<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[206995] trunk/Source/WebCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/206995">206995</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2016-10-10 06:42:24 -0700 (Mon, 10 Oct 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Images and scripts should be said as clean based on CachedResource::isCORSSameOrigin
https://bugs.webkit.org/show_bug.cgi?id=162390
Patch by Youenn Fablet <youenn@apple.com> on 2016-10-10
Reviewed by Darin Adler.
No observable change of behavior.
Renaming CachedResource::isClean to isCORSSameOrigin to match html spec terminology.
Making use of it to check whether images taint canvas and whether script errors should be sanitized.
Some asserts are added to ensure that a resource fetched using one origin is not reused for another origin.
* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::sanitizeScriptError):
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::initializeStyleSheet):
* html/canvas/CanvasRenderingContext.cpp:
(WebCore::CanvasRenderingContext::wouldTaintOrigin):
* loader/cache/CachedImage.cpp:
(WebCore::CachedImage::isOriginClean):
* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::isCORSSameOrigin):
* loader/cache/CachedResource.h:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoredomScriptExecutionContextcpp">trunk/Source/WebCore/dom/ScriptExecutionContext.cpp</a></li>
<li><a href="#trunkSourceWebCorehtmlcanvasCanvasRenderingContextcpp">trunk/Source/WebCore/html/canvas/CanvasRenderingContext.cpp</a></li>
<li><a href="#trunkSourceWebCoreloadercacheCachedImagecpp">trunk/Source/WebCore/loader/cache/CachedImage.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (206994 => 206995)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-10-10 13:09:56 UTC (rev 206994)
+++ trunk/Source/WebCore/ChangeLog 2016-10-10 13:42:24 UTC (rev 206995)
</span><span class="lines">@@ -1,5 +1,31 @@
</span><span class="cx"> 2016-10-10 Youenn Fablet <youenn@apple.com>
</span><span class="cx">
</span><ins>+ Images and scripts should be said as clean based on CachedResource::isCORSSameOrigin
+ https://bugs.webkit.org/show_bug.cgi?id=162390
+
+ Reviewed by Darin Adler.
+
+ No observable change of behavior.
+
+ Renaming CachedResource::isClean to isCORSSameOrigin to match html spec terminology.
+ Making use of it to check whether images taint canvas and whether script errors should be sanitized.
+
+ Some asserts are added to ensure that a resource fetched using one origin is not reused for another origin.
+
+ * dom/ScriptExecutionContext.cpp:
+ (WebCore::ScriptExecutionContext::sanitizeScriptError):
+ * html/HTMLLinkElement.cpp:
+ (WebCore::HTMLLinkElement::initializeStyleSheet):
+ * html/canvas/CanvasRenderingContext.cpp:
+ (WebCore::CanvasRenderingContext::wouldTaintOrigin):
+ * loader/cache/CachedImage.cpp:
+ (WebCore::CachedImage::isOriginClean):
+ * loader/cache/CachedResource.cpp:
+ (WebCore::CachedResource::isCORSSameOrigin):
+ * loader/cache/CachedResource.h:
+
+2016-10-10 Youenn Fablet <youenn@apple.com>
+
</ins><span class="cx"> [Fetch API] Memory cache should not bypass redirect mode
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=162959
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoredomScriptExecutionContextcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/ScriptExecutionContext.cpp (206994 => 206995)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/ScriptExecutionContext.cpp 2016-10-10 13:09:56 UTC (rev 206994)
+++ trunk/Source/WebCore/dom/ScriptExecutionContext.cpp 2016-10-10 13:42:24 UTC (rev 206995)
</span><span class="lines">@@ -352,9 +352,15 @@
</span><span class="cx">
</span><span class="cx"> bool ScriptExecutionContext::sanitizeScriptError(String& errorMessage, int& lineNumber, int& columnNumber, String& sourceURL, Deprecated::ScriptValue& error, CachedScript* cachedScript)
</span><span class="cx"> {
</span><del>- URL targetURL = completeURL(sourceURL);
- if (securityOrigin()->canRequest(targetURL) || (cachedScript && cachedScript->passesAccessControlCheck(*securityOrigin())))
</del><ins>+ ASSERT(securityOrigin());
+ if (cachedScript) {
+ ASSERT(cachedScript->origin());
+ ASSERT(securityOrigin()->toString() == cachedScript->origin()->toString());
+ if (cachedScript->isCORSSameOrigin())
+ return false;
+ } else if (securityOrigin()->canRequest(completeURL(sourceURL)))
</ins><span class="cx"> return false;
</span><ins>+
</ins><span class="cx"> errorMessage = "Script error.";
</span><span class="cx"> sourceURL = String();
</span><span class="cx"> lineNumber = 0;
</span></span></pre></div>
<a id="trunkSourceWebCorehtmlcanvasCanvasRenderingContextcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/html/canvas/CanvasRenderingContext.cpp (206994 => 206995)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/html/canvas/CanvasRenderingContext.cpp 2016-10-10 13:09:56 UTC (rev 206994)
+++ trunk/Source/WebCore/html/canvas/CanvasRenderingContext.cpp 2016-10-10 13:42:24 UTC (rev 206995)
</span><span class="lines">@@ -60,11 +60,17 @@
</span><span class="cx"> if (!image || !canvas()->originClean())
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- CachedImage* cachedImage = image->cachedImage();
- if (!cachedImage->image()->hasSingleSecurityOrigin())
</del><ins>+ ASSERT(image->cachedImage());
+ CachedImage& cachedImage = *image->cachedImage();
+
+ ASSERT(cachedImage.image());
+ if (!cachedImage.image()->hasSingleSecurityOrigin())
</ins><span class="cx"> return true;
</span><span class="cx">
</span><del>- return wouldTaintOrigin(cachedImage->responseForSameOriginPolicyChecks().url()) && !cachedImage->passesAccessControlCheck(*canvas()->securityOrigin());
</del><ins>+ ASSERT(canvas()->securityOrigin());
+ ASSERT(cachedImage.origin());
+ ASSERT(canvas()->securityOrigin()->toString() == cachedImage.origin()->toString());
+ return !cachedImage.isCORSSameOrigin();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video)
</span></span></pre></div>
<a id="trunkSourceWebCoreloadercacheCachedImagecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedImage.cpp (206994 => 206995)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/cache/CachedImage.cpp 2016-10-10 13:09:56 UTC (rev 206994)
+++ trunk/Source/WebCore/loader/cache/CachedImage.cpp 2016-10-10 13:42:24 UTC (rev 206995)
</span><span class="lines">@@ -492,13 +492,12 @@
</span><span class="cx"> return image->currentFrameKnownToBeOpaque();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool CachedImage::isOriginClean(SecurityOrigin* securityOrigin)
</del><ins>+bool CachedImage::isOriginClean(SecurityOrigin* origin)
</ins><span class="cx"> {
</span><del>- if (!image()->hasSingleSecurityOrigin())
- return false;
- if (passesAccessControlCheck(*securityOrigin))
- return true;
- return !securityOrigin->taintsCanvas(responseForSameOriginPolicyChecks().url());
</del><ins>+ ASSERT_UNUSED(origin, origin);
+ ASSERT(this->origin());
+ ASSERT(origin->toString() == this->origin()->toString());
+ return !loadFailedOrCanceled() && isCORSSameOrigin();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> CachedResource::RevalidationDecision CachedImage::makeRevalidationDecision(CachePolicy cachePolicy) const
</span></span></pre>
</div>
</div>
</body>
</html>