Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Starred by 3 users
Status: Fixed
Owner:
Closed: Jul 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Feature

Blocked on:
issue 563826
issue 563868
issue 607575

Blocking:
issue 563816
issue 606925



Sign in to add a comment
Implement content security in OffscreenCanvas
Project Member Reported by junov@chromium.org, Dec 1 2015 Back to list
OffscreenCanvas should have an origin-claen flag.
It should be tainted based on the same rules as <canvas>.
transferToImageBitmap() propagates the tainting.

 
Comment 1 by junov@chromium.org, Dec 1 2015
Blocking: chromium:563816
Comment 2 by xlai@chromium.org, Apr 26 2016
Labels: -OffscreenCanvas OffScreenCanvas
Status: Started
Comment 3 by xlai@chromium.org, Apr 26 2016
Blocking: 606925
Comment 4 by xlai@chromium.org, Apr 26 2016
junov@: Do we want to re-use the disableReadingFromCanvas flag in OffscreenCanvas as well? Or create a new flag?
Comment 5 by junov@chromium.org, Apr 27 2016
As discussed, same flag sgtm.
Project Member Comment 6 by bugdroid1@chromium.org, May 2 2016
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/23378f8baae5d52320bb4652984b3f045f0bd95e

commit 23378f8baae5d52320bb4652984b3f045f0bd95e
Author: xlai <xlai@chromium.org>
Date: Mon May 02 18:33:02 2016

Add drawImage() originClean() getSecurityOrigin() to OffscreenCanvas

This patch adds m_originClean flag to OffscreenCanvas and
 ensures that OCRC2D also use the value of this flag instead
of keeping its own redundant copy. It propagates the value of
 originClean in transferToImageBitmap().

This patch also expose drawImage() API functions in ORCRC2D in workers.

BUG= 563870 ,  563856 

Review-Url: https://codereview.chromium.org/1928043002
Cr-Commit-Position: refs/heads/master@{#391002}

[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/LayoutTests/TestExpectations
[add] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/LayoutTests/fast/canvas/OffscreenCanvas-2d-drawImage-in-worker-expected.html
[add] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/LayoutTests/fast/canvas/OffscreenCanvas-2d-drawImage-in-worker.html
[add] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/LayoutTests/http/tests/security/cross-origin-OffscreenCanvas2D-transferToImageBitmap-expected.txt
[add] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/LayoutTests/http/tests/security/cross-origin-OffscreenCanvas2D-transferToImageBitmap.html
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/LayoutTests/http/tests/serviceworker/webexposed/global-interface-listing-service-worker-expected.txt
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/LayoutTests/webexposed/global-interface-listing-dedicated-worker-expected.txt
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/LayoutTests/webexposed/global-interface-listing-shared-worker-expected.txt
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/core/offscreencanvas/OffscreenCanvas.cpp
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/core/offscreencanvas/OffscreenCanvas.h
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/modules/canvas2d/BaseRenderingContext2D.cpp
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/modules/canvas2d/BaseRenderingContext2D.h
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/modules/canvas2d/CanvasRenderingContext2D.h
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/modules/canvas2d/CanvasRenderingContext2D.idl
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/modules/canvas2d/CanvasRenderingContext2DTest.cpp
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/modules/csspaint/PaintRenderingContext2D.h
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/modules/csspaint/PaintRenderingContext2D.idl
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/modules/offscreencanvas2d/OffscreenCanvasRenderingContext2D.cpp
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/modules/offscreencanvas2d/OffscreenCanvasRenderingContext2D.h
[modify] https://crrev.com/23378f8baae5d52320bb4652984b3f045f0bd95e/third_party/WebKit/Source/modules/offscreencanvas2d/OffscreenCanvasRenderingContext2D.idl

Comment 7 by xlai@chromium.org, May 10 2016
Blockedon: 607575
To add the flag, need to make flags usable on worker thread.
Comment 8 by xlai@chromium.org, Jul 21 2016
Components: Blink>SecurityFeature
Labels: -OffScreenCanvas OffscreenCanvas
Comment 9 by xlai@chromium.org, Jul 27 2016
Status: Fixed
OffscreenCanvas::originClean() now has the same implementation as HTMLCanvasElement::originClean(). Both its 2d context and webgl context can look up this function when needed.
Sign in to add a comment