summaryrefslogtreecommitdiff
path: root/Source/WebCore/loader/ImageLoader.cpp
diff options
context:
space:
mode:
authorLorry Tar Creator <lorry-tar-importer@lorry>2016-04-10 09:28:39 +0000
committerLorry Tar Creator <lorry-tar-importer@lorry>2016-04-10 09:28:39 +0000
commit32761a6cee1d0dee366b885b7b9c777e67885688 (patch)
treed6bec92bebfb216f4126356e55518842c2f476a1 /Source/WebCore/loader/ImageLoader.cpp
parenta4e969f4965059196ca948db781e52f7cfebf19e (diff)
downloadWebKitGtk-tarball-32761a6cee1d0dee366b885b7b9c777e67885688.tar.gz
webkitgtk-2.4.11webkitgtk-2.4.11
Diffstat (limited to 'Source/WebCore/loader/ImageLoader.cpp')
-rw-r--r--Source/WebCore/loader/ImageLoader.cpp171
1 files changed, 89 insertions, 82 deletions
diff --git a/Source/WebCore/loader/ImageLoader.cpp b/Source/WebCore/loader/ImageLoader.cpp
index 0c30dab5f..13c32ffa8 100644
--- a/Source/WebCore/loader/ImageLoader.cpp
+++ b/Source/WebCore/loader/ImageLoader.cpp
@@ -34,12 +34,13 @@
#include "HTMLNames.h"
#include "HTMLObjectElement.h"
#include "HTMLParserIdioms.h"
-#include "Page.h"
#include "RenderImage.h"
-#include "RenderSVGImage.h"
+#include "ScriptCallStack.h"
#include "SecurityOrigin.h"
-#include <wtf/NeverDestroyed.h>
+#if ENABLE(SVG)
+#include "RenderSVGImage.h"
+#endif
#if ENABLE(VIDEO)
#include "RenderVideo.h"
#endif
@@ -54,7 +55,8 @@ template<> struct ValueCheck<WebCore::ImageLoader*> {
{
if (!p)
return;
- ValueCheck<WebCore::Element*>::checkConsistency(&p->element());
+ ASSERT(p->element());
+ ValueCheck<WebCore::Element*>::checkConsistency(p->element());
}
};
@@ -65,32 +67,32 @@ namespace WebCore {
static ImageEventSender& beforeLoadEventSender()
{
- static NeverDestroyed<ImageEventSender> sender(eventNames().beforeloadEvent);
+ DEFINE_STATIC_LOCAL(ImageEventSender, sender, (eventNames().beforeloadEvent));
return sender;
}
static ImageEventSender& loadEventSender()
{
- static NeverDestroyed<ImageEventSender> sender(eventNames().loadEvent);
+ DEFINE_STATIC_LOCAL(ImageEventSender, sender, (eventNames().loadEvent));
return sender;
}
static ImageEventSender& errorEventSender()
{
- static NeverDestroyed<ImageEventSender> sender(eventNames().errorEvent);
+ DEFINE_STATIC_LOCAL(ImageEventSender, sender, (eventNames().errorEvent));
return sender;
}
static inline bool pageIsBeingDismissed(Document& document)
{
Frame* frame = document.frame();
- return frame && frame->loader().pageDismissalEventBeingDispatched() != FrameLoader::PageDismissalType::None;
+ return frame && frame->loader().pageDismissalEventBeingDispatched() != FrameLoader::NoDismissal;
}
-ImageLoader::ImageLoader(Element& element)
+ImageLoader::ImageLoader(Element* element)
: m_element(element)
- , m_image(nullptr)
- , m_derefElementTimer(*this, &ImageLoader::timerFired)
+ , m_image(0)
+ , m_derefElementTimer(this, &ImageLoader::timerFired)
, m_hasPendingBeforeLoadEvent(false)
, m_hasPendingLoadEvent(false)
, m_hasPendingErrorEvent(false)
@@ -105,47 +107,54 @@ ImageLoader::~ImageLoader()
if (m_image)
m_image->removeClient(this);
- ASSERT(m_hasPendingBeforeLoadEvent || !beforeLoadEventSender().hasPendingEvents(*this));
+ ASSERT(m_hasPendingBeforeLoadEvent || !beforeLoadEventSender().hasPendingEvents(this));
if (m_hasPendingBeforeLoadEvent)
- beforeLoadEventSender().cancelEvent(*this);
+ beforeLoadEventSender().cancelEvent(this);
- ASSERT(m_hasPendingLoadEvent || !loadEventSender().hasPendingEvents(*this));
+ ASSERT(m_hasPendingLoadEvent || !loadEventSender().hasPendingEvents(this));
if (m_hasPendingLoadEvent)
- loadEventSender().cancelEvent(*this);
+ loadEventSender().cancelEvent(this);
- ASSERT(m_hasPendingErrorEvent || !errorEventSender().hasPendingEvents(*this));
+ ASSERT(m_hasPendingErrorEvent || !errorEventSender().hasPendingEvents(this));
if (m_hasPendingErrorEvent)
- errorEventSender().cancelEvent(*this);
+ errorEventSender().cancelEvent(this);
+
+ // If the ImageLoader is being destroyed but it is still protecting its image-loading Element,
+ // remove that protection here.
