<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[230247] branches/safari-605-branch</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/230247">230247</a></dd>
<dt>Author</dt> <dd>jmarcell@apple.com</dd>
<dt>Date</dt> <dd>2018-04-03 23:11:13 -0700 (Tue, 03 Apr 2018)</dd>
</dl>

<h3>Log Message</h3>
<pre>Cherry-pick <a href="http://trac.webkit.org/projects/webkit/changeset/230006">r230006</a>. rdar://problem/38154623

    CSS mask images should be retrieved using potentially CORS-enabled fetch
    https://bugs.webkit.org/show_bug.cgi?id=179983
    <rdar://problem/35678149>

    Reviewed by Brent Fulgham.

    Source/WebCore:

    As per <https://drafts.fxtf.org/css-masking-1/#priv-sec> (Editor’s Draft, 23 December 2017)
    we should fetch CSS mask images using a potentially CORS-enabled fetch.

    Both cross-origin CSS shape-outside images and CSS mask images may be sensitive to timing
    attacks that can be used to reveal their pixel data when retrieved without regard to CORS.
    For the same reason that we fetch CSS shape-outside images using a potentially CORS-enabled
    fetch we should fetch CSS mask the same way. This also makes the behavior of WebKit more
    closely align with the behavior in the spec.

    Test: http/tests/security/css-mask-image.html

    * page/Settings.yaml: Add a setting for toggle "Anonymous" mode fetching of mask images (defaults: true).
    We need this setting to avoid breaking the developer convenience feature that some modern media controls
    layout tests employ to load assets from the filesystem as opposed to using the hardcoded data URLs baked
    into the WebKit binary.
    * style/StylePendingResources.cpp: Substitute LoadPolicy::NoCORS and LoadPolicy::Anonymous for
    LoadPolicy::Normal and LoadPolicy::ShapeOutside, respectively, to match the terminology used
    in the HTML, CSS Shapes Module Level 1, and CSS Masking Module Level 1 specs.
    (WebCore::Style::loadPendingImage): Ditto.
    (WebCore::Style::loadPendingResources): Use load policy LoadPolicy::Anonymous when fetching
    a mask image or shape-outside image.

    LayoutTests:

    Add a test to ensure we do not fetch a cross-origin CSS mask image that does
    not allow CORS access.

    * http/tests/security/css-mask-image-expected.html: Added.
    * http/tests/security/css-mask-image.html: Added.
    * http/tests/security/resources/black-square.png: Added.
    * http/tests/security/resources/fail-mask.png: Added.
    * media/modern-media-controls/resources/media-controls-loader.js: Disable "Anonymous" mode
    fetching of mask images to allow modern media controls to load mask assets from the filesystem.

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230006 268f45cc-cd09-0410-ab3c-d52691b4dbfc</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari605branchLayoutTestsChangeLog">branches/safari-605-branch/LayoutTests/ChangeLog</a></li>
<li><a href="#branchessafari605branchLayoutTestsmediamodernmediacontrolsresourcesmediacontrolsloaderjs">branches/safari-605-branch/LayoutTests/media/modern-media-controls/resources/media-controls-loader.js</a></li>
<li><a href="#branchessafari605branchSourceWebCoreChangeLog">branches/safari-605-branch/Source/WebCore/ChangeLog</a></li>
<li><a href="#branchessafari605branchSourceWebCorepageSettingsyaml">branches/safari-605-branch/Source/WebCore/page/Settings.yaml</a></li>
<li><a href="#branchessafari605branchSourceWebCorestyleStylePendingResourcescpp">branches/safari-605-branch/Source/WebCore/style/StylePendingResources.cpp</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari605branchLayoutTestshttptestssecuritycssmaskimageexpectedhtml">branches/safari-605-branch/LayoutTests/http/tests/security/css-mask-image-expected.html</a></li>
<li><a href="#branchessafari605branchLayoutTestshttptestssecuritycssmaskimagehtml">branches/safari-605-branch/LayoutTests/http/tests/security/css-mask-image.html</a></li>
<li><a href="#branchessafari605branchLayoutTestshttptestssecurityresourcesblacksquarepng">branches/safari-605-branch/LayoutTests/http/tests/security/resources/black-square.png</a></li>
<li><a href="#branchessafari605branchLayoutTestshttptestssecurityresourcesfailmaskpng">branches/safari-605-branch/LayoutTests/http/tests/security/resources/fail-mask.png</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari605branchLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-605-branch/LayoutTests/ChangeLog (230246 => 230247)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-605-branch/LayoutTests/ChangeLog 2018-04-04 06:11:08 UTC (rev 230246)
+++ branches/safari-605-branch/LayoutTests/ChangeLog    2018-04-04 06:11:13 UTC (rev 230247)
</span><span class="lines">@@ -1,5 +1,71 @@
</span><span class="cx"> 2018-04-03  Jason Marcell  <jmarcell@apple.com>
</span><span class="cx"> 
</span><ins>+        Cherry-pick r230006. rdar://problem/38154623
+
+    CSS mask images should be retrieved using potentially CORS-enabled fetch
+    https://bugs.webkit.org/show_bug.cgi?id=179983
+    <rdar://problem/35678149>
+    
+    Reviewed by Brent Fulgham.
