59972 2011-05-02 16:16:32 -0700 [Qt] QtWebKit bridge assignToHTMLImageElement() results in Image with different SecurityOrigin 2014-02-03 03:17:40 -0800 1 1 1 Unclassified WebKit WebKit Qt 528+ (Nightly build) All All RESOLVED INVALID Qt, QtTriaged P2 Normal --- 0 rectalogic webkit-unassigned benjamin noam oldest_to_newest 396761 0 91999 rectalogic 2011-05-02 16:16:32 -0700 Created attachment 91999 sample Qt app that demonstrates the problem Attached sample app installs a context object in a QWebPage which has a method that returns a QImage. In the loaded HTML, this image is assigned to a JavaScript Image object then drawn into an HTML canvas via drawImage(). Then getImageData() is called on the canvas. getImageData() raises an exception "SECURITY_ERR: DOM Exception 18: An attempt was made to break through the security policy of the user agent." This seems to be because the JS Image contains a CachedImage with no URL, and Source/WebCore/html/canvas/CanvasRenderingContext.cpp CanvasRenderingContext::checkOrigin(HTMLImageElement*) calls checkOrigin(cachedImage->response().url()) and the empty url isValid() is false so it uses a unique SecurityOrigin with an empty KURL(), which is different than the pages SecurityOrigin. I think images created by the hosting app via the bridge should adopt the SecurityOrigin of the page. Or maybe a QWebSetting should be provided to disable this origin checking? Setting QWebSettings::LocalContentCanAccessRemoteUrls doesn't help. Build the attached app then run "./origin $PWD/canvas.html" 406657 1 rectalogic 2011-05-19 14:35:51 -0700 Setting the documents URL on the CachedImage (as discussed in bug #60770) does not fix this because the StillImage the bridge creates returns false from Image::hasSingleSecurityOrigin(). So even when the CachedImage::response().url() passes checks in CanvasRenderingContext::checkOrigin(KURL&), we still end up tainting the canvas in CanvasRenderingContext::checkOrigin(HTMLImageElement*): if (canvas()->originClean() && !cachedImage->image()->hasSingleSecurityOrigin()) canvas()->setOriginTainted(); Should StillImage override hasSingleSecurityOrigin() to return true like BitmapImage does? 975209 2 jturcotte 2014-02-03 03:17:40 -0800 === Bulk closing of Qt bugs === If you believe that this bug report is still relevant for a non-Qt port of webkit.org, please re-open it and remove [Qt] from the summary. If you believe that this is still an important QtWebKit bug, please fill a new report at https://bugreports.qt-project.org and add a link to this issue. See http://qt-project.org/wiki/ReportingBugsInQt for additional guidelines. 