1 /*
2 * Copyright (C) 2006 Eric Seidel <eric@webkit.org>
3 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
4 * Copyright (C) Research In Motion Limited 2011. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
16 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
19 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
22 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
23 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
25 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "config.h"
29
30 #include "core/svg/graphics/SVGImage.h"
31
32 #include "core/animation/AnimationTimeline.h"
33 #include "core/dom/NodeTraversal.h"
34 #include "core/dom/shadow/ComposedTreeWalker.h"
35 #include "core/frame/FrameView.h"
36 #include "core/frame/LocalFrame.h"
37 #include "core/frame/Settings.h"
38 #include "core/loader/FrameLoadRequest.h"
39 #include "core/page/Chrome.h"
40 #include "core/rendering/style/RenderStyle.h"
41 #include "core/rendering/svg/RenderSVGRoot.h"
42 #include "core/svg/SVGDocumentExtensions.h"
43 #include "core/svg/SVGFEImageElement.h"
44 #include "core/svg/SVGImageElement.h"
45 #include "core/svg/SVGSVGElement.h"
46 #include "core/svg/animation/SMILTimeContainer.h"
47 #include "core/svg/graphics/SVGImageChromeClient.h"
48 #include "platform/EventDispatchForbiddenScope.h"
49 #include "platform/LengthFunctions.h"
50 #include "platform/TraceEvent.h"
51 #include "platform/geometry/IntRect.h"
52 #include "platform/graphics/GraphicsContextStateSaver.h"
53 #include "platform/graphics/ImageBuffer.h"
54 #include "platform/graphics/ImageObserver.h"
55 #include "wtf/PassRefPtr.h"
56
57 namespace blink {
58
SVGImage(ImageObserver * observer)59 SVGImage::SVGImage(ImageObserver* observer)
60 : Image(observer)
61 {
62 }
63
~SVGImage()64 SVGImage::~SVGImage()
65 {
66 if (m_page) {
67 // Store m_page in a local variable, clearing m_page, so that SVGImageChromeClient knows we're destructed.
68 OwnPtrWillBeRawPtr<Page> currentPage = m_page.release();
69 // Break both the loader and view references to the frame
70 currentPage->willBeDestroyed();
71 }
72
73 // Verify that page teardown destroyed the Chrome
74 ASSERT(!m_chromeClient || !m_chromeClient->image());
75 }
76
isInSVGImage(const Node * node)77 bool SVGImage::isInSVGImage(const Node* node)
78 {
79 ASSERT(node);
80
81 Page* page = node->document().page();
82 if (!page)
83 return false;
84
85 return page->chrome().client().isSVGImageChromeClient();
86 }
87
currentFrameHasSingleSecurityOrigin() const88 bool SVGImage::currentFrameHasSingleSecurityOrigin() const
89 {
90 if (!m_page)
91 return true;
92
93 LocalFrame* frame = toLocalFrame(m_page->mainFrame());
94
95 RELEASE_ASSERT(frame->document()->loadEventFinished());
96
97 SVGSVGElement* rootElement = frame->document()->accessSVGExtensions().rootElement();
98 if (!rootElement)
99 return true;
100
101 // Don't allow foreignObject elements or images that are not known to be
102 // single-origin since these can leak cross-origin information.
103 ComposedTreeWalker walker(rootElement);
104 while (Node* node = walker.get()) {
105 if (isSVGForeignObjectElement(*node))
106 return false;
107 if (isSVGImageElement(*node)) {
108 if (!toSVGImageElement(*node).currentFrameHasSingleSecurityOrigin())
109 return false;
110 } else if (isSVGFEImageElement(*node)) {
111 if (!toSVGFEImageElement(*node).currentFrameHasSingleSecurityOrigin())
112 return false;
113 }
114 walker.next();
115 }
116
117 // Because SVG image rendering disallows external resources and links, these
118 // images effectively are restricted to a single security origin.
119 return true;
120 }
121
svgRootElement(Page * page)122 static SVGSVGElement* svgRootElement(Page* page)
123 {
124 if (!page)
125 return 0;
126 LocalFrame* frame = toLocalFrame(page->mainFrame());
127 return frame->document()->accessSVGExtensions().rootElement();
128 }
129
setContainerSize(const IntSize & size)130 void SVGImage::setContainerSize(const IntSize& size)
131 {
132 if (!usesContainerSize())
133 return;
134
135 SVGSVGElement* rootElement = svgRootElement(m_page.get());
136 if (!rootElement)
137 return;
138
139 FrameView* view = frameView();
140 view->resize(this->containerSize());
141
142 RenderSVGRoot* renderer = toRenderSVGRoot(rootElement->renderer());
143 if (!renderer)
144 return;
145 renderer->setContainerSize(size);
146 }
147
containerSize() const148 IntSize SVGImage::containerSize() const
149 {
150 SVGSVGElement* rootElement = svgRootElement(m_page.get());
151 if (!rootElement)
152 return IntSize();
153
154 RenderSVGRoot* renderer = toRenderSVGRoot(rootElement->renderer());
155 if (!renderer)
156 return IntSize();
157
158 // If a container size is available it has precedence.
