commit 6048d4da85bd89f810f102517102ca27821bab21 Author: Mike Perry mikeperry-git@torproject.org Date: Tue Aug 19 20:34:23 2014 -0700
fixup! Add canvas image extraction prompt.
Use JSContext to get URL information for HTML5 canvas access. --- content/canvas/src/CanvasRenderingContext2D.cpp | 2 +- content/canvas/src/CanvasUtils.cpp | 18 +++++++++++++----- content/canvas/src/CanvasUtils.h | 2 +- content/html/content/src/HTMLCanvasElement.cpp | 9 +++++---- 4 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/content/canvas/src/CanvasRenderingContext2D.cpp b/content/canvas/src/CanvasRenderingContext2D.cpp index 9be4ced..c53ac07 100644 --- a/content/canvas/src/CanvasRenderingContext2D.cpp +++ b/content/canvas/src/CanvasRenderingContext2D.cpp @@ -3506,7 +3506,7 @@ CanvasRenderingContext2D::GetImageDataArray(JSContext* aCx, if (mCanvasElement) { nsCOMPtr<nsIDocument> ownerDoc = mCanvasElement->OwnerDoc(); usePlaceholder = !ownerDoc || - !CanvasUtils::IsImageExtractionAllowed(ownerDoc); + !CanvasUtils::IsImageExtractionAllowed(ownerDoc, aCx); }
if (usePlaceholder) { diff --git a/content/canvas/src/CanvasUtils.cpp b/content/canvas/src/CanvasUtils.cpp index f2f4536..591650a 100644 --- a/content/canvas/src/CanvasUtils.cpp +++ b/content/canvas/src/CanvasUtils.cpp @@ -35,6 +35,7 @@ using namespace mozilla::gfx; #include "nsUnicharUtils.h" #include "nsPrintfCString.h" #include "nsIConsoleService.h" +#include "jsdbgapi.h"
#define TOPIC_CANVAS_PERMISSIONS_PROMPT "canvas-permissions-prompt" #define PERMISSION_CANVAS_EXTRACT_DATA "canvas/extractData" @@ -43,10 +44,9 @@ namespace mozilla { namespace CanvasUtils {
// Check site-specific permission and display prompt if appropriate. -bool -IsImageExtractionAllowed(nsIDocument *aDocument) +bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) { - if (!aDocument) + if (!aDocument || !aCx) return false;
nsPIDOMWindow *win = aDocument->GetWindow(); @@ -87,13 +87,21 @@ IsImageExtractionAllowed(nsIDocument *aDocument) rv = thirdPartyUtil->IsThirdPartyURI(uri, docURI, &isThirdParty); NS_ENSURE_SUCCESS(rv, false);
+ nsCString scriptFile("unknown"); + unsigned scriptLine = 0; + JSScript *script; + if (JS_DescribeScriptedCaller(aCx, &script, &scriptLine)) { + scriptFile = JS_GetScriptFilename(aCx, script); + } + nsCString firstPartySpec; rv = uri->GetSpec(firstPartySpec); nsCString docSpec; docURI->GetSpec(docSpec); nsPrintfCString msg("On %s: blocked access to canvas image data" - " from %s ", // L10n - firstPartySpec.get(), docSpec.get()); + " from document %s, script from %s:%u ", // L10n + firstPartySpec.get(), docSpec.get(), + scriptFile.get(), scriptLine);
nsCOMPtr<nsIConsoleService> console (do_GetService(NS_CONSOLESERVICE_CONTRACTID)); diff --git a/content/canvas/src/CanvasUtils.h b/content/canvas/src/CanvasUtils.h index d7aae4d..1e7f726 100644 --- a/content/canvas/src/CanvasUtils.h +++ b/content/canvas/src/CanvasUtils.h @@ -45,7 +45,7 @@ void DoDrawImageSecurityCheck(dom::HTMLCanvasElement *aCanvasElement, bool forceWriteOnly, bool CORSUsed);
-bool IsImageExtractionAllowed(nsIDocument *aDocument); +bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx);
// Make a double out of |v|, treating undefined values as 0.0 (for // the sake of sparse arrays). Return true iff coercion diff --git a/content/html/content/src/HTMLCanvasElement.cpp b/content/html/content/src/HTMLCanvasElement.cpp index e229e1c..d6cb88a 100644 --- a/content/html/content/src/HTMLCanvasElement.cpp +++ b/content/html/content/src/HTMLCanvasElement.cpp @@ -355,7 +355,7 @@ HTMLCanvasElement::ToDataURL(const nsAString& aType, const JS::Value& aParams,
// Check site-specific permission and display prompt if appropriate. // If no permission, return all-white, opaque image data. - bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc()); + bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc(), aCx); return ToDataURLImpl(aCx, aType, aParams, usePlaceholder, aDataURL); }
@@ -590,10 +590,11 @@ HTMLCanvasElement::ToBlob(nsIFileCallback* aCallback, }
bool fallbackToPNG = false; + JSContext* cx = nsContentUtils::GetCurrentJSContext();
// Check site-specific permission and display prompt if appropriate. // If no permission, return all-white, opaque image data. - bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc()); + bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc(), cx); nsCOMPtr<nsIInputStream> stream; rv = ExtractData(type, EmptyString(), usePlaceholder, getter_AddRefs(stream), fallbackToPNG); @@ -616,7 +617,6 @@ HTMLCanvasElement::ToBlob(nsIFileCallback* aCallback, nsRefPtr<nsDOMMemoryFile> blob = new nsDOMMemoryFile(imgData, imgSize, type);
- JSContext* cx = nsContentUtils::GetCurrentJSContext(); if (cx) { JS_updateMallocCounter(cx, imgSize); } @@ -648,7 +648,8 @@ HTMLCanvasElement::MozGetAsFile(const nsAString& aName,
// Check site-speciifc permission and display prompt if appropriate. // If no permission, return all-white, opaque image data. - bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc()); + bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc(), + nsContentUtils::GetCurrentJSContext()); return MozGetAsFileImpl(aName, aType, usePlaceholder, aResult); }