summaryrefslogtreecommitdiffstats
path: root/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp')
-rw-r--r--src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp b/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp
index 5076adf..b91c1f1 100644
--- a/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp
+++ b/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp
@@ -221,6 +221,22 @@ bool SecurityOrigin::canRequest(const KURL& url) const
return false;
}
+bool SecurityOrigin::taintsCanvas(const KURL& url) const
+{
+ if (canRequest(url))
+ return false;
+
+ // This method exists because we treat data URLs as noAccess, contrary
+ // to the current (9/19/2009) draft of the HTML5 specification. We still
+ // want to let folks paint data URLs onto untainted canvases, so we special
+ // case data URLs below. If we change to match HTML5 w.r.t. data URL
+ // security, then we can remove this method in favor of !canRequest.
+ if (url.protocolIs("data"))
+ return false;
+
+ return true;
+}
+
void SecurityOrigin::grantLoadLocalResources()
{
// This method exists only to support backwards compatibility with older
generated by cgit v0.12 at 2024-09-22 09:39:33 (GMT)