From 1f83dcd45f3aea9f72d9ede29b69d2894374f2cb Mon Sep 17 00:00:00 2001 From: Robert Longson Date: Mon, 11 Dec 2023 09:09:38 +0000 Subject: [PATCH] Bug 1869202 - taint filter if input is currentColor r=emilio See https://www.w3.org/TR/filter-effects-1/#tainted-filter-primitives Differential Revision: https://phabricator.services.mozilla.com/D195996 --- dom/svg/SVGFEDropShadowElement.cpp | 16 ++++++++++++++-- dom/svg/SVGFEDropShadowElement.h | 4 ++++ dom/svg/SVGFEFloodElement.cpp | 15 +++++++++++++-- dom/svg/SVGFEFloodElement.h | 3 +++ dom/svg/SVGFilters.cpp | 15 ++++++++++++++- dom/svg/SVGFilters.h | 4 ++++ .../filter-effects/tainting-feblend-002.html.ini | 2 -- .../tainting-fecomponenttransfer-002.html.ini | 2 -- .../tainting-fecomposite-002.html.ini | 2 -- .../tainting-feconvolvematrix-002.html.ini | 2 -- .../tainting-fediffuselighting-002.html.ini | 2 -- .../tainting-fediffuselighting-003.html.ini | 2 -- .../tainting-fediffuselighting-dynamic.html.ini | 2 -- .../tainting-fedisplacementmap-002.html.ini | 2 -- .../tainting-fedropshadow-002.html.ini | 2 -- .../tainting-fedropshadow-003.html.ini | 2 -- .../filter-effects/tainting-feflood-002.html.ini | 2 -- .../tainting-feflood-dynamic.html.ini | 2 -- .../tainting-fegaussianblur-002.html.ini | 2 -- .../tainting-femorphology-002.html.ini | 2 -- .../tainting-feoffset-002.html.ini | 2 -- .../tainting-fespecularlighting-002.html.ini | 2 -- .../tainting-fespecularlighting-003.html.ini | 2 -- .../filter-effects/tainting-fetile-002.html.ini | 2 -- 24 files changed, 52 insertions(+), 41 deletions(-) delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-feblend-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fecomponenttransfer-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fecomposite-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-feconvolvematrix-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-003.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-dynamic.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fedisplacementmap-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fedropshadow-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fedropshadow-003.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-feflood-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-feflood-dynamic.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fegaussianblur-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-femorphology-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-feoffset-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fespecularlighting-002.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fespecularlighting-003.html.ini delete mode 100644 testing/web-platform/meta/css/filter-effects/tainting-fetile-002.html.ini diff --git a/dom/svg/SVGFEDropShadowElement.cpp b/dom/svg/SVGFEDropShadowElement.cpp index 2a2e0064825f..8dd04831cf50 100644 --- a/dom/svg/SVGFEDropShadowElement.cpp +++ b/dom/svg/SVGFEDropShadowElement.cpp @@ -88,8 +88,7 @@ FilterPrimitiveDescription SVGFEDropShadowElement::GetPrimitiveDescription( atts.mStdDeviation = Size(stdX, stdY); atts.mOffset = offset; - nsIFrame* frame = GetPrimaryFrame(); - if (frame) { + if (const auto* frame = GetPrimaryFrame()) { const nsStyleSVGReset* styleSVGReset = frame->Style()->StyleSVGReset(); sRGBColor color( sRGBColor::FromABGR(styleSVGReset->mFloodColor.CalcColor(frame))); @@ -101,6 +100,19 @@ FilterPrimitiveDescription SVGFEDropShadowElement::GetPrimitiveDescription( return FilterPrimitiveDescription(AsVariant(std::move(atts))); } +bool SVGFEDropShadowElement::OutputIsTainted( + const nsTArray& aInputsAreTainted, + nsIPrincipal* aReferencePrincipal) { + if (const auto* frame = GetPrimaryFrame()) { + if (frame->Style()->StyleSVGReset()->mFloodColor.IsCurrentColor()) { + return true; + } + } + + return SVGFEDropShadowElementBase::OutputIsTainted(aInputsAreTainted, + aReferencePrincipal); +} + bool SVGFEDropShadowElement::AttributeAffectsRendering( int32_t aNameSpaceID, nsAtom* aAttribute) const { return SVGFEDropShadowElementBase::AttributeAffectsRendering(aNameSpaceID, diff --git a/dom/svg/SVGFEDropShadowElement.h b/dom/svg/SVGFEDropShadowElement.h index b30cab3301fc..969487b1998c 100644 --- a/dom/svg/SVGFEDropShadowElement.h +++ b/dom/svg/SVGFEDropShadowElement.h @@ -41,6 +41,10 @@ class SVGFEDropShadowElement final : public SVGFEDropShadowElementBase { SVGAnimatedString& GetResultImageName() override { return mStringAttributes[RESULT]; } + + bool OutputIsTainted(const nsTArray& aInputsAreTainted, + nsIPrincipal* aReferencePrincipal) override; + void GetSourceImageNames(nsTArray& aSources) override; // nsIContent