+ if (m_elementIsProtected)
+ m_element->deref();
}
-void ImageLoader::clearImage()
+void ImageLoader::setImage(CachedImage* newImage)
{
- clearImageWithoutConsideringPendingLoadEvent();
+ setImageWithoutConsideringPendingLoadEvent(newImage);
// Only consider updating the protection ref-count of the Element immediately before returning
// from this function as doing so might result in the destruction of this ImageLoader.
updatedHasPendingEvent();
}
-void ImageLoader::clearImageWithoutConsideringPendingLoadEvent()
+void ImageLoader::setImageWithoutConsideringPendingLoadEvent(CachedImage* newImage)
{
ASSERT(m_failedLoadURL.isEmpty());
CachedImage* oldImage = m_image.get();
- if (oldImage) {
- m_image = nullptr;
+ if (newImage != oldImage) {
+ m_image = newImage;
if (m_hasPendingBeforeLoadEvent) {
- beforeLoadEventSender().cancelEvent(*this);
+ beforeLoadEventSender().cancelEvent(this);
m_hasPendingBeforeLoadEvent = false;
}
if (m_hasPendingLoadEvent) {
- loadEventSender().cancelEvent(*this);
+ loadEventSender().cancelEvent(this);
m_hasPendingLoadEvent = false;
}
if (m_hasPendingErrorEvent) {
- errorEventSender().cancelEvent(*this);
+ errorEventSender().cancelEvent(this);
m_hasPendingErrorEvent = false;
}
m_imageComplete = true;
+ if (newImage)
+ newImage->addClient(this);
if (oldImage)
oldImage->removeClient(this);
}
@@ -156,45 +165,40 @@ void ImageLoader::clearImageWithoutConsideringPendingLoadEvent()
void ImageLoader::updateFromElement()
{
- // If we're not making renderers for the page, then don't load images. We don't want to slow
+ // If we're not making renderers for the page, then don't load images. We don't want to slow
// down the raw HTML parsing case by loading images we don't intend to display.
- Document& document = element().document();
+ Document& document = m_element->document();
if (!document.hasLivingRenderTree())
return;
- AtomicString attr = element().imageSourceURL();
+ AtomicString attr = m_element->imageSourceURL();
- // Avoid loading a URL we already failed to load.
- if (!m_failedLoadURL.isEmpty() && attr == m_failedLoadURL)
+ if (attr == m_failedLoadURL)
return;
// Do not load any image if the 'src' attribute is missing or if it is
// an empty string.
- CachedResourceHandle<CachedImage> newImage = nullptr;
+ CachedResourceHandle<CachedImage> newImage = 0;
if (!attr.isNull() && !stripLeadingAndTrailingHTMLSpaces(attr).isEmpty()) {
- ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
- options.setContentSecurityPolicyImposition(element().isInUserAgentShadowTree() ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
-
- CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))), options);
- request.setInitiator(&element());
+ CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))));
+ request.setInitiator(element());
- String crossOriginMode = element().fastGetAttribute(HTMLNames::crossoriginAttr);
+ String crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossoriginAttr);
if (!crossOriginMode.isNull()) {
- StoredCredentials allowCredentials = equalLettersIgnoringASCIICase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
+ StoredCredentials allowCredentials = equalIgnoringCase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
updateRequestForAccessControl(request.mutableResourceRequest(), document.securityOrigin(), allowCredentials);
}
if (m_loadManually) {
- bool autoLoadOtherImages = document.cachedResourceLoader().autoLoadImages();
- document.cachedResourceLoader().setAutoLoadImages(false);
- newImage = new CachedImage(request.resourceRequest(), m_element.document().page()->sessionID());
- newImage->setStatus(CachedResource::Pending);
+ bool autoLoadOtherImages = document.cachedResourceLoader()->autoLoadImages();
+ document.cachedResourceLoader()->setAutoLoadImages(false);
+ newImage = new CachedImage(request.resourceRequest());
newImage->setLoading(true);
- newImage->setOwningCachedResourceLoader(&document.cachedResourceLoader());
- document.cachedResourceLoader().m_documentResources.set(newImage->url(), newImage.get());
- document.cachedResourceLoader().setAutoLoadImages(autoLoadOtherImages);
+ newImage->setOwningCachedResourceLoader(document.cachedResourceLoader());
+ document.cachedResourceLoader()->m_documentResources.set(newImage->url(), newImage.get());
+ document.cachedResourceLoader()->setAutoLoadImages(autoLoadOtherImages);
} else
- newImage = document.cachedResourceLoader().requestImage(request);
+ newImage = document.cachedResourceLoader()->requestImage(request);
// If we do not have an image here, it means that a cross-site
// violation occurred, or that the image was blocked via Content
@@ -203,24 +207,24 @@ void ImageLoader::updateFromElement()
if (!newImage && !pageIsBeingDismissed(document)) {
m_failedLoadURL = attr;
m_hasPendingErrorEvent = true;
- errorEventSender().dispatchEventSoon(*this);
+ errorEventSender().dispatchEventSoon(this);
} else
clearFailedLoadURL();
} else if (!attr.isNull()) {
// Fire an error event if the url is empty.
