Revert "Improve origin-clean algorithm"

This reverts commit e69b3f5.
acidburn0zzz · Jun 4, 2019 · 3cb9c5f · 3cb9c5f
1 parent c7749df
commit 3cb9c5f
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 41 deletions.
diff --git a/dom/canvas/CanvasRenderingContext2D.cpp b/dom/canvas/CanvasRenderingContext2D.cpp
@@ -2406,11 +2406,7 @@ CanvasRenderingContext2D::SetStyleFromUnion(const StringOrCanvasGradientOrCanvas
   }
 
   if (aValue.IsCanvasPattern()) {
-    CanvasPattern& pattern = aValue.GetAsCanvasPattern();
-    SetStyleFromPattern(pattern, aWhichStyle);
-    if (pattern.mForceWriteOnly) {
-      SetWriteOnly();
-    }
+    SetStyleFromPattern(aValue.GetAsCanvasPattern(), aWhichStyle);
     return;
   }
 
@@ -2585,12 +2581,11 @@ CanvasRenderingContext2D::CreatePattern(const CanvasImageSource& aSource,
     nsLayoutUtils::SurfaceFromElement(element,
       nsLayoutUtils::SFE_WANT_FIRST_FRAME, mTarget);
 
-  RefPtr<SourceSurface> surface = res.GetSourceSurface();
-  if (!surface) {
+  if (!res.GetSourceSurface()) {
     return nullptr;
   }
 
-  RefPtr<CanvasPattern> pat = new CanvasPattern(this, surface, repeatMode,
+  RefPtr<CanvasPattern> pat = new CanvasPattern(this, res.GetSourceSurface(), repeatMode,
                                                 res.mPrincipal, res.mIsWriteOnly,
                                                 res.mCORSUsed);
   return pat.forget();
@@ -4900,8 +4895,8 @@ CanvasRenderingContext2D::CachedSurfaceFromElement(Element* aElement)
 
   res.mSize = res.mSourceSurface->GetSize();
   res.mPrincipal = principal.forget();
+  res.mIsWriteOnly = false;
   res.mImageRequest = imgRequest.forget();
-  res.mIsWriteOnly = CheckWriteOnlySecurity(res.mCORSUsed, res.mPrincipal);
 
   return res;
 }

diff --git a/dom/canvas/CanvasUtils.cpp b/dom/canvas/CanvasUtils.cpp
@@ -126,25 +126,5 @@ CoerceDouble(const JS::Value& v, double* d)
     return true;
 }
 
-bool CheckWriteOnlySecurity(bool aCORSUsed, nsIPrincipal* aPrincipal) {
-  if (!aPrincipal) {
-    return true;
-  }
-
-  if (!aCORSUsed) {
-    nsIGlobalObject* incumbentSettingsObject = dom::GetIncumbentGlobal();
-    if (NS_WARN_IF(!incumbentSettingsObject)) {
-      return true;
-    }
-
-    nsIPrincipal* principal = incumbentSettingsObject->PrincipalOrNull();
-    if (NS_WARN_IF(!principal) || !(principal->Subsumes(aPrincipal))) {
-      return true;
-    }
-  }
-
-  return false;
-}
-
 } // namespace CanvasUtils
 } // namespace mozilla
diff --git a/dom/canvas/CanvasUtils.h b/dom/canvas/CanvasUtils.h
@@ -11,7 +11,6 @@
 #include "mozilla/dom/ToJSValue.h"
 #include "jsapi.h"
 #include "mozilla/FloatingPoint.h"
-#include "nsLayoutUtils.h"
 
 class nsIPrincipal;
 
@@ -157,10 +156,6 @@ DashArrayToJSVal(nsTArray<T>& dashes,
     }
 }
 
-// returns true if write-only mode must used for this principal based on
-// the incumbent global.
-bool CheckWriteOnlySecurity(bool aCORSUsed, nsIPrincipal* aPrincipal);
-
 } // namespace CanvasUtils
 } // namespace mozilla
 

diff --git a/dom/canvas/ImageBitmap.cpp b/dom/canvas/ImageBitmap.cpp
@@ -315,6 +315,36 @@ class CreateImageFromRawDataInMainThreadSyncTask final :
   const Maybe<IntRect>& mCropRect;
 };
 
+static bool
+CheckSecurityForHTMLElements(bool aIsWriteOnly, bool aCORSUsed, nsIPrincipal* aPrincipal)
+{
+  MOZ_ASSERT(aPrincipal);
+
+  if (aIsWriteOnly) {
+    return false;
+  }
+
+  if (!aCORSUsed) {
+    nsIGlobalObject* incumbentSettingsObject = GetIncumbentGlobal();
+    if (NS_WARN_IF(!incumbentSettingsObject)) {
+      return false;
+    }
+
+    nsIPrincipal* principal = incumbentSettingsObject->PrincipalOrNull();
+    if (NS_WARN_IF(!principal) || !(principal->Subsumes(aPrincipal))) {
+      return false;
+    }
+  }
+
+  return true;
+}
+
+static bool
+CheckSecurityForHTMLElements(const nsLayoutUtils::SurfaceFromElementResult& aRes)
+{
+  return CheckSecurityForHTMLElements(aRes.mIsWriteOnly, aRes.mCORSUsed, aRes.mPrincipal);
+}
+
 /*
  * A wrapper to the nsLayoutUtils::SurfaceFromElement() function followed by the
  * security checking.
@@ -335,7 +365,7 @@ GetSurfaceFromElement(nsIGlobalObject* aGlobal, HTMLElementType& aElement,
   }
 
   // Check origin-clean and pass back
-  *aWriteOnly = res.mIsWriteOnly;
+  *aWriteOnly = !CheckSecurityForHTMLElements(res);
 
   return surface.forget();
 }
@@ -788,7 +818,7 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, HTMLVideoElement& aVideoEl
   nsCOMPtr<nsIPrincipal> principal = aVideoEl.GetCurrentVideoPrincipal();
   bool CORSUsed = aVideoEl.GetCORSMode() != CORS_NONE;
 
-  writeOnly = CheckWriteOnlySecurity(CORSUsed, principal);
+  writeOnly = !CheckSecurityForHTMLElements(false, CORSUsed, principal);
 
   // Create ImageBitmap.
   ImageContainer *container = aVideoEl.GetImageContainer();

diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp
@@ -8,7 +8,6 @@
 
 #include "mozilla/ArrayUtils.h"
 #include "mozilla/BasicEvents.h"
-#include "mozilla/dom/CanvasUtils.h"
 #include "mozilla/ClearOnShutdown.h"
 #include "mozilla/EffectCompositor.h"
 #include "mozilla/EffectSet.h"
@@ -7286,10 +7285,10 @@ nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement,
   }
 
   result.mPrincipal = principal.forget();
+  // no images, including SVG images, can load content from another domain.
+  result.mIsWriteOnly = false;
   result.mImageRequest = imgRequest.forget();
   return result;
-  result.mIsWriteOnly =
-      CanvasUtils::CheckWriteOnlySecurity(result.mCORSUsed, result.mPrincipal);  
 }
 
 nsLayoutUtils::SurfaceFromElementResult
@@ -7401,8 +7400,7 @@ nsLayoutUtils::SurfaceFromElement(HTMLVideoElement* aElement,
   result.mHasSize = true;
   result.mSize = result.mLayersImage->GetSize();
   result.mPrincipal = principal.forget();
-  result.mIsWriteOnly =
-      CanvasUtils::CheckWriteOnlySecurity(result.mCORSUsed, result.mPrincipal);
+  result.mIsWriteOnly = false;
 
   return result;
 }