159 IntSize containerSize = renderer->containerSize();
160 if (!containerSize.isEmpty())
161 return containerSize;
162
163 // Assure that a container size is always given for a non-identity zoom level.
164 ASSERT(renderer->style()->effectiveZoom() == 1);
165
166 FloatSize intrinsicSize;
167 double intrinsicRatio = 0;
168 renderer->computeIntrinsicRatioInformation(intrinsicSize, intrinsicRatio);
169
170 if (intrinsicSize.isEmpty() && intrinsicRatio) {
171 if (!intrinsicSize.width() && intrinsicSize.height())
172 intrinsicSize.setWidth(intrinsicSize.height() * intrinsicRatio);
173 else if (intrinsicSize.width() && !intrinsicSize.height())
174 intrinsicSize.setHeight(intrinsicSize.width() / intrinsicRatio);
175 }
176
177 if (!intrinsicSize.isEmpty())
178 return expandedIntSize(intrinsicSize);
179
180 // As last resort, use CSS replaced element fallback size.
181 return IntSize(300, 150);
182 }
183
drawForContainer(GraphicsContext * context,const FloatSize containerSize,float zoom,const FloatRect & dstRect,const FloatRect & srcRect,CompositeOperator compositeOp,blink::WebBlendMode blendMode)184 void SVGImage::drawForContainer(GraphicsContext* context, const FloatSize containerSize, float zoom, const FloatRect& dstRect,
185 const FloatRect& srcRect, CompositeOperator compositeOp, blink::WebBlendMode blendMode)
186 {
187 if (!m_page)
188 return;
189
190 // Temporarily disable the image observer to prevent changeInRect() calls due re-laying out the image.
191 ImageObserverDisabler imageObserverDisabler(this);
192
193 IntSize roundedContainerSize = roundedIntSize(containerSize);
194 setContainerSize(roundedContainerSize);
195
196 FloatRect scaledSrc = srcRect;
197 scaledSrc.scale(1 / zoom);
198
199 // Compensate for the container size rounding by adjusting the source rect.
200 FloatSize adjustedSrcSize = scaledSrc.size();
201 adjustedSrcSize.scale(roundedContainerSize.width() / containerSize.width(), roundedContainerSize.height() / containerSize.height());
202 scaledSrc.setSize(adjustedSrcSize);
203
204 draw(context, dstRect, scaledSrc, compositeOp, blendMode);
205 }
206
nativeImageForCurrentFrame()207 PassRefPtr<NativeImageSkia> SVGImage::nativeImageForCurrentFrame()
208 {
209 if (!m_page)
210 return nullptr;
211
212 OwnPtr<ImageBuffer> buffer = ImageBuffer::create(size());
213 if (!buffer)
214 return nullptr;
215
216 drawForContainer(buffer->context(), size(), 1, rect(), rect(), CompositeSourceOver, blink::WebBlendModeNormal);
217
218 // FIXME: WK(Bug 113657): We should use DontCopyBackingStore here.
219 return buffer->copyImage(CopyBackingStore)->nativeImageForCurrentFrame();
220 }
221
drawPatternForContainer(GraphicsContext * context,const FloatSize containerSize,float zoom,const FloatRect & srcRect,const FloatSize & scale,const FloatPoint & phase,CompositeOperator compositeOp,const FloatRect & dstRect,blink::WebBlendMode blendMode,const IntSize & repeatSpacing)222 void SVGImage::drawPatternForContainer(GraphicsContext* context, const FloatSize containerSize, float zoom, const FloatRect& srcRect,
223 const FloatSize& scale, const FloatPoint& phase, CompositeOperator compositeOp, const FloatRect& dstRect, blink::WebBlendMode blendMode, const IntSize& repeatSpacing)
224 {
225 FloatRect zoomedContainerRect = FloatRect(FloatPoint(), containerSize);
226 zoomedContainerRect.scale(zoom);
227
228 // The ImageBuffer size needs to be scaled to match the final resolution.
229 // FIXME: No need to get the full CTM here, we just need the scale.
230 // FIXME: See crbug.com/382491. This scale does not reflect compositor applied
231 // scale factors, such a High DPI or device zoom.