m_failedLoadURL = attr;
m_hasPendingErrorEvent = true;
- errorEventSender().dispatchEventSoon(*this);
+ errorEventSender().dispatchEventSoon(this);
}
CachedImage* oldImage = m_image.get();
if (newImage != oldImage) {
if (m_hasPendingBeforeLoadEvent) {
- beforeLoadEventSender().cancelEvent(*this);
+ beforeLoadEventSender().cancelEvent(this);
m_hasPendingBeforeLoadEvent = false;
}
if (m_hasPendingLoadEvent) {
- loadEventSender().cancelEvent(*this);
+ loadEventSender().cancelEvent(this);
m_hasPendingLoadEvent = false;
}
@@ -229,7 +233,7 @@ void ImageLoader::updateFromElement()
// this load and we should not cancel the event.
// FIXME: If both previous load and this one got blocked with an error, we can receive one error event instead of two.
if (m_hasPendingErrorEvent && newImage) {
- errorEventSender().cancelEvent(*this);
+ errorEventSender().cancelEvent(this);
m_hasPendingErrorEvent = false;
}
@@ -243,7 +247,7 @@ void ImageLoader::updateFromElement()
if (!document.hasListenerType(Document::BEFORELOAD_LISTENER))
dispatchPendingBeforeLoadEvent();
else
- beforeLoadEventSender().dispatchEventSoon(*this);
+ beforeLoadEventSender().dispatchEventSoon(this);
} else
updateRenderer();
@@ -252,10 +256,8 @@ void ImageLoader::updateFromElement()
// dispatched.
newImage->addClient(this);
}
- if (oldImage) {
+ if (oldImage)
oldImage->removeClient(this);
- updateRenderer();
- }
}
if (RenderImageResource* imageResource = renderImageResource())
@@ -284,14 +286,17 @@ void ImageLoader::notifyFinished(CachedResource* resource)
if (!m_hasPendingLoadEvent)
return;
- if (element().fastHasAttribute(HTMLNames::crossoriginAttr) && !resource->passesSameOriginPolicyCheck(*element().document().securityOrigin())) {
- clearImageWithoutConsideringPendingLoadEvent();
+ if (m_element->fastHasAttribute(HTMLNames::crossoriginAttr)
+ && !m_element->document().securityOrigin()->canRequest(image()->response().url())
+ && !resource->passesAccessControlCheck(m_element->document().securityOrigin())) {
+
+ setImageWithoutConsideringPendingLoadEvent(0);
m_hasPendingErrorEvent = true;
- errorEventSender().dispatchEventSoon(*this);
+ errorEventSender().dispatchEventSoon(this);
- static NeverDestroyed<String> consoleMessage(ASCIILiteral("Cross-origin image load denied by Cross-Origin Resource Sharing policy."));
- element().document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, consoleMessage);
+ DEFINE_STATIC_LOCAL(String, consoleMessage, (ASCIILiteral("Cross-origin image load denied by Cross-Origin Resource Sharing policy.")));
+ m_element->document().addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, consoleMessage);
ASSERT(!m_hasPendingLoadEvent);
@@ -309,26 +314,28 @@ void ImageLoader::notifyFinished(CachedResource* resource)
return;
}
- loadEventSender().dispatchEventSoon(*this);
+ loadEventSender().dispatchEventSoon(this);
}
RenderImageResource* ImageLoader::renderImageResource()
{
- auto* renderer = element().renderer();
+ auto renderer = m_element->renderer();
if (!renderer)
return nullptr;
// We don't return style generated image because it doesn't belong to the ImageLoader.
