Diff
Modified: trunk/LayoutTests/ChangeLog (97508 => 97509)
--- trunk/LayoutTests/ChangeLog 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/ChangeLog 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,27 @@
+2011-10-14 Adam Barth <[email protected]>
+
+ canvas getImageData should explain why it throws SECURITY_ERR
+ https://bugs.webkit.org/show_bug.cgi?id=70088
+
+ Reviewed by Darin Adler.
+
+ Update test results to show the new error message.
+
+ * http/tests/canvas/philip/tests/security.drawImage.canvas-expected.txt:
+ * http/tests/canvas/philip/tests/security.drawImage.image-expected.txt:
+ * http/tests/canvas/philip/tests/security.pattern.canvas.fillStyle-expected.txt:
+ * http/tests/canvas/philip/tests/security.pattern.canvas.strokeStyle-expected.txt:
+ * http/tests/canvas/philip/tests/security.pattern.cross-expected.txt:
+ * http/tests/canvas/philip/tests/security.pattern.image.fillStyle-expected.txt:
+ * http/tests/canvas/philip/tests/security.pattern.image.strokeStyle-expected.txt:
+ * http/tests/security/canvas-remote-read-data-url-svg-image-expected.txt:
+ * http/tests/security/canvas-remote-read-redirect-to-remote-image-expected.txt:
+ * http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt:
+ * http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed-expected.txt:
+ * http/tests/security/canvas-remote-read-remote-image-expected.txt:
+ * http/tests/security/canvas-remote-read-remote-image-redirect-expected.txt:
+ * http/tests/security/canvas-remote-read-svg-image-expected.txt:
+
2011-10-14 Dimitri Glazkov <[email protected]>
[Chromium] Update expectations after r97502.
Modified: trunk/LayoutTests/fast/canvas/svg-taint-expected.txt (97508 => 97509)
--- trunk/LayoutTests/fast/canvas/svg-taint-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/fast/canvas/svg-taint-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
Let's check that rendering an SVG pattern to a canvas taints it!
See https://bugs.webkit.org/show_bug.cgi?id=36838
Modified: trunk/LayoutTests/http/tests/canvas/philip/tests/security.drawImage.canvas-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/canvas/philip/tests/security.drawImage.canvas-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/canvas/philip/tests/security.drawImage.canvas-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
< [index] >
security.drawImage.canvas
drawImage of unclean canvas makes the canvas origin-unclean
Modified: trunk/LayoutTests/http/tests/canvas/philip/tests/security.drawImage.image-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/canvas/philip/tests/security.drawImage.image-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/canvas/philip/tests/security.drawImage.image-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
< [index] >
security.drawImage.image
drawImage of different-origin image makes the canvas origin-unclean
Modified: trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.canvas.fillStyle-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.canvas.fillStyle-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.canvas.fillStyle-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
< [index] >
security.pattern.canvas.fillStyle
Setting fillStyle to a pattern of an unclean canvas makes the canvas origin-unclean
Modified: trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.canvas.strokeStyle-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.canvas.strokeStyle-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.canvas.strokeStyle-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
< [index] >
security.pattern.canvas.strokeStyle
Setting strokeStyle to a pattern of an unclean canvas makes the canvas origin-unclean
Modified: trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.cross-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.cross-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.cross-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
< [index] >
security.pattern.cross
Using an unclean pattern makes the target canvas origin-unclean, not the pattern canvas
Modified: trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.image.fillStyle-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.image.fillStyle-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.image.fillStyle-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
< [index] >
security.pattern.image.fillStyle
Setting fillStyle to a pattern of a different-origin image makes the canvas origin-unclean
Modified: trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.image.strokeStyle-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.image.strokeStyle-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/canvas/philip/tests/security.pattern.image.strokeStyle-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
< [index] >
security.pattern.image.strokeStyle
Setting strokeStyle to a pattern of a different-origin image makes the canvas origin-unclean
Modified: trunk/LayoutTests/http/tests/security/canvas-remote-read-data-url-svg-image-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/security/canvas-remote-read-data-url-svg-image-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/security/canvas-remote-read-data-url-svg-image-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
This tests that drawing a remote SVG image onto a canvas from a data URL taints the canvas
PASS: getImageData failed. Canvas tainted.