+    
+    Source/WebCore:
+    
+    As per <https://drafts.fxtf.org/css-masking-1/#priv-sec> (Editor’s Draft, 23 December 2017)
+    we should fetch CSS mask images using a potentially CORS-enabled fetch.
+    
+    Both cross-origin CSS shape-outside images and CSS mask images may be sensitive to timing
+    attacks that can be used to reveal their pixel data when retrieved without regard to CORS.
+    For the same reason that we fetch CSS shape-outside images using a potentially CORS-enabled
+    fetch we should fetch CSS mask the same way. This also makes the behavior of WebKit more
+    closely align with the behavior in the spec.
+    
+    Test: http/tests/security/css-mask-image.html
+    
+    * page/Settings.yaml: Add a setting for toggle "Anonymous" mode fetching of mask images (defaults: true).
+    We need this setting to avoid breaking the developer convenience feature that some modern media controls
+    layout tests employ to load assets from the filesystem as opposed to using the hardcoded data URLs baked
+    into the WebKit binary.
+    * style/StylePendingResources.cpp: Substitute LoadPolicy::NoCORS and LoadPolicy::Anonymous for
+    LoadPolicy::Normal and LoadPolicy::ShapeOutside, respectively, to match the terminology used
+    in the HTML, CSS Shapes Module Level 1, and CSS Masking Module Level 1 specs.
+    (WebCore::Style::loadPendingImage): Ditto.
+    (WebCore::Style::loadPendingResources): Use load policy LoadPolicy::Anonymous when fetching
+    a mask image or shape-outside image.
+    
+    LayoutTests:
+    
+    Add a test to ensure we do not fetch a cross-origin CSS mask image that does
+    not allow CORS access.
+    
+    * http/tests/security/css-mask-image-expected.html: Added.
+    * http/tests/security/css-mask-image.html: Added.
+    * http/tests/security/resources/black-square.png: Added.
+    * http/tests/security/resources/fail-mask.png: Added.
+    * media/modern-media-controls/resources/media-controls-loader.js: Disable "Anonymous" mode
+    fetching of mask images to allow modern media controls to load mask assets from the filesystem.
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230006 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2018-03-27  Daniel Bates  <dabates@apple.com>
+
+            CSS mask images should be retrieved using potentially CORS-enabled fetch
+            https://bugs.webkit.org/show_bug.cgi?id=179983
+            <rdar://problem/35678149>
+
+            Reviewed by Brent Fulgham.
+
+            Add a test to ensure we do not fetch a cross-origin CSS mask image that does
+            not allow CORS access.
+
+            * http/tests/security/css-mask-image-expected.html: Added.
+            * http/tests/security/css-mask-image.html: Added.
+            * http/tests/security/resources/black-square.png: Added.
+            * http/tests/security/resources/fail-mask.png: Added.