interface diff --git a/dom/svg/SVGFEFloodElement.cpp b/dom/svg/SVGFEFloodElement.cpp index c272c2c169f3..af2c59034f71 100644 --- a/dom/svg/SVGFEFloodElement.cpp +++ b/dom/svg/SVGFEFloodElement.cpp @@ -37,8 +37,7 @@ FilterPrimitiveDescription SVGFEFloodElement::GetPrimitiveDescription( const nsTArray& aInputsAreTainted, nsTArray>& aInputImages) { FloodAttributes atts; - nsIFrame* frame = GetPrimaryFrame(); - if (frame) { + if (const auto* frame = GetPrimaryFrame()) { const nsStyleSVGReset* styleSVGReset = frame->Style()->StyleSVGReset(); sRGBColor color( sRGBColor::FromABGR(styleSVGReset->mFloodColor.CalcColor(frame))); @@ -50,6 +49,18 @@ FilterPrimitiveDescription SVGFEFloodElement::GetPrimitiveDescription( return FilterPrimitiveDescription(AsVariant(std::move(atts))); } +bool SVGFEFloodElement::OutputIsTainted(const nsTArray& aInputsAreTainted, + nsIPrincipal* aReferencePrincipal) { + if (const auto* frame = GetPrimaryFrame()) { + if (frame->Style()->StyleSVGReset()->mFloodColor.IsCurrentColor()) { + return true; + } + } + + return SVGFEFloodElementBase::OutputIsTainted(aInputsAreTainted, + aReferencePrincipal); +} + //---------------------------------------------------------------------- // nsIContent methods diff --git a/dom/svg/SVGFEFloodElement.h b/dom/svg/SVGFEFloodElement.h index 284b81bf15fa..b4a0292ef8b2 100644 --- a/dom/svg/SVGFEFloodElement.h +++ b/dom/svg/SVGFEFloodElement.h @@ -38,6 +38,9 @@ class SVGFEFloodElement final : public SVGFEFloodElementBase { return mStringAttributes[RESULT]; } + bool OutputIsTainted(const nsTArray& aInputsAreTainted, + nsIPrincipal* aReferencePrincipal) override; + // nsIContent interface nsresult Clone(dom::NodeInfo*, nsINode** aResult) const override; diff --git a/dom/svg/SVGFilters.cpp b/dom/svg/SVGFilters.cpp index 1b900a0da127..4b2c8608d4af 100644 --- a/dom/svg/SVGFilters.cpp +++ b/dom/svg/SVGFilters.cpp @@ -365,7 +365,7 @@ LightType SVGFELightingElement::ComputeLightAttributes( bool SVGFELightingElement::AddLightingAttributes( mozilla::gfx::DiffuseLightingAttributes* aAttributes, SVGFilterInstance* aInstance) { - nsIFrame* frame = GetPrimaryFrame(); + const auto* frame = GetPrimaryFrame(); if (!frame) { return false; } @@ -394,6 +394,19 @@ bool SVGFELightingElement::AddLightingAttributes( return true; } +bool SVGFELightingElement::OutputIsTainted( + const nsTArray& aInputsAreTainted, + nsIPrincipal* aReferencePrincipal) { + if (const auto* frame = GetPrimaryFrame()) { + if (frame->Style()->StyleSVGReset()->mLightingColor.IsCurrentColor()) { + return true; + } + } + + return SVGFELightingElementBase::OutputIsTainted(aInputsAreTainted, + aReferencePrincipal); +} + bool SVGFELightingElement::AttributeAffectsRendering(int32_t aNameSpaceID, nsAtom* aAttribute) const { return SVGFELightingElementBase::AttributeAffectsRendering(aNameSpaceID, diff --git a/dom/svg/SVGFilters.h b/dom/svg/SVGFilters.h index 266bcfa69957..5d239cf397f8 100644 --- a/dom/svg/SVGFilters.h +++ b/dom/svg/SVGFilters.h @@ -184,6 +184,10 @@ class SVGFELightingElement : public SVGFELightingElementBase { SVGAnimatedString& GetResultImageName() override { return mStringAttributes[RESULT]; } + + bool OutputIsTainted(const nsTArray& aInputsAreTainted, + nsIPrincipal* aReferencePrincipal) override; + void GetSourceImageNames(nsTArray& aSources) override; protected: diff --git a/testing/web-platform/meta/css/filter-effects/tainting-feblend-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-feblend-002.html.ini deleted file mode 100644 index 63ccc99a8df7..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-feblend-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-feblend-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fecomponenttransfer-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fecomponenttransfer-002.html.ini deleted file mode 100644 index 04397518199a..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fecomponenttransfer-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fecomponenttransfer-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fecomposite-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fecomposite-002.html.ini deleted file mode 100644 index 7c4d29d8ad70..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fecomposite-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fecomposite-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-feconvolvematrix-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-feconvolvematrix-002.html.ini deleted file mode 100644 index c1860185de00..