Add QWebEngineSettings::DisableReadingFromCanvas

-  disables reading from canvas.

Fixes: QTBUG-84486
Change-Id: I3e181bfa6e351dea8dfa61f8010bafb94ea8a77d
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

8 files changed, 116 insertions, 0 deletions

diff --git a/src/core/api/qwebenginesettings.h b/src/core/api/qwebenginesettings.h
index 09656f670..8cb10f6a7 100644
--- a/src/core/api/qwebenginesettings.h
+++ b/src/core/api/qwebenginesettings.h
@@ -60,6 +60,7 @@ public:
         DnsPrefetchEnabled,
         PdfViewerEnabled,
         NavigateOnDropEnabled,
+        DisableReadingFromCanvas,
     };
 
     enum FontSize {
diff --git a/src/core/doc/src/qwebenginesettings_lgpl.qdoc b/src/core/doc/src/qwebenginesettings_lgpl.qdoc
index 5cd1e5419..3fdce3ea9 100644
--- a/src/core/doc/src/qwebenginesettings_lgpl.qdoc
+++ b/src/core/doc/src/qwebenginesettings_lgpl.qdoc
@@ -168,6 +168,9 @@
     \value NavigateOnDropEnabled Specifies that navigations can be triggered by dropping URLs on
            the view.
            Enabled by default. (Added in Qt 6.4)
+    \value DisableReadingFromCanvas Specifies that reading from all canvas elements will be disabled.
+           This setting will have impact on all HTML5 canvas elements irrespective of origin.
+           Disabled by default. (Added in Qt 6.6)
 */
 
 /*!
diff --git a/src/core/web_engine_settings.cpp b/src/core/web_engine_settings.cpp
index 906f9fb72..11adc8d19 100644
--- a/src/core/web_engine_settings.cpp
+++ b/src/core/web_engine_settings.cpp
@@ -262,6 +262,9 @@ void WebEngineSettings::initDefaults()
         s_defaultAttributes.insert(QWebEngineSettings::PdfViewerEnabled, false);
 #endif
         s_defaultAttributes.insert(QWebEngineSettings::NavigateOnDropEnabled, true);
+        bool readingFromCanvas =
+                commandLine->HasSwitch(switches::kDisableReadingFromCanvas);
+        s_defaultAttributes.insert(QWebEngineSettings::DisableReadingFromCanvas, readingFromCanvas);
     }
 
     if (s_defaultFontFamilies.isEmpty()) {
@@ -370,6 +373,7 @@ void WebEngineSettings::applySettingsToWebPreferences(blink::web_pref::WebPrefer
     prefs->dom_paste_enabled = testAttribute(QWebEngineSettings::JavascriptCanPaste);
     prefs->dns_prefetching_enabled = testAttribute(QWebEngineSettings::DnsPrefetchEnabled);
     prefs->navigate_on_drag_drop = testAttribute(QWebEngineSettings::NavigateOnDropEnabled);
+    prefs->disable_reading_from_canvas = testAttribute(QWebEngineSettings::DisableReadingFromCanvas);
 
     // Fonts settings.
     prefs->standard_font_family_map[blink::web_pref::kCommonScript] =
diff --git a/src/webenginequick/api/qquickwebenginesettings.cpp b/src/webenginequick/api/qquickwebenginesettings.cpp
index 6d64c1d3b..54407cc2f 100644
--- a/src/webenginequick/api/qquickwebenginesettings.cpp
+++ b/src/webenginequick/api/qquickwebenginesettings.cpp
@@ -433,6 +433,20 @@ bool QQuickWebEngineSettings::navigateOnDropEnabled() const
 }
 
 /*!
+    \qmlproperty bool WebEngineSettings::disableReadingFromCanvas
+    \since QtWebEngine 6.6
+
+    Disables JavaScript reading from canvas elements.
+    This setting will have impact on all HTML5 canvas elements irrespective of origin.
+
+    Disabled by default.
+ */
+bool QQuickWebEngineSettings::disableReadingFromCanvas() const
+{
+    return d_ptr->testAttribute(QWebEngineSettings::DisableReadingFromCanvas);
+}
+
+/*!
     \qmlproperty string WebEngineSettings::defaultTextEncoding
     \since QtWebEngine 1.2
 