+            * media/modern-media-controls/resources/media-controls-loader.js: Disable "Anonymous" mode
+            fetching of mask images to allow modern media controls to load mask assets from the filesystem.
+
+2018-04-03  Jason Marcell  <jmarcell@apple.com>
+
</ins><span class="cx">         Cherry-pick r230146. rdar://problem/39155245
</span><span class="cx"> 
</span><span class="cx">     Show punycode if URL contains hyphen character
</span></span></pre></div>
<a id="branchessafari605branchLayoutTestshttptestssecuritycssmaskimageexpectedhtml"></a>
<div class="addfile"><h4>Added: branches/safari-605-branch/LayoutTests/http/tests/security/css-mask-image-expected.html (0 => 230247)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-605-branch/LayoutTests/http/tests/security/css-mask-image-expected.html                          (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/security/css-mask-image-expected.html     2018-04-04 06:11:13 UTC (rev 230247)
</span><span class="lines">@@ -0,0 +1,18 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<style>
+.square {
+    width: 128px;
+    height: 128px;
+}
+</style>
+</head>
+<body>
+<p>This tests that a potentially CORS fetch is performed for a CSS mask image. This test PASSED if you see a solid yellow square and solid blue square below (in order). Otherwise, it FAILED.</p>
+<p>Without CORS access:</p>
+<div class="square" style="background-color: yellow"></div>
+<p>With CORS access:</p>
+<div class="square" style="background-color: blue"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari605branchLayoutTestshttptestssecuritycssmaskimagehtml"></a>
<div class="addfile"><h4>Added: branches/safari-605-branch/LayoutTests/http/tests/security/css-mask-image.html (0 => 230247)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-605-branch/LayoutTests/http/tests/security/css-mask-image.html                           (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/security/css-mask-image.html      2018-04-04 06:11:13 UTC (rev 230247)
</span><span class="lines">@@ -0,0 +1,36 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<style>
+.square {
+    width: 128px;
+    height: 128px;
+}
+
+.blue-background {
+    background-color: blue;
+}
+
+.mask-cors-no-access {
+    mask-image: url("http://localhost:8000/security/resources/image-access-control.php?file=fail-mask.png");
+    mask-size: 128px 128px;
+    -webkit-mask-image: url("http://localhost:8000/security/resources/image-access-control.php?file=fail-mask.png");
+    -webkit-mask-size: 128px 128px;
+}
+
+.mask-cors-has-access {
+    mask-image: url("http://localhost:8000/security/resources/image-access-control.php?allow=true&file=black-square.png");
+    mask-size: 128px 128px;