// See <https://bugs.webkit.org/show_bug.cgi?id=42840>
- if (is<RenderImage>(*renderer) && !downcast<RenderImage>(*renderer).isGeneratedContent())
- return &downcast<RenderImage>(*renderer).imageResource();
+ if (renderer->isRenderImage() && !toRenderImage(*renderer).isGeneratedContent())
+ return &toRenderImage(*renderer).imageResource();
- if (is<RenderSVGImage>(*renderer))
- return &downcast<RenderSVGImage>(*renderer).imageResource();
+#if ENABLE(SVG)
+ if (renderer->isSVGImage())
+ return &toRenderSVGImage(renderer)->imageResource();
+#endif
#if ENABLE(VIDEO)
- if (is<RenderVideo>(*renderer))
- return &downcast<RenderVideo>(*renderer).imageResource();
+ if (renderer->isVideo())
+ return &toRenderVideo(*renderer).imageResource();
#endif
return nullptr;
@@ -342,7 +349,7 @@ void ImageLoader::updateRenderer()
return;
// Only update the renderer if it doesn't have an image or if what we have
- // is a complete image. This prevents flickering in the case where a dynamic
+ // is a complete image. This prevents flickering in the case where a dynamic
// change is happening between two images.
CachedImage* cachedImage = imageResource->cachedImage();
if (m_image != cachedImage && (m_imageComplete || !cachedImage))
@@ -364,16 +371,16 @@ void ImageLoader::updatedHasPendingEvent()
if (m_derefElementTimer.isActive())
m_derefElementTimer.stop();
else
- m_protectedElement = &element();
+ m_element->ref();
} else {
ASSERT(!m_derefElementTimer.isActive());
m_derefElementTimer.startOneShot(0);
}
}
-void ImageLoader::timerFired()
+void ImageLoader::timerFired(Timer<ImageLoader>&)
{
- m_protectedElement = nullptr;
+ m_element->deref();
}
void ImageLoader::dispatchPendingEvent(ImageEventSender* eventSender)
@@ -394,23 +401,23 @@ void ImageLoader::dispatchPendingBeforeLoadEvent()
return;
if (!m_image)
return;
- if (!element().document().hasLivingRenderTree())
+ if (!m_element->document().hasLivingRenderTree())
return;
m_hasPendingBeforeLoadEvent = false;
- if (element().dispatchBeforeLoadEvent(m_image->url())) {
+ if (m_element->dispatchBeforeLoadEvent(m_image->url())) {
updateRenderer();
return;
}
if (m_image) {
m_image->removeClient(this);
- m_image = nullptr;
+ m_image = 0;
}
- loadEventSender().cancelEvent(*this);
+ loadEventSender().cancelEvent(this);
m_hasPendingLoadEvent = false;
- if (is<HTMLObjectElement>(element()))
- downcast<HTMLObjectElement>(element()).renderFallbackContent();
+ if (isHTMLObjectElement(m_element))
+ toHTMLObjectElement(m_element)->renderFallbackContent();
// Only consider updating the protection ref-count of the Element immediately before returning
// from this function as doing so might result in the destruction of this ImageLoader.
@@ -424,7 +431,7 @@ void ImageLoader::dispatchPendingLoadEvent()
if (!m_image)
return;
m_hasPendingLoadEvent = false;
- if (element().document().hasLivingRenderTree())
+ if (m_element->document().hasLivingRenderTree())
dispatchLoadEvent();
// Only consider updating the protection ref-count of the Element immediately before returning
@@ -437,8 +444,8 @@ void ImageLoader::dispatchPendingErrorEvent()
if (!m_hasPendingErrorEvent)
return;
m_hasPendingErrorEvent = false;
- if (element().document().hasLivingRenderTree())
- element().dispatchEvent(Event::create(eventNames().errorEvent, false, false));
+ if (m_element->document().hasLivingRenderTree())
+ m_element->dispatchEvent(Event::create(eventNames().errorEvent, false, false));
// Only consider updating the protection ref-count of the Element immediately before returning
// from this function as doing so might result in the destruction of this ImageLoader.
@@ -463,7 +470,7 @@ void ImageLoader::dispatchPendingErrorEvents()
void ImageLoader::elementDidMoveToNewDocument()
{
clearFailedLoadURL();
- clearImage();
+ setImage(0);
}
inline void ImageLoader::clearFailedLoadURL()
View Lorry Controller Status