@@ -715,6 +729,14 @@ void QQuickWebEngineSettings::setNavigateOnDropEnabled(bool on)
         Q_EMIT navigateOnDropEnabledChanged();
 }
 
+void QQuickWebEngineSettings::setDisableReadingFromCanvas(bool on)
+{
+    bool wasOn = d_ptr->testAttribute(QWebEngineSettings::DisableReadingFromCanvas);
+    d_ptr->setAttribute(QWebEngineSettings::DisableReadingFromCanvas, on);
+    if (wasOn != on)
+        Q_EMIT disableReadingFromCanvasChanged();
+}
+
 void QQuickWebEngineSettings::setUnknownUrlSchemePolicy(QQuickWebEngineSettings::UnknownUrlSchemePolicy policy)
 {
     QWebEngineSettings::UnknownUrlSchemePolicy oldPolicy = d_ptr->unknownUrlSchemePolicy();
diff --git a/src/webenginequick/api/qquickwebenginesettings_p.h b/src/webenginequick/api/qquickwebenginesettings_p.h
index 71081c232..2fed034c1 100644
--- a/src/webenginequick/api/qquickwebenginesettings_p.h
+++ b/src/webenginequick/api/qquickwebenginesettings_p.h
@@ -57,6 +57,7 @@ class Q_WEBENGINEQUICK_PRIVATE_EXPORT QQuickWebEngineSettings : public QObject {
     Q_PROPERTY(bool dnsPrefetchEnabled READ dnsPrefetchEnabled WRITE setDnsPrefetchEnabled NOTIFY dnsPrefetchEnabledChanged REVISION(1,7) FINAL)
     Q_PROPERTY(bool pdfViewerEnabled READ pdfViewerEnabled WRITE setPdfViewerEnabled NOTIFY pdfViewerEnabledChanged REVISION(1,8) FINAL)
     Q_PROPERTY(bool navigateOnDropEnabled READ navigateOnDropEnabled WRITE setNavigateOnDropEnabled NOTIFY navigateOnDropEnabledChanged REVISION(6,4) FINAL)
+    Q_PROPERTY(bool disableReadingFromCanvas READ disableReadingFromCanvas WRITE setDisableReadingFromCanvas NOTIFY disableReadingFromCanvasChanged REVISION(6,6) FINAL)
     QML_NAMED_ELEMENT(WebEngineSettings)
     QML_ADDED_IN_VERSION(1, 1)
     QML_EXTRA_VERSION(2, 0)
@@ -104,6 +105,7 @@ public:
     bool dnsPrefetchEnabled() const;
     bool pdfViewerEnabled() const;
     bool navigateOnDropEnabled() const;
+    bool disableReadingFromCanvas() const;
 
     void setAutoLoadImages(bool on);
     void setJavascriptEnabled(bool on);
@@ -137,6 +139,7 @@ public:
     void setDnsPrefetchEnabled(bool on);
     void setPdfViewerEnabled(bool on);
     void setNavigateOnDropEnabled(bool on);
+    void setDisableReadingFromCanvas(bool on);
 
 signals:
     void autoLoadImagesChanged();
@@ -171,6 +174,7 @@ signals:
     Q_REVISION(1,7) void dnsPrefetchEnabledChanged();
     Q_REVISION(1,8) void pdfViewerEnabledChanged();
     Q_REVISION(6,4) void navigateOnDropEnabledChanged();
+    Q_REVISION(6,6) void disableReadingFromCanvasChanged();
 
 private:
     explicit QQuickWebEngineSettings(QQuickWebEngineSettings *parentSettings = nullptr);
diff --git a/tests/auto/core/qwebenginesettings/tst_qwebenginesettings.cpp b/tests/auto/core/qwebenginesettings/tst_qwebenginesettings.cpp
index e0bb604e2..f63a333c2 100644
--- a/tests/auto/core/qwebenginesettings/tst_qwebenginesettings.cpp
+++ b/tests/auto/core/qwebenginesettings/tst_qwebenginesettings.cpp
@@ -38,6 +38,8 @@ private Q_SLOTS:
     void javascriptClipboard_data();
     void javascriptClipboard();
     void setInAcceptNavigationRequest();
+    void disableReadingFromCanvas_data();
+    void disableReadingFromCanvas();
 };
 
 void tst_QWebEngineSettings::resetAttributes()
@@ -193,6 +195,48 @@ void tst_QWebEngineSettings::setInAcceptNavigationRequest()
     QCOMPARE(toPlainTextSync(&page), QStringLiteral("PASS"));
 }
 