+    -webkit-mask-image: url("http://localhost:8000/security/resources/image-access-control.php?allow=true&file=black-square.png");
+    -webkit-mask-size: 128px 128px;
+}
+</style>
+</head>
+<body>
+<p>This tests that a potentially CORS fetch is performed for a CSS mask image. This test PASSED if you see a solid yellow square and solid blue square below (in order). Otherwise, it FAILED.</p>
+<p>Without CORS access:</p>
+<div class="square" style="background-color: yellow"><div class="square blue-background mask-cors-no-access"></div></div>
+<p>With CORS access:</p>
+<div class="square blue-background mask-cors-has-access"></div>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari605branchLayoutTestshttptestssecurityresourcesblacksquarepng"></a>
<div class="addfile"><h4>Added: branches/safari-605-branch/LayoutTests/http/tests/security/resources/black-square.png (0 => 230247)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-605-branch/LayoutTests/http/tests/security/resources/black-square.png                            (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/security/resources/black-square.png       2018-04-04 06:11:13 UTC (rev 230247)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+\x89PNG
+
++IHDR\xD3?1 pHYs  \x9A\x9C\xD5IDATx\xDA\xED\xC11 \xF5O\xEDe \xA0\x80-\x9E\xCB\xC2\xEDIEND\xAEB`\x82
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchessafari605branchLayoutTestshttptestssecurityresourcesfailmaskpng"></a>
<div class="addfile"><h4>Added: branches/safari-605-branch/LayoutTests/http/tests/security/resources/fail-mask.png (0 => 230247)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-605-branch/LayoutTests/http/tests/security/resources/fail-mask.png                               (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/security/resources/fail-mask.png  2018-04-04 06:11:13 UTC (rev 230247)
</span><span class="lines">@@ -0,0 +1,13 @@
</span><ins>+\x89PNG
+
++IHDR\r\xA8fbKGD\xFF\xFF\xFF\xA0\xBD\xA7\x93    pHYs  \x9A\x9C\x86IDATx\xDA\xED\xDD{\xACU\xF0\xEF-\xAF6J$\x945(jBQC\x8A\xF1+"\x8A\x8B6\x96D-U
+\xA8\x89\xC6ǟ\xC4G\xE2?\xA6h\xA2\xFEa⣖G,\x8A\xB4J\xC0\xC4\xF20!y4F\xC5T\xE3\xA9F
+X\x94G{\xCB\xE3^\xFF\x98\xBD\x91\\xF7L\xEF\xEE\x9D;;\xCB~>\xC9Mn\xF6\xECΞ\x999\xF3\xDBs\xCE\xCC9'g}\x92[\x92\xECOr0\xC9\xDE$[\x93\xBCr\x84y\x9AJ\xF2\xD9^^%y0\xC9ג?\xE4\xF6\xCEIrG\x92'\x93<\x92dg\x92\xD78\xF5,\xA4 \x9E\x9D\xE4\x8A$\xBFO\xF2x\x92\x99$\xB3-\xFFH\xF2\xC3$\xAB޿/\xD7|\xE7\xBE$\xA7\x8F\xE8\xB8\xAC\x90\xA7k\x86\xD8֚^\x99\xBF\xAD\xBDI\x8EU\xC4)Y\x91\xE4\xDA\\xECu\xD75\xB8\xEB\xF0}{zA\xB0m\xBB \xF9\x99⢽\xBCf\xFF\xCET\xCC)\xF9v\xC7.\xFE\xD9\xDE/ٲ\x86\xF6\xEF\xF6~\xE7\x86\xFB_\xD7\xE4\xE7+\x9E\xC7\xF7+\xE6\x83[6\xFBxj\x92\x8Fw0_\xC7$9\xAA\x81\xED\xACI\xF2\xD6\xBE\xF7\x8A<\x93֏\xA8\xEA{${\x92<\xDB\xC0v.\xE0\xBD\xEFJr\xB2bϤ\xD5\xBA\xE6\xEFI>\xD5P-b\xF3\xEF\x9FJr\xB1bϜ\xA3'`O\xA9I۟\xE4+I\xFE\x90\xEA\x8E@$y \xC9\xE1\xB6\xF5\xDE$//\xA4ݝ\xE4-}