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-feconvolvematrix-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-feconvolvematrix-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-002.html.ini deleted file mode 100644 index bfb1a4daf01c..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fediffuselighting-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-003.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-003.html.ini deleted file mode 100644 index 7cefa8e7b3da..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-003.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fediffuselighting-003.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-dynamic.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-dynamic.html.ini deleted file mode 100644 index 8e5a61a7aefd..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fediffuselighting-dynamic.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fediffuselighting-dynamic.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fedisplacementmap-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fedisplacementmap-002.html.ini deleted file mode 100644 index 9afe3cfb3d7a..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fedisplacementmap-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fedisplacementmap-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fedropshadow-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fedropshadow-002.html.ini deleted file mode 100644 index a88aa8d2f472..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fedropshadow-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fedropshadow-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fedropshadow-003.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fedropshadow-003.html.ini deleted file mode 100644 index 7a45c77aa6a1..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fedropshadow-003.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fedropshadow-003.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-feflood-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-feflood-002.html.ini deleted file mode 100644 index 03fb3655f0d1..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-feflood-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-feflood-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-feflood-dynamic.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-feflood-dynamic.html.ini deleted file mode 100644 index 494727ea66cb..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-feflood-dynamic.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-feflood-dynamic.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fegaussianblur-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fegaussianblur-002.html.ini deleted file mode 100644 index 463594ee34d4..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fegaussianblur-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fegaussianblur-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-femorphology-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-femorphology-002.html.ini deleted file mode 100644 index ff7222639f6c..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-femorphology-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-femorphology-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-feoffset-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-feoffset-002.html.ini deleted file mode 100644 index c58d4a90afa4..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-feoffset-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-feoffset-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fespecularlighting-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fespecularlighting-002.html.ini deleted file mode 100644 index 8147dca9a8bf..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fespecularlighting-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fespecularlighting-002.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fespecularlighting-003.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fespecularlighting-003.html.ini deleted file mode 100644 index 190a5559ffc5..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fespecularlighting-003.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fespecularlighting-003.html] - expected: FAIL diff --git a/testing/web-platform/meta/css/filter-effects/tainting-fetile-002.html.ini b/testing/web-platform/meta/css/filter-effects/tainting-fetile-002.html.ini deleted file mode 100644 index 033c30d252b3..000000000000 --- a/testing/web-platform/meta/css/filter-effects/tainting-fetile-002.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[tainting-fetile-002.html] - expected: FAIL