232 AffineTransform transform = context->getCTM();
233 FloatSize imageBufferScale = FloatSize(transform.xScale(), transform.yScale());
234 ASSERT(imageBufferScale.width());
235 ASSERT(imageBufferScale.height());
236
237 FloatSize scaleWithoutCTM(scale.width() / imageBufferScale.width(), scale.height() / imageBufferScale.height());
238
239 FloatRect imageBufferSize = zoomedContainerRect;
240 imageBufferSize.scale(imageBufferScale.width(), imageBufferScale.height());
241
242 OwnPtr<ImageBuffer> buffer = ImageBuffer::create(expandedIntSize(imageBufferSize.size()));
243 if (!buffer) // Failed to allocate buffer.
244 return;
245
246 drawForContainer(buffer->context(), containerSize, zoom, imageBufferSize, zoomedContainerRect, CompositeSourceOver, blink::WebBlendModeNormal);
247 RefPtr<Image> image = buffer->copyImage(DontCopyBackingStore, Unscaled);
248
249 // Adjust the source rect and transform due to the image buffer's scaling.
250 FloatRect scaledSrcRect = srcRect;
251 scaledSrcRect.scale(imageBufferScale.width(), imageBufferScale.height());
252
253 image->drawPattern(context, scaledSrcRect, scaleWithoutCTM, phase, compositeOp, dstRect, blendMode, repeatSpacing);
254 }
255
draw(GraphicsContext * context,const FloatRect & dstRect,const FloatRect & srcRect,CompositeOperator compositeOp,blink::WebBlendMode blendMode)256 void SVGImage::draw(GraphicsContext* context, const FloatRect& dstRect, const FloatRect& srcRect, CompositeOperator compositeOp, blink::WebBlendMode blendMode)
257 {
258 if (!m_page)
259 return;
260
261 GraphicsContextStateSaver stateSaver(*context);
262 context->setCompositeOperation(compositeOp, blendMode);
263 context->clip(enclosingIntRect(dstRect));
264
265 bool compositingRequiresTransparencyLayer = compositeOp != CompositeSourceOver || blendMode != blink::WebBlendModeNormal;
266 float opacity = context->getNormalizedAlpha() / 255.f;
267 bool requiresTransparencyLayer = compositingRequiresTransparencyLayer || opacity < 1;
268 if (requiresTransparencyLayer) {
269 context->beginTransparencyLayer(opacity);
270 if (compositingRequiresTransparencyLayer)
271 context->setCompositeOperation(CompositeSourceOver, blink::WebBlendModeNormal);
272 }
273
274 FloatSize scale(dstRect.width() / srcRect.width(), dstRect.height() / srcRect.height());
275
276 // We can only draw the entire frame, clipped to the rect we want. So compute where the top left
277 // of the image would be if we were drawing without clipping, and translate accordingly.
278 FloatSize topLeftOffset(srcRect.location().x() * scale.width(), srcRect.location().y() * scale.height());
279 FloatPoint destOffset = dstRect.location() - topLeftOffset;
280
281 context->translate(destOffset.x(), destOffset.y());
282 context->scale(scale.width(), scale.height());
283
284 FrameView* view = frameView();
285 view->resize(containerSize());
286
287 if (!m_url.isEmpty())
288 view->scrollToFragment(m_url);
289
290 view->updateLayoutAndStyleForPainting();
291 view->paint(context, enclosingIntRect(srcRect));
292 ASSERT(!view->needsLayout());
293
294 if (requiresTransparencyLayer)
295 context->endLayer();
296
297 stateSaver.restore();
298
299 if (imageObserver())
300 imageObserver()->didDraw(this);
301
302 // Start any (SMIL) animations if needed. This will restart or continue
303 // animations if preceded by calls to resetAnimation or stopAnimation
304 // respectively.
305 startAnimation();
306 }
307
embeddedContentBox() const308 RenderBox* SVGImage::embeddedContentBox() const
309 {
310 SVGSVGElement* rootElement = svgRootElement(m_page.get());
311 if (!rootElement)
312 return 0;
313 return toRenderBox(rootElement->renderer());
314 }
315
frameView() const316 FrameView* SVGImage::frameView() const
317 {
318 if (!m_page)
319 return 0;
320
321 return toLocalFrame(m_page->mainFrame())->view();
322 }
323
computeIntrinsicDimensions(Length & intrinsicWidth,Length & intrinsicHeight,FloatSize & intrinsicRatio)324 void SVGImage::computeIntrinsicDimensions(Length& intrinsicWidth, Length& intrinsicHeight, FloatSize& intrinsicRatio)
325 {
326 SVGSVGElement* rootElement = svgRootElement(m_page.get());
327 if (!rootElement)
328 return;
329
330 intrinsicWidth = rootElement->intrinsicWidth();
331 intrinsicHeight = rootElement->intrinsicHeight();
332 if (rootElement->preserveAspectRatio()->currentValue()->align() == SVGPreserveAspectRatio::SVG_PRESERVEASPECTRATIO_NONE)
333 return;
334
335 intrinsicRatio = rootElement->viewBox()->currentValue()->value().size();
336 if (intrinsicRatio.isEmpty() && intrinsicWidth.isFixed() && intrinsicHeight.isFixed())
337 intrinsicRatio = FloatSize(floatValueForLength(intrinsicWidth, 0), floatValueForLength(intrinsicHeight, 0));
338 }
339
340 // FIXME: support CatchUpAnimation = CatchUp.
