corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1318565 - Allow extensions with permission to read from tainted Canvas r=bz

Browse Source 
MozReview-Commit-ID: 1tMHynv9FBO
This commit is contained in:
Tomislav Jovanovic
2017-04-07 21:32:18 +02:00
parent 5a945dceda
commit a90a869d77
4 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dom/html/HTMLCanvasElement.cpp
View File

@@ -644,11 +644,11 @@ void
HTMLCanvasElement::ToDataURL(JSContext* aCx, const nsAString& aType,
JS::Handle<JS::Value> aParams,
nsAString& aDataURL,
CallerType aCallerType,
ErrorResult& aRv)
{
// do a trust check if this is a write-only canvas
if (mWriteOnly && aCallerType != CallerType::System) {
if (mWriteOnly &&
!nsContentUtils::CallerHasPermission(aCx, NS_LITERAL_STRING("<all_urls>"))) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return;
}
@@ -827,11 +827,11 @@ HTMLCanvasElement::ToBlob(JSContext* aCx,
BlobCallback& aCallback,
const nsAString& aType,
JS::Handle<JS::Value> aParams,
CallerType aCallerType,
ErrorResult& aRv)
{
// do a trust check if this is a write-only canvas
if (mWriteOnly && aCallerType != CallerType::System) {
if (mWriteOnly &&
!nsContentUtils::CallerHasPermission(aCx, NS_LITERAL_STRING("<all_urls>"))) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return;
}