Diff
Modified: branches/safari-603-branch/LayoutTests/ChangeLog (218329 => 218330)
--- branches/safari-603-branch/LayoutTests/ChangeLog 2017-06-15 14:03:03 UTC (rev 218329)
+++ branches/safari-603-branch/LayoutTests/ChangeLog 2017-06-15 15:15:03 UTC (rev 218330)
@@ -1,3 +1,27 @@
+2017-06-15 Matthew Hanson <matthew_han...@apple.com>
+
+ Cherry-pick r218300. rdar://problem/31971362
+
+ 2017-06-14 Dean Jackson <d...@apple.com>
+
+ Restrict filtered painting across cross-origin boundaries with transforms
+ https://bugs.webkit.org/show_bug.cgi?id=173388
+ <rdar://problem/27362159>
+
+ Reviewed by Simon Fraser.
+
+ New test that checks painting across a origin boundary when in
+ a transformed container. Also clean up the existing test
+ to make it smfr-compliant (green is good, red is bad).
+
+ * http/tests/css/filters-on-iframes-expected.html:
+ * http/tests/css/filters-on-iframes-transform-expected.html: Added.
+ * http/tests/css/filters-on-iframes-transform.html: Added.
+ * http/tests/css/filters-on-iframes.html:
+ * http/tests/css/resources/references-external-green.html: Copied from LayoutTests/http/tests/css/resources/references-external.html.
+ * http/tests/css/resources/references-external-red.html: Renamed from LayoutTests/http/tests/css/resources/references-external.html.
+ * http/tests/css/resources/solid-green.html: Added.
+
2017-06-05 Ryan Haddad <ryanhad...@apple.com>
Merge r216126.
Modified: branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes-expected.html (218329 => 218330)
--- branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes-expected.html 2017-06-15 14:03:03 UTC (rev 218329)
+++ branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes-expected.html 2017-06-15 15:15:03 UTC (rev 218330)
@@ -5,36 +5,60 @@
}
iframe {
border: none;
+ background-color: red;
}
div {
display: inline-block;
}
+.filtered {
+ filter: url(#noop);
+}
+.wrapper {
+ width: 300px;
+ height: 150px;
+ overflow: hidden;
+}
+.scroll {
+ width: 50px;
+ height: 50px;
+ overflow: hidden;
+ transform: scale(20);
+}
+svg {
+ display: none;
+}
</style>
+<p>Seeing green is ok. Seeing any red is bad.</p>
+<p>Same origin</p>
<div>
- <iframe src=""
+ <iframe src=""
</div>
<div class="filtered">
- <iframe src=""
+ <iframe src=""
</div>
<br>
+<p>Cross origin (must have http server running)</p>
<div>
- <iframe src=""
+ <iframe src=""
</div>
<div class="filtered">
- <iframe src=""
+ <iframe style="background-color: white" src=""
</div>
<br>
+<p>Same origin that then references cross origin (must have http server running)</p>
<div>
- <iframe src=""
+ <iframe src=""
</div>
<div class="filtered">
- <iframe src=""
+ <iframe style="background-color: white" src=""
</div>
+
+<br>
Added: branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes-transform-expected.html (0 => 218330)
--- branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes-transform-expected.html (rev 0)
+++ branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes-transform-expected.html 2017-06-15 15:15:03 UTC (rev 218330)
@@ -0,0 +1,42 @@
+<style>
+body {
+ margin: 0;
+ padding: 0;
+}
+iframe {
+ border: none;
+ background-color: red;
+}
+div {
+ display: inline-block;
+}
+.filtered {
+ filter: url(#noop);
+}
+.wrapper {
+ width: 300px;
+ height: 150px;
+ overflow: hidden;
+}
+.scroll {
+ width: 50px;
+ height: 50px;
+ overflow: hidden;
+ transform: scale(20);
+}
+svg {
+ display: none;
+}
+</style>
+<p>Cross origin with transform (must have http server running)</p>
+<div class="wrapper">
+ <div class="scroll">
+ <iframe src=""
+ </div>
+</div>
+
+<div class="wrapper filtered">
+ <div class="scroll">
+ <iframe style="background-color: white" src=""
+ </div>
+</div>
Added: branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes-transform.html (0 => 218330)
--- branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes-transform.html (rev 0)
+++ branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes-transform.html 2017-06-15 15:15:03 UTC (rev 218330)
@@ -0,0 +1,51 @@
+<style>
+body {
+ margin: 0;
+ padding: 0;
+}
+iframe {
+ border: none;
+ background-color: red;
+}
+div {
+ display: inline-block;
+}
+.filtered {
+ filter: url(#noop);
+}
+.wrapper {
+ width: 300px;
+ height: 150px;
+ overflow: hidden;
+}
+.scroll {
+ width: 50px;
+ height: 50px;
+ overflow: hidden;
+ transform: scale(20);
+}
+svg {
+ display: none;
+}
+</style>
+
+<p>Cross origin with transform (must have http server running)</p>
+<div class="wrapper">
+ <div class="scroll">
+ <iframe src=""
+ </div>
+</div>
+
+<div class="wrapper filtered">
+ <div class="scroll">
+ <iframe style="background-color: white" src=""
+ </div>
+</div>
+
+<svg>
+ <defs>
+ <filter id="noop">
+ <feMorphology operator="dilate" in="SourceGraphic" radius="0"/>
+ </filter>
+ </defs>
+</svg>
Modified: branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes.html (218329 => 218330)
--- branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes.html 2017-06-15 14:03:03 UTC (rev 218329)
+++ branches/safari-603-branch/LayoutTests/http/tests/css/filters-on-iframes.html 2017-06-15 15:15:03 UTC (rev 218330)
@@ -5,6 +5,7 @@
}
iframe {
border: none;
+ background-color: red;
}
div {
display: inline-block;
@@ -16,35 +17,41 @@
display: none;
}
</style>
+<p>Seeing green is ok. Seeing any red is bad.</p>
+<p>Same origin</p>
<div>
- <iframe src=""
+ <iframe src=""
</div>
<div class="filtered">
- <iframe src=""
+ <iframe src=""
</div>
<br>
+<p>Cross origin (must have http server running)</p>
<div>
- <iframe src=""
+ <iframe src=""
</div>
<div class="filtered">
- <iframe src=""
+ <iframe style="background-color: white" src=""
</div>
<br>
+<p>Same origin that then references cross origin (must have http server running)</p>
<div>
- <iframe src=""
+ <iframe src=""
</div>
<div class="filtered">
- <iframe src=""
+ <iframe style="background-color: white" src=""
</div>
+<br>
+
<svg>
<defs>
<filter id="noop">
Copied: branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external-green.html (from rev 218282, branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external.html) (0 => 218330)
--- branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external-green.html (rev 0)
+++ branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external-green.html 2017-06-15 15:15:03 UTC (rev 218330)
@@ -0,0 +1,11 @@
+<style>
+body {
+ margin: 0;
+ padding: 0;
+}
+
+iframe {
+ border: none;
+}
+</style>
+<iframe src=""
Copied: branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external-red.html (from rev 218282, branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external.html) (0 => 218330)
--- branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external-red.html (rev 0)
+++ branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external-red.html 2017-06-15 15:15:03 UTC (rev 218330)
@@ -0,0 +1,11 @@
+<style>
+body {
+ margin: 0;
+ padding: 0;
+}
+
+iframe {
+ border: none;
+}
+</style>
+<iframe src=""
Deleted: branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external.html (218329 => 218330)
--- branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external.html 2017-06-15 14:03:03 UTC (rev 218329)
+++ branches/safari-603-branch/LayoutTests/http/tests/css/resources/references-external.html 2017-06-15 15:15:03 UTC (rev 218330)
@@ -1,11 +0,0 @@
-<style>
-body {
- margin: 0;
- padding: 0;
-}
-
-iframe {
- border: none;
-}
-</style>
-<iframe src=""
Added: branches/safari-603-branch/LayoutTests/http/tests/css/resources/solid-green.html (0 => 218330)
--- branches/safari-603-branch/LayoutTests/http/tests/css/resources/solid-green.html (rev 0)
+++ branches/safari-603-branch/LayoutTests/http/tests/css/resources/solid-green.html 2017-06-15 15:15:03 UTC (rev 218330)
@@ -0,0 +1,5 @@
+<style>
+ body {
+ background-color: green;
+ }
+</style>
Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (218329 => 218330)
--- branches/safari-603-branch/Source/WebCore/ChangeLog 2017-06-15 14:03:03 UTC (rev 218329)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog 2017-06-15 15:15:03 UTC (rev 218330)
@@ -1,3 +1,26 @@
+2017-06-15 Matthew Hanson <matthew_han...@apple.com>
+
+ Cherry-pick r218300. rdar://problem/31971362
+
+ 2017-06-14 Dean Jackson <d...@apple.com>
+
+ Restrict filtered painting across cross-origin boundaries with transforms
+ https://bugs.webkit.org/show_bug.cgi?id=173388
+ <rdar://problem/27362159>
+
+ Reviewed by Simon Fraser.
