prevent costumes with imported CORS-tainted canvases

expected to fix #155, #154, #151, #148, #147, #127 for future projects
2013-09-18 15:34:59 +02:00 · 2013-09-18 15:34:59 +02:00 · e9afcc9ec3
commit e9afcc9ec3
--- a/gui.js
+++ b/gui.js
@ -68,7 +68,7 @@ sb, CommentMorph, CommandBlockMorph*/

 // Global stuff ////////////////////////////////////////////////////////

-modules.gui = '2013-September-17';
+modules.gui = '2013-September-18';

 // Declarations

@ -1488,6 +1488,19 @@ IDE_Morph.prototype.droppedImage = function (aCanvas, name) {
        aCanvas,
        name ? name.split('.')[0] : '' // up to period
    );
+
+    if (costume.isTainted()) {
+        this.inform(
+            'Unable to import this image',
+            'The picture you wish to import has been\n' +
+                'tainted by a restrictive cross-origin policy\n' +
+                'making it unusable for costumes in Snap!. \n\n' +
+                'Try downloading this picture first to your\n' +
+                'computer, and import it from there.'
+        );
+        return;
+    }
+
    this.currentSprite.addCostume(costume);
    this.currentSprite.wearCostume(costume);
    this.spriteBar.tabBar.tabTo('costumes');
--- a/history.txt
+++ b/history.txt
@ -1912,3 +1912,7 @@ ______
 * GUI: fixed #119, #149 (accessing a shared projects requires lowercasing the username)
 * Portuguese translation update for SPLIT block, thanks, Manuel!
 * Store, Objects: prevent costumes from being drawn while they are loading, fixes parts of #154
+
+130918
+------
+* Objects, GUI: prevent costumes with CORS-tainted canvases, expected to fix #155, #154, #151, #148, #147, #127 for future projects
--- a/objects.js
+++ b/objects.js
@ -124,7 +124,7 @@ PrototypeHatBlockMorph*/

 // Global stuff ////////////////////////////////////////////////////////

-modules.objects = '2013-September-17';
+modules.objects = '2013-September-18';

 var SpriteMorph;
 var StageMorph;
@ -5246,6 +5246,24 @@ Costume.prototype.thumbnail = function (extentPoint) {
    return trg;
 };

+// Costume catching "tainted" canvases
+
+Costume.prototype.isTainted = function () {
+    // find out whether the canvas has been tainted by cross-origin data
+    // assumes that if reading image data throws an error it is tainted
+    try {
+        this.contents.getContext('2d').getImageData(
+            0,
+            0,
+            this.contents.width,
+            this.contents.height
+        );
+    } catch (err) {
+        return true;
+    }
+    return false;
+};
+
 // SVG_Costume /////////////////////////////////////////////////////////////

 /*