Modified: trunk/LayoutTests/http/tests/security/canvas-remote-read-redirect-to-remote-image-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/security/canvas-remote-read-redirect-to-remote-image-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/security/canvas-remote-read-redirect-to-remote-image-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
This tests that drawing an image that redirects to a remote image to a canvas taints the canvas
PASS: getImageData failed. Canvas tainted.
Modified: trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,7 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
Untainted canvas:
PASS: Calling getImageData() from an untainted canvas was allowed.
PASS: Calling toDataURL() on an untainted canvas was allowed.
Modified: trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
Test that if an image is served with "Access-Control-Allow-Origin: *", then loading it first without and then with a CORS request works the second time.
Testing uploading without CORS headers
PASS: image tainted canvas
Modified: trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,7 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
Untainted canvas:
PASS: Calling getImageData() from an untainted canvas was allowed.
PASS: Calling toDataURL() on an untainted canvas was allowed.
Modified: trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-redirect-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-redirect-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-redirect-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,7 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
Untainted canvas:
PASS: Calling getImageData() from an untainted canvas was allowed.
PASS: Calling toDataURL() on an untainted canvas was allowed.
Modified: trunk/LayoutTests/http/tests/security/canvas-remote-read-svg-image-expected.txt (97508 => 97509)
--- trunk/LayoutTests/http/tests/security/canvas-remote-read-svg-image-expected.txt 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/LayoutTests/http/tests/security/canvas-remote-read-svg-image-expected.txt 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
This tests that drawing a SVG image to a canvas taints the canvas
PASS: getImageData failed. Canvas tainted.
Modified: trunk/Source/WebCore/ChangeLog (97508 => 97509)
--- trunk/Source/WebCore/ChangeLog 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/Source/WebCore/ChangeLog 2011-10-14 21:50:58 UTC (rev 97509)
@@ -1,3 +1,16 @@
+2011-10-14 Adam Barth <[email protected]>
+
+ canvas getImageData should explain why it throws SECURITY_ERR
+ https://bugs.webkit.org/show_bug.cgi?id=70088
+
+ Reviewed by Darin Adler.
+
+ Log as message to the console when getImageData fails because the
+ canvas is tainted.
+
+ * html/canvas/CanvasRenderingContext2D.cpp:
+ (WebCore::CanvasRenderingContext2D::getImageData):
+
2011-10-14 Andreas Kling <[email protected]>
Inspector: Remove StyleBase usage.
Modified: trunk/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp (97508 => 97509)
--- trunk/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp 2011-10-14 21:33:49 UTC (rev 97508)
+++ trunk/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp 2011-10-14 21:50:58 UTC (rev 97509)
@@ -41,6 +41,7 @@
#include "CanvasGradient.h"
#include "CanvasPattern.h"
#include "CanvasStyle.h"
+#include "Console.h"
#include "ExceptionCode.h"
#include "FloatConversion.h"
#include "FontCache.h"
@@ -55,6 +56,7 @@
#include "KURL.h"
#include "Page.h"
#include "RenderHTMLCanvas.h"
+#include "ScriptCallStack.h"
#include "SecurityOrigin.h"
#include "Settings.h"
#include "StrokeStyleApplier.h"
@@ -1757,6 +1759,8 @@
PassRefPtr<ImageData> CanvasRenderingContext2D::getImageData(float sx, float sy, float sw, float sh, ExceptionCode& ec) const
{
if (!canvas()->originClean()) {
+ DEFINE_STATIC_LOCAL(String, consoleMessage, ("Unable to get image data from canvas because the canvas has been tainted by cross-origin data."));
+ canvas()->document()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String(), 0);
ec = SECURITY_ERR;
return 0;
}
