commit f3c68965b8f712efc829bf440525f0173d76a530
parent d061baf359c3a55c0ff0a4a8cc99259e738fcf28
Author: Tom Ritter <tom@mozilla.com>
Date: Fri, 3 Oct 2025 16:03:17 +0000
Bug 1980264: Clang Formatting and a missing Permission Check r=timhuang
The other place we return ImageExtraction::Randomize we have a
permission check - if you've granted the canvas permission
the result should not be randomized. It was missing in this
location though.
Differential Revision: https://phabricator.services.mozilla.com/D267093
Diffstat:
1 file changed, 16 insertions(+), 13 deletions(-)
diff --git a/dom/canvas/CanvasUtils.cpp b/dom/canvas/CanvasUtils.cpp
@@ -383,8 +383,10 @@ ImageExtraction ImageExtractionResult(dom::HTMLCanvasElement* aCanvasElement,
return ImageExtraction::Placeholder;
}
- if (ownerDoc->ShouldResistFingerprinting(RFPTarget::CanvasRandomization) ||
- ownerDoc->ShouldResistFingerprinting(RFPTarget::WebGLRandomization)) {
+ if ((ownerDoc->ShouldResistFingerprinting(RFPTarget::CanvasRandomization) ||
+ ownerDoc->ShouldResistFingerprinting(RFPTarget::WebGLRandomization)) &&
+ GetCanvasExtractDataPermission(aPrincipal) !=
+ nsIPermissionManager::ALLOW_ACTION) {
return ImageExtraction::Randomize;
}
@@ -460,7 +462,8 @@ bool IsImageExtractionAllowed(dom::OffscreenCanvas* aOffscreenCanvas,
if (!XRE_IsContentProcess()) {
MOZ_ASSERT_UNREACHABLE(
- "Who's calling this from the parent process without a chrome window "
+ "Who's calling this from the parent process without a chrome "
+ "window "
"(it would have been exempt from the RFP targets)?");
return;
}
@@ -586,11 +589,11 @@ bool GetCanvasContextType(const nsAString& str,
}
/**
- * This security check utility might be called from an source that never taints
- * others. For example, while painting a CanvasPattern, which is created from an
- * ImageBitmap, onto a canvas. In this case, the caller could set the CORSUsed
- * true in order to pass this check and leave the aPrincipal to be a nullptr
- * since the aPrincipal is not going to be used.
+ * This security check utility might be called from an source that never
+ * taints others. For example, while painting a CanvasPattern, which is
+ * created from an ImageBitmap, onto a canvas. In this case, the caller could
+ * set the CORSUsed true in order to pass this check and leave the aPrincipal
+ * to be a nullptr since the aPrincipal is not going to be used.
*/
void DoDrawImageSecurityCheck(dom::HTMLCanvasElement* aCanvasElement,
nsIPrincipal* aPrincipal, bool forceWriteOnly,
@@ -648,11 +651,11 @@ void DoDrawImageSecurityCheck(dom::HTMLCanvasElement* aCanvasElement,
}
/**
- * This security check utility might be called from an source that never taints
- * others. For example, while painting a CanvasPattern, which is created from an
- * ImageBitmap, onto a canvas. In this case, the caller could set the aCORSUsed
- * true in order to pass this check and leave the aPrincipal to be a nullptr
- * since the aPrincipal is not going to be used.
+ * This security check utility might be called from an source that never
+ * taints others. For example, while painting a CanvasPattern, which is
+ * created from an ImageBitmap, onto a canvas. In this case, the caller could
+ * set the aCORSUsed true in order to pass this check and leave the aPrincipal
+ * to be a nullptr since the aPrincipal is not going to be used.
*/
void DoDrawImageSecurityCheck(dom::OffscreenCanvas* aOffscreenCanvas,
nsIPrincipal* aPrincipal, bool aForceWriteOnly,