 ^\xDF\xD2\xDB\xE7şIpO\xCAG\xEF\xF3}\xFBYa\xBF\xFE\x98\xE4=5\xFB\xFD\xF6\xF3\xA8P`\xA4\x8
 E\xABI\xBBk\x8C\xF7\xEBUI\xCE/\xA4\xEDJrk\x92\xFF4\xD0o\x80\xF0\xA2ux\x8C\xF3\xFEњ\xF3\xB7+\xC93In(\xA4 \xC9       \x8A?\xCB\x82\xB14\x95\xE4\x92B\xDACI\xEE\xED\xFD\xBF\xB3\xF0\x9E\xE5I>\xE40"\x8C\xA7uI^[H\xFBI\xAFM\x9C$7'y\xAA\xF0\xBEKF\x80\xF1Tw\xF1\xEEz\xC1\xFF\xD3In,\xBCom\x9278\x94\xE3\xE5eI.,\xA4\xFD-ɝ\xF3^\xBBf\xC8@\x82@}0\xD5\xE0\xA6~\xB6\xE7\xFF\xEF\xEF\xEFN\xF2p\xE1\xFD\xA5\xFE.       cR\xFD\x9FMre\x9FןKru\xE13+\x93\\xE0\x90
+\x8C\x87\xD7'ys!mw\xAA;\xFD\\xA1\x800\xFE\xEA\xE0\xD9V\x93\xB67凞΋B\x9Dw\\xAF\xCD\xDEϣ\xA9 \xAE\xB3\xBD\xF0\xFAT\xAA\x87\x8A\xE8\xB0\xF5IN*\xA4]\x99\xEAɿ:?N5      I\xA9\xA0,\x8Ci\xF5\xFB>\xFFD\xCAӐ\xADN\xF26\x87X\xA0\x9BNN5\x99G?w\xF4\xDA\xF8 \xA13` \xD5+\xFC\xD96\xC0vnO\xF2\x97B\xDA\xC6 $\xD0\xC9s\xB4\xA5\x90\xF6d\xCA~\xFA\x99\xA9\xA9,O\xF5\x90\xC0\xC4\xE87\xC7|\xD3\x8F%\xF9n\x92\x97 \x99dz\x93\x9CVHۑ\xE4\xE9\xB7wU\xFE7Xh\x90~\x86\xB02\xD5\xE2\x9F\xF2\xF3um\xF3mClo_\xAAՃ\xFAY\x9B\xE4 \xA7L\xA0y\xE7\xF1\x99RM\xDE\xD1\xCFo\x92\xDC7d^t"\xB4l\x98\xA5\xAB>\xDCk\x9B\xF7󽚪\xFC\x91\\x9F\xE4߅\xB4\xCD1@H\xA0q\xBF\xE23\xA56\xF9\xE1^\xFBX\xD3)^\x99\xEA\xA1#\xF2\xF3T\x8Bw\xE2\x8D)\xAFw\xB73\xD5⦋\xB1}\x88\xC0Ë\xCC\xD1\xBE\xFF\xA7g\xE9'\xFDW\xAA\xDBuM\xFD\xFA'\xC3u\xFE\xCDw_\x92ߦ\xA7\xDF\xDC\xA1}.\xC6]ݼ\xF4\xCB;\x9A\xE7\xE5\xBD\xC0\xD1/\xCFj\xB0\xE6\xF6\xB9\x9Ac\xF3\xC5\x8E\xBFu4\xE8\xE3}IN,\xA4}?ͭ\xEA\xB3#
 \xE5\xF5       \xB7
 (\x9A\x8CF\xA9\xFA?\x9Bj\xD2ϗ6\xF4=\x87\x92ܔj\x89\xB1\xF9NK5\xFB\xF0mN\x87@{NIrn!m*\xD5:\x86m"@\x80]\x9C\xEE,g\xBE1\xD5,\xC4\xB4t>\xB6t(?Vh\xD1;R\xBF\x9C\xF9(x4X\xA0\xC56wל\x84\x96܉I6t4ojKlS\xCA\x86\xBE\x99\xAAcp)\xFF\xD6\xD4\xE4ms\x86̄@\xBF\xB2W\xB7\xF0\xFD{\x93\xFC\xAA\x90f!\x80%tf\x927\xD2~\x97\xE4\xFE\x96\xF2\xF1\xCD\x80\xF6\xD5u\xFE\xD5M\xE1մ\xA5\xFC\x98\xF1yI^\xEDT    4kE\xAA\x89?\xFA\x99\xC9\xE2\xC6\xFDj\x92\x9Bkʊ\x84\xB6!\xE5\xE9\xB8oJ\xF2ϖ\xF3\xB3\xE3\xCDeF\xA0\xC5\xEAۮOr\xB0\x9067@\x80\xACNrN!\xED\x89$7\x8C OO%\xF9\xE9j]4\xA58    \xE3\xA6\xEE\xB9\xFFkS^\xCCs\xA9\xD5\xDD+\xE8\xEA\xA1U\x8A\x930N\x8EJ5\xF2\xAFK\xD5\xFF9\xB7&y\xA4\x90\xB6"\xA3[Ah\xBA&mS\xEF\x982\xF3\x8C\xCE;Sͻ\xD7ϟ\x93\xDC9¼=\x97\xEA\x96\xE0g
+\xE9\x97&\xF9\xCE\xF2U7G\xE1\xBA$\xF7&ٝ\xF2\x94\xE7M:\x94dO\x92\xBB\xE5n\xEB꜀\xD7\xD5\xE4\xEBK8ng\xA5~ɳ38\xFE\x83\xCE  \xB81K\xBF\x94۠[]b\xC0\xA0NJ\xF2LM\xBEN\xED\xC0q\x9B\x9B}\xA8\x94ǯ\x8F \xAC\xED`\x98I\xF7\x86p\xEB\xE8\xB8\xF5I\x8E)\xA4ݖ\xE4\xC1\xE4q6\x{15D05B}\xD2~\xCF\xFB\xFDI\xEAع\x9C\xCA\x97\x9E\x84P*0\x8Fe\xE9\xD7(y]M\xDAU:vu\xADJy\xD5\xE2z\xB8\xF0\xFA\xE1$\xCC\xCF\xF3I\xBE\xD0\xC12\xF6\xA8ߴPu\xFB\xD6\xF3\xF4\x91B\x9E\xFE\x91\xAA\x97\xBDK~Y\xC8\xEB\xF3Y\xD8\xED\xC0\xCB
