Commit 0e500df5 authored by abarth@webkit.org's avatar abarth@webkit.org

Canvas security checks show up on HTML5GamingTest benchmark

https://bugs.webkit.org/show_bug.cgi?id=68743

Reviewed by Oliver Hunt.

Prior to this patch, the canvas security checks took as much as 4% of
the time on the HTML5GamingTest benchmark:

http://craftymind.com/factory/guimark2/HTML5GamingTest.html

This patch uses a couple of AtomicStrings and shuffles around the order
of the security check to take this down to around 0.1% (which is near
the noise floor of what I can measure with my profiler).

* html/canvas/CanvasRenderingContext.cpp:
(WebCore::CanvasRenderingContext::wouldTaintOrigin):
* loader/CrossOriginAccessControl.cpp:
(WebCore::passesAccessControlCheck):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95900 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent c60e76cc
2011-09-23 Adam Barth <abarth@webkit.org>
Canvas security checks show up on HTML5GamingTest benchmark
https://bugs.webkit.org/show_bug.cgi?id=68743
Reviewed by Oliver Hunt.
Prior to this patch, the canvas security checks took as much as 4% of
the time on the HTML5GamingTest benchmark:
http://craftymind.com/factory/guimark2/HTML5GamingTest.html
This patch uses a couple of AtomicStrings and shuffles around the order
of the security check to take this down to around 0.1% (which is near
the noise floor of what I can measure with my profiler).
* html/canvas/CanvasRenderingContext.cpp:
(WebCore::CanvasRenderingContext::wouldTaintOrigin):
* loader/CrossOriginAccessControl.cpp:
(WebCore::passesAccessControlCheck):
2011-09-23 Justin Novosad <junov@chromium.org>
Unwarranted DOM Exception when canvas2D drawImage is called with src
......@@ -61,15 +61,10 @@ bool CanvasRenderingContext::wouldTaintOrigin(const HTMLImageElement* image)
return false;
CachedImage* cachedImage = image->cachedImage();
if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) {
if (wouldTaintOrigin(cachedImage->response().url()))
return true;
}
if (!cachedImage->image()->hasSingleSecurityOrigin())
return true;
return false;
return wouldTaintOrigin(cachedImage->response().url()) && !cachedImage->passesAccessControlCheck(canvas()->securityOrigin());
}
bool CanvasRenderingContext::wouldTaintOrigin(const HTMLVideoElement* video)
......
......@@ -136,9 +136,12 @@ ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque
bool passesAccessControlCheck(const ResourceResponse& response, StoredCredentials includeCredentials, SecurityOrigin* securityOrigin, String& errorDescription)
{
AtomicallyInitializedStatic(AtomicString, accessControlAllowOrigin = "access-control-allow-origin");
AtomicallyInitializedStatic(AtomicString, accessControlAllowCredentials = "access-control-allow-credentials");
// A wildcard Access-Control-Allow-Origin can not be used if credentials are to be sent,
// even with Access-Control-Allow-Credentials set to true.
const String& accessControlOriginString = response.httpHeaderField("Access-Control-Allow-Origin");
const String& accessControlOriginString = response.httpHeaderField(accessControlAllowOrigin);
if (accessControlOriginString == "*" && includeCredentials == DoNotAllowStoredCredentials)
return true;
......@@ -158,7 +161,7 @@ bool passesAccessControlCheck(const ResourceResponse& response, StoredCredential
}
if (includeCredentials == AllowStoredCredentials) {
const String& accessControlCredentialsString = response.httpHeaderField("Access-Control-Allow-Credentials");
const String& accessControlCredentialsString = response.httpHeaderField(accessControlAllowCredentials);
if (accessControlCredentialsString != "true") {
errorDescription = "Credentials flag is true, but Access-Control-Allow-Credentials is not \"true\".";
return false;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment