[tor-commits] [tor-browser/tor-browser-24.7.0esr-3.x-1] fixup! Add canvas image extraction prompt.
mikeperry at torproject.org
mikeperry at torproject.org
Wed Aug 20 04:24:43 UTC 2014
commit 6048d4da85bd89f810f102517102ca27821bab21
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Tue Aug 19 20:34:23 2014 -0700
fixup! Add canvas image extraction prompt.
Use JSContext to get URL information for HTML5 canvas access.
---
content/canvas/src/CanvasRenderingContext2D.cpp | 2 +-
content/canvas/src/CanvasUtils.cpp | 18 +++++++++++++-----
content/canvas/src/CanvasUtils.h | 2 +-
content/html/content/src/HTMLCanvasElement.cpp | 9 +++++----
4 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/content/canvas/src/CanvasRenderingContext2D.cpp b/content/canvas/src/CanvasRenderingContext2D.cpp
index 9be4ced..c53ac07 100644
--- a/content/canvas/src/CanvasRenderingContext2D.cpp
+++ b/content/canvas/src/CanvasRenderingContext2D.cpp
@@ -3506,7 +3506,7 @@ CanvasRenderingContext2D::GetImageDataArray(JSContext* aCx,
if (mCanvasElement) {
nsCOMPtr<nsIDocument> ownerDoc = mCanvasElement->OwnerDoc();
usePlaceholder = !ownerDoc ||
- !CanvasUtils::IsImageExtractionAllowed(ownerDoc);
+ !CanvasUtils::IsImageExtractionAllowed(ownerDoc, aCx);
}
if (usePlaceholder) {
diff --git a/content/canvas/src/CanvasUtils.cpp b/content/canvas/src/CanvasUtils.cpp
index f2f4536..591650a 100644
--- a/content/canvas/src/CanvasUtils.cpp
+++ b/content/canvas/src/CanvasUtils.cpp
@@ -35,6 +35,7 @@ using namespace mozilla::gfx;
#include "nsUnicharUtils.h"
#include "nsPrintfCString.h"
#include "nsIConsoleService.h"
+#include "jsdbgapi.h"
#define TOPIC_CANVAS_PERMISSIONS_PROMPT "canvas-permissions-prompt"
#define PERMISSION_CANVAS_EXTRACT_DATA "canvas/extractData"
@@ -43,10 +44,9 @@ namespace mozilla {
namespace CanvasUtils {
// Check site-specific permission and display prompt if appropriate.
-bool
-IsImageExtractionAllowed(nsIDocument *aDocument)
+bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx)
{
- if (!aDocument)
+ if (!aDocument || !aCx)
return false;
nsPIDOMWindow *win = aDocument->GetWindow();
@@ -87,13 +87,21 @@ IsImageExtractionAllowed(nsIDocument *aDocument)
rv = thirdPartyUtil->IsThirdPartyURI(uri, docURI, &isThirdParty);
NS_ENSURE_SUCCESS(rv, false);
+ nsCString scriptFile("unknown");
+ unsigned scriptLine = 0;
+ JSScript *script;
+ if (JS_DescribeScriptedCaller(aCx, &script, &scriptLine)) {
+ scriptFile = JS_GetScriptFilename(aCx, script);
+ }
+
nsCString firstPartySpec;
rv = uri->GetSpec(firstPartySpec);
nsCString docSpec;
docURI->GetSpec(docSpec);
nsPrintfCString msg("On %s: blocked access to canvas image data"
- " from %s ", // L10n
- firstPartySpec.get(), docSpec.get());
+ " from document %s, script from %s:%u ", // L10n
+ firstPartySpec.get(), docSpec.get(),
+ scriptFile.get(), scriptLine);
nsCOMPtr<nsIConsoleService> console
(do_GetService(NS_CONSOLESERVICE_CONTRACTID));
diff --git a/content/canvas/src/CanvasUtils.h b/content/canvas/src/CanvasUtils.h
index d7aae4d..1e7f726 100644
--- a/content/canvas/src/CanvasUtils.h
+++ b/content/canvas/src/CanvasUtils.h
@@ -45,7 +45,7 @@ void DoDrawImageSecurityCheck(dom::HTMLCanvasElement *aCanvasElement,
bool forceWriteOnly,
bool CORSUsed);
-bool IsImageExtractionAllowed(nsIDocument *aDocument);
+bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx);
// Make a double out of |v|, treating undefined values as 0.0 (for
// the sake of sparse arrays). Return true iff coercion
diff --git a/content/html/content/src/HTMLCanvasElement.cpp b/content/html/content/src/HTMLCanvasElement.cpp
index e229e1c..d6cb88a 100644
--- a/content/html/content/src/HTMLCanvasElement.cpp
+++ b/content/html/content/src/HTMLCanvasElement.cpp
@@ -355,7 +355,7 @@ HTMLCanvasElement::ToDataURL(const nsAString& aType, const JS::Value& aParams,
// Check site-specific permission and display prompt if appropriate.
// If no permission, return all-white, opaque image data.
- bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc());
+ bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc(), aCx);
return ToDataURLImpl(aCx, aType, aParams, usePlaceholder, aDataURL);
}
@@ -590,10 +590,11 @@ HTMLCanvasElement::ToBlob(nsIFileCallback* aCallback,
}
bool fallbackToPNG = false;
+ JSContext* cx = nsContentUtils::GetCurrentJSContext();
// Check site-specific permission and display prompt if appropriate.
// If no permission, return all-white, opaque image data.
- bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc());
+ bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc(), cx);
nsCOMPtr<nsIInputStream> stream;
rv = ExtractData(type, EmptyString(), usePlaceholder,
getter_AddRefs(stream), fallbackToPNG);
@@ -616,7 +617,6 @@ HTMLCanvasElement::ToBlob(nsIFileCallback* aCallback,
nsRefPtr<nsDOMMemoryFile> blob =
new nsDOMMemoryFile(imgData, imgSize, type);
- JSContext* cx = nsContentUtils::GetCurrentJSContext();
if (cx) {
JS_updateMallocCounter(cx, imgSize);
}
@@ -648,7 +648,8 @@ HTMLCanvasElement::MozGetAsFile(const nsAString& aName,
// Check site-speciifc permission and display prompt if appropriate.
// If no permission, return all-white, opaque image data.
- bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc());
+ bool usePlaceholder = !CanvasUtils::IsImageExtractionAllowed(OwnerDoc(),
+ nsContentUtils::GetCurrentJSContext());
return MozGetAsFileImpl(aName, aType, usePlaceholder, aResult);
}
More information about the tor-commits
mailing list