+\x9F_\xCC#Η\xF7\xAA\xDE]h<w:m*\xC9'S+w\x9D\xEEU\xAF\xB7\x8E\xF8B;6U\xF2\!z6\xC9\xDD)\x8F\xA5 \xB2\xB8ί\xA9$\x9F\x9Ew\xFC\xBF\x9A\xC5Om\xBE&\xC97R\xF5\xFC?\xDE Hm^\xF8S\x8D\x9BX\xEDcǧZ/\xF0\xDC1\xF8\xB9,\xC9_\x93<\x9D\xE4\x9ET0y\xF2\x80I\xF5_9þ%\x8DQ\xB6\xE8IEND\xAEB`\x82
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="branchessafari605branchLayoutTestsmediamodernmediacontrolsresourcesmediacontrolsloaderjs"></a>
<div class="modfile"><h4>Modified: branches/safari-605-branch/LayoutTests/media/modern-media-controls/resources/media-controls-loader.js (230246 => 230247)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-605-branch/LayoutTests/media/modern-media-controls/resources/media-controls-loader.js    2018-04-04 06:11:08 UTC (rev 230246)
+++ branches/safari-605-branch/LayoutTests/media/modern-media-controls/resources/media-controls-loader.js       2018-04-04 06:11:13 UTC (rev 230247)
</span><span class="lines">@@ -1,5 +1,8 @@
</span><span class="cx"> 
</span><span class="cx"> (function() {
</span><ins>+    if (window.internals)
+        internals.settings.setUseAnonymousModeWhenFetchingMaskImages(false);
+
</ins><span class="cx">     const layoutTestsPath = window.location.href.substr(0, window.location.href.indexOf("/LayoutTests/"));
</span><span class="cx">     const modulePath = layoutTestsPath ? layoutTestsPath + "/Source/WebCore/Modules/modern-media-controls" : "/modern-media-controls";
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchessafari605branchSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (230246 => 230247)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-605-branch/Source/WebCore/ChangeLog      2018-04-04 06:11:08 UTC (rev 230246)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog 2018-04-04 06:11:13 UTC (rev 230247)
</span><span class="lines">@@ -1,5 +1,83 @@
</span><span class="cx"> 2018-04-03  Jason Marcell  <jmarcell@apple.com>
</span><span class="cx"> 
</span><ins>+        Cherry-pick r230006. rdar://problem/38154623
+
+    CSS mask images should be retrieved using potentially CORS-enabled fetch
+    https://bugs.webkit.org/show_bug.cgi?id=179983
+    <rdar://problem/35678149>
+    
+    Reviewed by Brent Fulgham.
+    
+    Source/WebCore:
+    
+    As per <https://drafts.fxtf.org/css-masking-1/#priv-sec> (Editor’s Draft, 23 December 2017)
+    we should fetch CSS mask images using a potentially CORS-enabled fetch.
+    
+    Both cross-origin CSS shape-outside images and CSS mask images may be sensitive to timing
+    attacks that can be used to reveal their pixel data when retrieved without regard to CORS.
