1/*
2 * Copyright (C) 2009 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 *    notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 *    notice, this list of conditions and the following disclaimer in the
11 *    documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "config.h"
27#include "core/html/canvas/CanvasRenderingContext.h"
28
29#include "core/fetch/ImageResource.h"
30#include "core/html/HTMLImageElement.h"
31#include "core/html/HTMLVideoElement.h"
32#include "core/html/canvas/CanvasPattern.h"
33#include "platform/weborigin/SecurityOrigin.h"
34
35namespace WebCore {
36
37CanvasRenderingContext::CanvasRenderingContext(HTMLCanvasElement* canvas)
38    : m_canvas(canvas)
39{
40    ScriptWrappable::init(this);
41}
42
43bool CanvasRenderingContext::wouldTaintOrigin(const CanvasPattern* pattern)
44{
45    if (canvas()->originClean() && pattern && !pattern->originClean())
46        return true;
47    return false;
48}
49
50bool CanvasRenderingContext::wouldTaintOrigin(const HTMLCanvasElement* sourceCanvas)
51{
52    if (canvas()->originClean() && sourceCanvas && !sourceCanvas->originClean())
53        return true;
54    return false;
55}
56
57bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image)
58{
59    if (!image || !canvas()->originClean())
60        return false;
61
62    ImageResource* cachedImage = image->cachedImage();
63    if (!cachedImage->image()->currentFrameHasSingleSecurityOrigin())
64        return true;
65
66    return wouldTaintOrigin(cachedImage->response().url()) && !cachedImage->passesAccessControlCheck(canvas()->securityOrigin());
67}
68
69bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video)
70{
71    // FIXME: This check is likely wrong when a redirect is involved. We need
72    // to test the finalURL. Please be careful when fixing this issue not to
73    // make currentSrc be the final URL because then the
74    // HTMLMediaElement.currentSrc DOM API would leak redirect destinations!
75    if (!video || !canvas()->originClean())
76        return false;
77
78    if (!video->hasSingleSecurityOrigin())
79        return true;
80
81    if (!(video->player() && video->player()->didPassCORSAccessCheck()) && wouldTaintOrigin(video->currentSrc()))
82        return true;
83
84    return false;
85}
86
87bool CanvasRenderingContext::wouldTaintOrigin(const KURL& url)
88{
89    if (!canvas()->originClean() || m_cleanURLs.contains(url.string()))
90        return false;
91
92    if (canvas()->securityOrigin()->taintsCanvas(url))
93        return true;
94
95    if (url.protocolIsData())
96        return false;
97
98    m_cleanURLs.add(url.string());
99    return false;
100}
101
102void CanvasRenderingContext::checkOrigin(const KURL& url)
103{
104    if (wouldTaintOrigin(url))
105        canvas()->setOriginTainted();
106}
107
108} // namespace WebCore
109