startAnimation(CatchUpAnimation)341 void SVGImage::startAnimation(CatchUpAnimation)
342 {
343 SVGSVGElement* rootElement = svgRootElement(m_page.get());
344 if (!rootElement || !rootElement->animationsPaused())
345 return;
346 rootElement->unpauseAnimations();
347 }
348
stopAnimation()349 void SVGImage::stopAnimation()
350 {
351 SVGSVGElement* rootElement = svgRootElement(m_page.get());
352 if (!rootElement)
353 return;
354 rootElement->pauseAnimations();
355 }
356
resetAnimation()357 void SVGImage::resetAnimation()
358 {
359 SVGSVGElement* rootElement = svgRootElement(m_page.get());
360 if (!rootElement)
361 return;
362 rootElement->pauseAnimations();
363 rootElement->setCurrentTime(0);
364 }
365
hasAnimations() const366 bool SVGImage::hasAnimations() const
367 {
368 SVGSVGElement* rootElement = svgRootElement(m_page.get());
369 if (!rootElement)
370 return false;
371 return rootElement->timeContainer()->hasAnimations() || toLocalFrame(m_page->mainFrame())->document()->timeline().hasPendingUpdates();
372 }
373
dataChanged(bool allDataReceived)374 bool SVGImage::dataChanged(bool allDataReceived)
375 {
376 TRACE_EVENT0("blink", "SVGImage::dataChanged");
377
378 // Don't do anything if is an empty image.
379 if (!data()->size())
380 return true;
381
382 if (allDataReceived) {
383 // SVGImage will fire events (and the default C++ handlers run) but doesn't
384 // actually allow script to run so it's fine to call into it. We allow this
385 // since it means an SVG data url can synchronously load like other image
386 // types.
387 EventDispatchForbiddenScope::AllowUserAgentEvents allowUserAgentEvents;
388
389 static FrameLoaderClient* dummyFrameLoaderClient = new EmptyFrameLoaderClient;
390
391 Page::PageClients pageClients;
392 fillWithEmptyClients(pageClients);
393 m_chromeClient = adoptPtr(new SVGImageChromeClient(this));
394 pageClients.chromeClient = m_chromeClient.get();
395
396 // FIXME: If this SVG ends up loading itself, we might leak the world.
397 // The Cache code does not know about ImageResources holding Frames and
398 // won't know to break the cycle.
399 // This will become an issue when SVGImage will be able to load other
400 // SVGImage objects, but we're safe now, because SVGImage can only be
401 // loaded by a top-level document.
402 OwnPtrWillBeRawPtr<Page> page;
403 {
404 TRACE_EVENT0("blink", "SVGImage::dataChanged::createPage");
405 page = adoptPtrWillBeNoop(new Page(pageClients));
406 page->settings().setScriptEnabled(false);
407 page->settings().setPluginsEnabled(false);
408 page->settings().setAcceleratedCompositingEnabled(false);
409 }
410
411 RefPtrWillBeRawPtr<LocalFrame> frame = nullptr;
412 {
413 TRACE_EVENT0("blink", "SVGImage::dataChanged::createFrame");
414 frame = LocalFrame::create(dummyFrameLoaderClient, &page->frameHost(), 0);
415 frame->setView(FrameView::create(frame.get()));
416 frame->init();
417 }
418
419 FrameLoader& loader = frame->loader();
420 loader.forceSandboxFlags(SandboxAll);
421
422 frame->view()->setScrollbarsSuppressed(true);
423 frame->view()->setCanHaveScrollbars(false); // SVG Images will always synthesize a viewBox, if it's not available, and thus never see scrollbars.
424 frame->view()->setTransparent(true); // SVG Images are transparent.
425
426 m_page = page.release();
427
428 TRACE_EVENT0("blink", "SVGImage::dataChanged::load");
429 loader.load(FrameLoadRequest(0, blankURL(), SubstituteData(data(), AtomicString("image/svg+xml", AtomicString::ConstructFromLiteral),
430 AtomicString("UTF-8", AtomicString::ConstructFromLiteral), KURL(), ForceSynchronousLoad)));
431 // Set the intrinsic size before a container size is available.
432 m_intrinsicSize = containerSize();
433 }
434
435 return m_page;
436 }
437
filenameExtension() const438 String SVGImage::filenameExtension() const
439 {
440 return "svg";
441 }
442
443 }
444