+    For the same reason that we fetch CSS shape-outside images using a potentially CORS-enabled
+    fetch we should fetch CSS mask the same way. This also makes the behavior of WebKit more
+    closely align with the behavior in the spec.
+    
+    Test: http/tests/security/css-mask-image.html
+    
+    * page/Settings.yaml: Add a setting for toggle "Anonymous" mode fetching of mask images (defaults: true).
+    We need this setting to avoid breaking the developer convenience feature that some modern media controls
+    layout tests employ to load assets from the filesystem as opposed to using the hardcoded data URLs baked
+    into the WebKit binary.
+    * style/StylePendingResources.cpp: Substitute LoadPolicy::NoCORS and LoadPolicy::Anonymous for
+    LoadPolicy::Normal and LoadPolicy::ShapeOutside, respectively, to match the terminology used
+    in the HTML, CSS Shapes Module Level 1, and CSS Masking Module Level 1 specs.
+    (WebCore::Style::loadPendingImage): Ditto.
+    (WebCore::Style::loadPendingResources): Use load policy LoadPolicy::Anonymous when fetching
+    a mask image or shape-outside image.
+    
+    LayoutTests:
+    
+    Add a test to ensure we do not fetch a cross-origin CSS mask image that does
+    not allow CORS access.
+    
+    * http/tests/security/css-mask-image-expected.html: Added.
+    * http/tests/security/css-mask-image.html: Added.
+    * http/tests/security/resources/black-square.png: Added.
+    * http/tests/security/resources/fail-mask.png: Added.
+    * media/modern-media-controls/resources/media-controls-loader.js: Disable "Anonymous" mode
+    fetching of mask images to allow modern media controls to load mask assets from the filesystem.
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230006 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2018-03-27  Daniel Bates  <dabates@apple.com>
+
+            CSS mask images should be retrieved using potentially CORS-enabled fetch
+            https://bugs.webkit.org/show_bug.cgi?id=179983
+            <rdar://problem/35678149>
+
+            Reviewed by Brent Fulgham.
+
+            As per <https://drafts.fxtf.org/css-masking-1/#priv-sec> (Editor’s Draft, 23 December 2017)
+            we should fetch CSS mask images using a potentially CORS-enabled fetch.
+
+            Both cross-origin CSS shape-outside images and CSS mask images may be sensitive to timing
+            attacks that can be used to reveal their pixel data when retrieved without regard to CORS.
+            For the same reason that we fetch CSS shape-outside images using a potentially CORS-enabled
+            fetch we should fetch CSS mask the same way. This also makes the behavior of WebKit more
+            closely align with the behavior in the spec.
+
+            Test: http/tests/security/css-mask-image.html
+
+            * page/Settings.yaml: Add a setting for toggle "Anonymous" mode fetching of mask images (defaults: true).
+            We need this setting to avoid breaking the developer convenience feature that some modern media controls
+            layout tests employ to load assets from the filesystem as opposed to using the hardcoded data URLs baked
+            into the WebKit binary.
+            * style/StylePendingResources.cpp: Substitute LoadPolicy::NoCORS and LoadPolicy::Anonymous for
+            LoadPolicy::Normal and LoadPolicy::ShapeOutside, respectively, to match the terminology used
+            in the HTML, CSS Shapes Module Level 1, and CSS Masking Module Level 1 specs.
+            (WebCore::Style::loadPendingImage): Ditto.
+            (WebCore::Style::loadPendingResources): Use load policy LoadPolicy::Anonymous when fetching
+            a mask image or shape-outside image.