91999 2011-05-02 16:16:32 -0700 2011-05-02 16:16:32 -0700 sample Qt app that demonstrates the problem origin.zip application/zip 2005 rectalogic UEsDBAoAAAAAAImZoj4AAAAAAAAAAAAAAAAHABAAb3JpZ2luL1VYDABUOr9NUjq/TdMH9QFQSwME FAAIAAgAiZmiPgAAAAAAAAAAAAAAABIAEABvcmlnaW4vY2FudmFzLmh0bWxVWAwAXTq/TVI6v03T B/UBVVLbboMwDH3nKyJeSCUUKra3tZWmrtImdW/9ARe7kClNEKRl1bR/Xy7QUYQUbJ9z8HG8auxZ bZJVQ4Du6KtOtpbZW0vr1NK3Lb7gCjGbbpLTRVdWGs2klpYv2E/C3FMUbNsRWGLAKtAOH9JX6MaQ rRma6nImbUUVkDtFPuJZBGSLl0CJkRgk2saRnsrlQ74hWTfWFcrnsXCXPRq8CWhb0rhtpEIeKaPu fyslOvooV5PdGu1d8qzEbIaVZ6jJATUN7MN/86nBiPfUMS+g72WtD+b98LkPuclbEHkwVqLADobI DOWcLd37L94bRUKZmqevR3NxF2HY9Ks3sJDOekQX37045TmOL4PwfJz54xCd0G+SDFKjGQQg7q6u 5b3sLWnqeKoMYJqHa87ZCVTvjayKuAhuT4pxX/zYfTidcZv+AFBLBwifWGJ3PwEAAFUCAABQSwME FAAIAAgAiZmiPgAAAAAAAAAAAAAAABAAEABvcmlnaW4vY29udGV4dC5oVVgMAF06v01SOr9N0wf1 AU2OzQqCQBRG9/MUF9poRIi1kLGEFAsrEiPaitooxviDjiCIPXs2Y9ZdDJfzne8yszSPaPMgsPHc 8EkiZqDZDzlZkBADoYgGdQ1WkTPSMsBQNiFNIxgrqEMwjOe75tG2bkikmMOxI43qHMqgIjnbKvJw ZoSSYDJ0Pe+8vqWJeL5zubunnXm2QXwKEsL48pG4wz2RpTxYqcoC1PXwCIzxvqiygPnXg6lpmqxP Ne4v45RSSWnj+C+pCGuqXAiC9qjX0RtQSwcIeEsaTMEAAAA2AQAAUEsDBBQACAAIAImZoj4AAAAA AAAAAAAAAAARABAAb3JpZ2luL29yaWdpbi5jcHBVWAwAXTq/TVI6v03TB/UBTY2xCsIwFEX3fEVo l0S04tpKwaUuDnYQB+nwTJ9tIE1CSEUQ/90kUvBNl/su5+RSCzX3SPetP85y2x6sVVKAl0bXJF++ mYUBizEjRGpPJ5CaxQBuEGsqRnB0FfLz1nHyJjTcP4eCtew3jSNekTS54v0cqDSiq9QkSYQ3DiZk fFMrAz1rL06V5cOZ6WQEqEYqZMm26/gCc+hnl0wFvlCw0H/IF1BLBwiWYHXiowAAAN0AAABQSwME FAAIAAgAiZmiPgAAAAAAAAAAAAAAABEAEABvcmlnaW4vb3JpZ2luLnByb1VYDABdOr9NUjq/TdMH 9QELcfUN8HEMcVWwVUgsKODicvb3c/N0V9C2VUhJTSpNj0/MS4kvSs1JTSxO5QoMAYmXpyZlZ5Zw BfuHBjm7BoNE8osy0zPz9JKB+j1cHV1cg8Ciyfl5JakVJXoZCgWJ6al6GVwAUEsHCIP5Vt5kAAAA awAAAFBLAwQUAAgACACJmaI+AAAAAAAAAAAAAAAADQAQAG9yaWdpbi9wYWdlLmhVWAwAXTq/TVI6 v03TB/UBbZBRa8IwFIXf8ysuFUY6urFndcKm21Ccrij4ONL2opE06ZJUheF++9LGrmWYhySce3Lu d9PjMhVlhjCM7QSTcjsivVbaYPKqWY7/xQ+27WpBqqTFk73fBYSkghkDFxP0oSgTwVNonpFvAm7F n8vn2ct4TXy5X4sXC42XyR5TewsF0yjt40PocpoA6sUQfFC1XHvp/DRnXNa8NIxgNX1bPM3pnh3Y KtW8sBsuM3X00WOBLiWjYWWcL9eUy1qu5pD+OFlXDQd1k3O9/zQErveZFJofmEUwQlnj+Q+KZ3A9 qUPbobwbsSxbq9lVRtp8axCBxCM0WXbHTQtWaGWdGbMOQjuze2OUwHc0pgJ3gcZCvLKay+0N5F6O HLMFwSUuyjxBHcE/n1GlTnE66U7xtWFauqobbTj8c1T3oB9UR5vnRajVS8uG/jwgv1BLBwjdmAv0 SAEAAIICAABQSwECFQMKAAAAAACJmaI+AAAAAAAAAAAAAAAABwAMAAAAAAAAAABA7UEAAAAAb3Jp Z2luL1VYCABUOr9NUjq/TVBLAQIVAxQACAAIAImZoj6fWGJ3PwEAAFUCAAASAAwAAAAAAAAAAECk gTUAAABvcmlnaW4vY2FudmFzLmh0bWxVWAgAXTq/TVI6v01QSwECFQMUAAgACACJmaI+eEsaTMEA AAA2AQAAEAAMAAAAAAAAAABApIHEAQAAb3JpZ2luL2NvbnRleHQuaFVYCABdOr9NUjq/TVBLAQIV AxQACAAIAImZoj6WYHXiowAAAN0AAAARAAwAAAAAAAAAAECkgdMCAABvcmlnaW4vb3JpZ2luLmNw cFVYCABdOr9NUjq/TVBLAQIVAxQACAAIAImZoj6D+VbeZAAAAGsAAAARAAwAAAAAAAAAAECkgcUD AABvcmlnaW4vb3JpZ2luLnByb1VYCABdOr9NUjq/TVBLAQIVAxQACAAIAImZoj7dmAv0SAEAAIIC AAANAAwAAAAAAAAAAECkgXgEAABvcmlnaW4vcGFnZS5oVVgIAF06v01SOr9NUEsFBgAAAAAGAAYA tAEAAAsGAAAAAA==