+
+ Make sure all cases of LayerPaintingInfo maintain the security
+ flag. In this case there was only one new place, and since
+ everything is scalar, there was no need for a real copy constructor.
+
+ Test: http/tests/css/filters-on-iframes-transform.html
+
+ * rendering/RenderLayer.cpp:
+ (WebCore::RenderLayer::paintLayerByApplyingTransform): Make sure the cross
+ origin flag is used in the call to paint the layer children.
+ * rendering/RenderLayer.h: Fix some typos.
+
2017-06-01 Matthew Hanson <matthew_han...@apple.com>
Cherry-pick r212174. rdar://problem/32080671
Modified: branches/safari-603-branch/Source/WebCore/rendering/RenderLayer.cpp (218329 => 218330)
--- branches/safari-603-branch/Source/WebCore/rendering/RenderLayer.cpp 2017-06-15 14:03:03 UTC (rev 218329)
+++ branches/safari-603-branch/Source/WebCore/rendering/RenderLayer.cpp 2017-06-15 15:15:03 UTC (rev 218330)
@@ -4510,8 +4510,10 @@
// Now do a paint with the root layer shifted to be us.
LayoutSize adjustedSubpixelOffset = offsetForThisLayer - LayoutSize(devicePixelSnappedOffsetForThisLayer);
- LayerPaintingInfo transformedPaintingInfo(this, LayoutRect(encloseRectToDevicePixels(transform.inverse().value_or(AffineTransform()).mapRect(paintingInfo.paintDirtyRect), deviceScaleFactor)),
- paintingInfo.paintBehavior, adjustedSubpixelOffset, paintingInfo.subtreePaintRoot, paintingInfo.overlapTestRequests);
+ LayerPaintingInfo transformedPaintingInfo(paintingInfo);
+ transformedPaintingInfo.rootLayer = this;
+ transformedPaintingInfo.paintDirtyRect = LayoutRect(encloseRectToDevicePixels(transform.inverse().value_or(AffineTransform()).mapRect(paintingInfo.paintDirtyRect), deviceScaleFactor));
+ transformedPaintingInfo.subpixelOffset = adjustedSubpixelOffset;
paintLayerContentsAndReflection(context, transformedPaintingInfo, paintFlags);
context.setCTM(oldTransfrom);
}
Modified: branches/safari-603-branch/Source/WebCore/rendering/RenderLayer.h (218329 => 218330)
--- branches/safari-603-branch/Source/WebCore/rendering/RenderLayer.h 2017-06-15 14:03:03 UTC (rev 218329)
+++ branches/safari-603-branch/Source/WebCore/rendering/RenderLayer.h 2017-06-15 15:15:03 UTC (rev 218330)
@@ -678,18 +678,19 @@
enum CollectLayersBehavior { StopAtStackingContexts, StopAtStackingContainers };
struct LayerPaintingInfo {
- LayerPaintingInfo(RenderLayer* inRootLayer, const LayoutRect& inDirtyRect, PaintBehavior inPaintBehavior, const LayoutSize& inSupixelOffset, RenderObject* inSubtreePaintRoot = nullptr, OverlapTestRequestMap* inOverlapTestRequests = nullptr, bool inRequireSecurityOriginAccessForWidgets = false)
+ LayerPaintingInfo(RenderLayer* inRootLayer, const LayoutRect& inDirtyRect, PaintBehavior inPaintBehavior, const LayoutSize& inSubpixelOffset, RenderObject* inSubtreePaintRoot = nullptr, OverlapTestRequestMap* inOverlapTestRequests = nullptr, bool inRequireSecurityOriginAccessForWidgets = false)
: rootLayer(inRootLayer)
, subtreePaintRoot(inSubtreePaintRoot)
, paintDirtyRect(inDirtyRect)
- , subpixelOffset(inSupixelOffset)
+ , subpixelOffset(inSubpixelOffset)
, overlapTestRequests(inOverlapTestRequests)
, paintBehavior(inPaintBehavior)
, requireSecurityOriginAccessForWidgets(inRequireSecurityOriginAccessForWidgets)
{ }
+
RenderLayer* rootLayer;
- RenderObject* subtreePaintRoot; // only paint descendants of this object
- LayoutRect paintDirtyRect; // relative to rootLayer;
+ RenderObject* subtreePaintRoot; // Only paint descendants of this object.
+ LayoutRect paintDirtyRect; // Relative to rootLayer;
LayoutSize subpixelOffset;
OverlapTestRequestMap* overlapTestRequests; // May be null.
PaintBehavior paintBehavior;
