom/canvas/CanvasUtils.cpp
+++ b/dom/canvas/CanvasUtils.cpp
@@ -236,7 +236,9 @@ void DoDrawImageSecurityCheck(dom::HTMLCanvasElement* aCanvasElement,
return;
}
- if (aCanvasElement->IsWriteOnly()) return;
+ if (aCanvasElement->IsWriteOnly() && !aCanvasElement->mExpandedReader) {
+ return;
+ }
// If we explicitly set WriteOnly just do it and get out
if (forceWriteOnly) {
@@ -254,6 +256,25 @@ void DoDrawImageSecurityCheck(dom::HTMLCanvasElement* aCanvasElement,
return;
}
+ if (BasePrincipal::Cast(aPrincipal)->AddonPolicy()) {
+ // This is a resource from an extension content script principal.
+
+ if (aCanvasElement->mExpandedReader &&
+ aCanvasElement->mExpandedReader->Subsumes(aPrincipal)) {
+ // This canvas already allows reading from this principal.
+ return;
+ }
+
+ if (!aCanvasElement->mExpandedReader) {
+ // Allow future reads from this same princial only.
+ aCanvasElement->SetWriteOnly(aPrincipal);
+ return;
+ }
+
+ // If we got here, this must be the *second* extension tainting
+ // the canvas. Fall through to mark it WriteOnly for everyone.
+ }
+
aCanvasElement->SetWriteOnly();
}
@@ -275,5 +296,25 @@ bool HasDrawWindowPrivilege(JSContext* aCx, JSObject* /* unused */) {
nsGkAtoms::all_urlsPermission);
}
+bool CheckWriteOnlySecurity(bool aCORSUsed, nsIPrincipal* aPrincipal) {
+ if (!aPrincipal) {
+ return true;
+ }
+
+ if (!aCORSUsed) {
+ nsIGlobalObject* incumbentSettingsObject = dom::GetIncumbentGlobal();
+ if (NS_WARN_IF(!incumbentSettingsObject)) {
+ return true;
+ }
+
+ nsIPrincipal* principal = incumbentSettingsObject->PrincipalOrNull();
+ if (NS_WARN_IF(!principal) || !(principal->Subsumes(aPrincipal))) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
} // namespace CanvasUtils
} // namespace mozilla