Commit 5e6d8ab3 authored by Gunes Acar's avatar Gunes Acar Committed by Mike Perry
Browse files

Bug 13439: No canvas prompt for content-callers. 

Both the Inspector and PDF.js raise canvas prompts although they are no
danger as they are delivered with the browser itself and are no
untrusted content. This patch exempts both of them from canvas prompts,
too.

If calling `DescribeScriptedCaller` fails neither `scriptFile` nor
`scriptLine` are logged.
parent e3f3a96d

content/canvas/src/CanvasUtils.cpp

+22 −8
Original line number Diff line number Diff line
@@ -54,6 +54,20 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) 
  if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal()))

    return true;



  // Don't show canvas prompt for chrome scripts (e.g. Page Inspector)

  if (nsContentUtils::IsCallerChrome())

    return true;



  JS::AutoFilename scriptFile;

  unsigned scriptLine = 0;

  bool isScriptKnown = false;

  if (JS::DescribeScriptedCaller(aCx, &scriptFile, &scriptLine)) {

    isScriptKnown = true;

    // Don't show canvas prompt for PDF.js

    if (scriptFile.get() &&

        strcmp(scriptFile.get(), "resource://pdf.js/build/pdf.js") == 0)

      return true;

  }

  bool isAllowed = false;

  nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =

                                do_GetService(THIRDPARTYUTIL_CONTRACTID);
@@ -87,19 +101,19 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) 
        rv = thirdPartyUtil->IsThirdPartyURI(uri, docURI, &isThirdParty);

        NS_ENSURE_SUCCESS(rv, false);



        JS::AutoFilename scriptFile;;

        unsigned scriptLine = 0;

        JS::DescribeScriptedCaller(aCx, &scriptFile, &scriptLine);



        nsCString firstPartySpec;

        rv = uri->GetSpec(firstPartySpec);

        nsCString docSpec;

        docURI->GetSpec(docSpec);

        nsPrintfCString msg("On %s: blocked access to canvas image data"

                            " from document %s, script from %s:%u ",  // L10n

                            firstPartySpec.get(), docSpec.get(),

                            " from document %s, ",  // L10n

                            firstPartySpec.get(), docSpec.get());

        if (isScriptKnown && scriptFile.get()) {

          msg += nsPrintfCString("script from %s:%u",  // L10n

                                 scriptFile.get(), scriptLine);



        } else {

          msg += nsPrintfCString("unknown script");  // L10n

        }

        nsCOMPtr<nsIConsoleService> console

                              (do_GetService(NS_CONSOLESERVICE_CONTRACTID));

        if (console)