+
+2018-04-03  Jason Marcell  <jmarcell@apple.com>
+
</ins><span class="cx">         Cherry-pick r230146. rdar://problem/39155245
</span><span class="cx"> 
</span><span class="cx">     Show punycode if URL contains hyphen character
</span></span></pre></div>
<a id="branchessafari605branchSourceWebCorepageSettingsyaml"></a>
<div class="modfile"><h4>Modified: branches/safari-605-branch/Source/WebCore/page/Settings.yaml (230246 => 230247)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-605-branch/Source/WebCore/page/Settings.yaml     2018-04-04 06:11:08 UTC (rev 230246)
+++ branches/safari-605-branch/Source/WebCore/page/Settings.yaml        2018-04-04 06:11:13 UTC (rev 230247)
</span><span class="lines">@@ -103,6 +103,8 @@
</span><span class="cx">   initial: false
</span><span class="cx"> needsStorageAccessFromFileURLsQuirk:
</span><span class="cx">   initial: true
</span><ins>+useAnonymousModeWhenFetchingMaskImages:
+  initial: true
</ins><span class="cx"> javaScriptCanOpenWindowsAutomatically:
</span><span class="cx">   initial: false
</span><span class="cx"> javaScriptCanAccessClipboard:
</span></span></pre></div>
<a id="branchessafari605branchSourceWebCorestyleStylePendingResourcescpp"></a>
<div class="modfile"><h4>Modified: branches/safari-605-branch/Source/WebCore/style/StylePendingResources.cpp (230246 => 230247)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-605-branch/Source/WebCore/style/StylePendingResources.cpp        2018-04-04 06:11:08 UTC (rev 230246)
+++ branches/safari-605-branch/Source/WebCore/style/StylePendingResources.cpp   2018-04-04 06:11:13 UTC (rev 230247)
</span><span class="lines">@@ -41,8 +41,9 @@
</span><span class="cx"> namespace WebCore {
</span><span class="cx"> namespace Style {
</span><span class="cx"> 
</span><del>-enum class LoadPolicy { Normal, ShapeOutside };
-static void loadPendingImage(Document& document, const StyleImage* styleImage, const Element* element, LoadPolicy loadPolicy = LoadPolicy::Normal)
</del><ins>+// <https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes>
+enum class LoadPolicy { NoCORS, Anonymous };
+static void loadPendingImage(Document& document, const StyleImage* styleImage, const Element* element, LoadPolicy loadPolicy = LoadPolicy::NoCORS)
</ins><span class="cx"> {
</span><span class="cx">     if (!styleImage || !styleImage->isPending())
</span><span class="cx">         return;
</span><span class="lines">@@ -50,8 +51,7 @@
</span><span class="cx">     ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
</span><span class="cx">     options.contentSecurityPolicyImposition = element && element->isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
</span><span class="cx"> 
</span><del>-    // FIXME: Why does shape-outside have different policy than other properties?
-    if (loadPolicy == LoadPolicy::ShapeOutside) {
</del><ins>+    if (loadPolicy == LoadPolicy::Anonymous && document.settings().useAnonymousModeWhenFetchingMaskImages()) {
</ins><span class="cx">         options.mode = FetchOptions::Mode::Cors;
</span><span class="cx">         options.credentials = FetchOptions::Credentials::SameOrigin;
</span><span class="cx">         options.storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
</span><span class="lines">@@ -85,11 +85,14 @@
</span><span class="cx">     if (auto* reflection = style.boxReflect())
</span><span class="cx">         loadPendingImage(document, reflection->mask().image(), element);
</span><span class="cx"> 
</span><ins>+    // Masking operations may be sensitive to timing attacks that can be used to reveal the pixel data of
+    // the image used as the mask. As a means to mitigate such attacks CSS mask images and shape-outside
+    // images are retreived in "Anonymous" mode, which uses a potentially CORS-enabled fetch.
</ins><span class="cx">     for (auto* maskLayer = &style.maskLayers(); maskLayer; maskLayer = maskLayer->next())
</span><del>-        loadPendingImage(document, maskLayer->image(), element);
</del><ins>+        loadPendingImage(document, maskLayer->image(), element, LoadPolicy::Anonymous);
</ins><span class="cx"> 
</span><span class="cx">     if (style.shapeOutside())
</span><del>-        loadPendingImage(document, style.shapeOutside()->image(), element, LoadPolicy::ShapeOutside);
</del><ins>+        loadPendingImage(document, style.shapeOutside()->image(), element, LoadPolicy::Anonymous);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> }
</span></span></pre>
</div>
</div>

</body>
</html>