diff options
Diffstat (limited to 'src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp')
-rw-r--r-- | src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp b/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp index 5076adf..b91c1f1 100644 --- a/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp +++ b/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp @@ -221,6 +221,22 @@ bool SecurityOrigin::canRequest(const KURL& url) const return false; } +bool SecurityOrigin::taintsCanvas(const KURL& url) const +{ + if (canRequest(url)) + return false; + + // This method exists because we treat data URLs as noAccess, contrary + // to the current (9/19/2009) draft of the HTML5 specification. We still + // want to let folks paint data URLs onto untainted canvases, so we special + // case data URLs below. If we change to match HTML5 w.r.t. data URL + // security, then we can remove this method in favor of !canRequest. + if (url.protocolIs("data")) + return false; + + return true; +} + void SecurityOrigin::grantLoadLocalResources() { // This method exists only to support backwards compatibility with older |