diff options
Diffstat (limited to 'src/3rdparty/webkit/WebCore/html')
6 files changed, 25 insertions, 11 deletions
diff --git a/src/3rdparty/webkit/WebCore/html/CanvasRenderingContext2D.cpp b/src/3rdparty/webkit/WebCore/html/CanvasRenderingContext2D.cpp index 7ab0da5..37f4799 100644 --- a/src/3rdparty/webkit/WebCore/html/CanvasRenderingContext2D.cpp +++ b/src/3rdparty/webkit/WebCore/html/CanvasRenderingContext2D.cpp @@ -937,6 +937,13 @@ void CanvasRenderingContext2D::checkOrigin(const KURL& url) m_canvas->setOriginTainted(); } +void CanvasRenderingContext2D::checkOrigin(const String& url) +{ + RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(url); + if (!m_canvas->document()->securityOrigin()->canAccess(origin.get())) + m_canvas->setOriginTainted(); +} + void CanvasRenderingContext2D::drawImage(HTMLImageElement* image, float x, float y) { ASSERT(image); @@ -1082,7 +1089,7 @@ void CanvasRenderingContext2D::drawImage(HTMLVideoElement* video, const FloatRec return; if (m_canvas->originClean()) - checkOrigin(video->src()); + checkOrigin(video->currentSrc()); if (m_canvas->originClean() && !video->hasSingleSecurityOrigin()) m_canvas->setOriginTainted(); diff --git a/src/3rdparty/webkit/WebCore/html/CanvasRenderingContext2D.h b/src/3rdparty/webkit/WebCore/html/CanvasRenderingContext2D.h index 0b000a3..f6baa70 100644 --- a/src/3rdparty/webkit/WebCore/html/CanvasRenderingContext2D.h +++ b/src/3rdparty/webkit/WebCore/html/CanvasRenderingContext2D.h @@ -260,6 +260,7 @@ namespace WebCore { void prepareGradientForDashboard(CanvasGradient* gradient) const; void checkOrigin(const KURL&); + void checkOrigin(const String&); HTMLCanvasElement* m_canvas; Vector<State, 1> m_stateStack; diff --git a/src/3rdparty/webkit/WebCore/html/HTMLAttributeNames.in b/src/3rdparty/webkit/WebCore/html/HTMLAttributeNames.in index d148998..a29d6d2 100644 --- a/src/3rdparty/webkit/WebCore/html/HTMLAttributeNames.in +++ b/src/3rdparty/webkit/WebCore/html/HTMLAttributeNames.in @@ -15,10 +15,13 @@ archive aria-activedescendant aria-checked aria-describedby +aria-disabled +aria-hidden aria-labeledby aria-labelledby aria-level aria-pressed +aria-readonly aria-valuemax aria-valuemin aria-valuenow diff --git a/src/3rdparty/webkit/WebCore/html/HTMLMediaElement.h b/src/3rdparty/webkit/WebCore/html/HTMLMediaElement.h index f85700c..8d238d5 100644 --- a/src/3rdparty/webkit/WebCore/html/HTMLMediaElement.h +++ b/src/3rdparty/webkit/WebCore/html/HTMLMediaElement.h @@ -65,7 +65,9 @@ public: virtual bool isVideo() const { return false; } virtual bool hasVideo() const { return false; } - + + virtual bool supportsFullscreen() const { return false; } + void scheduleLoad(); virtual void defaultEventHandler(Event*); diff --git a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp index 0fd503c..6966351 100644 --- a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp +++ b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp @@ -437,14 +437,11 @@ HTMLTokenizer::State HTMLTokenizer::scriptHandler(State state) if (!m_doc->ownerElement()) printf("Requesting script at time %d\n", m_doc->elapsedTime()); #endif - if (m_XSSAuditor && m_XSSAuditor->canLoadExternalScriptFromSrc(m_scriptTagSrcAttrValue)) { - // The parser might have been stopped by for example a window.close call in an earlier script. - // If so, we don't want to load scripts. - if (!m_parserStopped && (cs = m_doc->docLoader()->requestScript(m_scriptTagSrcAttrValue, m_scriptTagCharsetAttrValue))) - m_pendingScripts.append(cs); - else - m_scriptNode = 0; - } else + // The parser might have been stopped by for example a window.close call in an earlier script. + // If so, we don't want to load scripts. + if (!m_parserStopped && (cs = m_doc->docLoader()->requestScript(m_scriptTagSrcAttrValue, m_scriptTagCharsetAttrValue))) + m_pendingScripts.append(cs); + else m_scriptNode = 0; } else m_scriptNode = 0; @@ -1476,8 +1473,11 @@ HTMLTokenizer::State HTMLTokenizer::parseTag(SegmentedString& src, State state) m_scriptTagCharsetAttrValue = String(); if (m_currentToken.attrs && !m_fragment) { if (m_doc->frame() && m_doc->frame()->script()->isEnabled()) { - if ((a = m_currentToken.attrs->getAttributeItem(srcAttr))) + if ((a = m_currentToken.attrs->getAttributeItem(srcAttr))) { m_scriptTagSrcAttrValue = m_doc->completeURL(parseURL(a->value())).string(); + if (m_XSSAuditor && !m_XSSAuditor->canLoadExternalScriptFromSrc(a->value())) + m_scriptTagSrcAttrValue = String(); + } } } } diff --git a/src/3rdparty/webkit/WebCore/html/HTMLVideoElement.h b/src/3rdparty/webkit/WebCore/html/HTMLVideoElement.h index 5b59edb..830e72e 100644 --- a/src/3rdparty/webkit/WebCore/html/HTMLVideoElement.h +++ b/src/3rdparty/webkit/WebCore/html/HTMLVideoElement.h @@ -50,6 +50,7 @@ public: virtual void parseMappedAttribute(MappedAttribute* attr); virtual bool isVideo() const { return true; } virtual bool hasVideo() const { return player() && player()->hasVideo(); } + virtual bool supportsFullscreen() const { return player() && player()->supportsFullscreen(); } virtual bool isURLAttribute(Attribute*) const; virtual const QualifiedName& imageSourceAttributeName() const; |