+void tst_QWebEngineSettings::disableReadingFromCanvas_data()
+{
+    QTest::addColumn<bool>("disableReadingFromCanvas");
+    QTest::addColumn<bool>("result");
+    QTest::newRow("disabled") << false << true;
+    QTest::newRow("enabled") << true << false;
+}
+
+void tst_QWebEngineSettings::disableReadingFromCanvas()
+{
+    QFETCH(bool, disableReadingFromCanvas);
+    QFETCH(bool, result);
+
+    QWebEnginePage page;
+    QSignalSpy loadFinishedSpy(&page, SIGNAL(loadFinished(bool)));
+    page.settings()->setAttribute(QWebEngineSettings::JavascriptEnabled, true);
+    page.settings()->setAttribute(QWebEngineSettings::DisableReadingFromCanvas,
+                                  disableReadingFromCanvas);
+    page.setHtml("<html><body>"
+                 "<canvas id='myCanvas' width='200' height='40' style='border:1px solid "
+                 "#000000;'></canvas>"
+                 "</body></html>");
+    QVERIFY(loadFinishedSpy.wait());
+    QCOMPARE(page.settings()->testAttribute(QWebEngineSettings::DisableReadingFromCanvas),
+             disableReadingFromCanvas);
+
+    const QString jsCode("(function(){"
+                         "   var canvas = document.getElementById(\"myCanvas\");"
+                         "   var ctx = canvas.getContext(\"2d\");"
+                         "   ctx.fillStyle = \"rgb(255,0,255)\";"
+                         "   ctx.fillRect(0, 0, 200, 40);"
+                         "   try {"
+                         "      src = canvas.toDataURL();"
+                         "   }"
+                         "   catch(err) {"
+                         "      src = \"\";"
+                         "   }"
+                         "   return src.length ? true : false;"
+                         "})();");
+    QCOMPARE(evaluateJavaScriptSync(&page, jsCode).toBool(), result);
+}
+
 QTEST_MAIN(tst_QWebEngineSettings)
 
 #include "tst_qwebenginesettings.moc"
diff --git a/tests/auto/quick/publicapi/tst_publicapi.cpp b/tests/auto/quick/publicapi/tst_publicapi.cpp
index e18671d0c..071b5ba7e 100644
--- a/tests/auto/quick/publicapi/tst_publicapi.cpp
+++ b/tests/auto/quick/publicapi/tst_publicapi.cpp
@@ -443,6 +443,8 @@ static const QStringList expectedAPI = QStringList()
     << "QQuickWebEngineSettings.webGLEnabledChanged() --> void"
     << "QQuickWebEngineSettings.webRTCPublicInterfacesOnly --> bool"
     << "QQuickWebEngineSettings.webRTCPublicInterfacesOnlyChanged() --> void"
+    << "QQuickWebEngineSettings.disableReadingFromCanvas --> bool"
+    << "QQuickWebEngineSettings.disableReadingFromCanvasChanged() --> void"
     << "QQuickWebEngineSingleton.defaultProfile --> QQuickWebEngineProfile*"
     << "QQuickWebEngineSingleton.settings --> QQuickWebEngineSettings*"
     << "QQuickWebEngineSingleton.script() --> QWebEngineScript"
diff --git a/tests/auto/quick/qmltests/data/tst_settings.qml b/tests/auto/quick/qmltests/data/tst_settings.qml
index 11b2321e0..2f71407cf 100644
--- a/tests/auto/quick/qmltests/data/tst_settings.qml
+++ b/tests/auto/quick/qmltests/data/tst_settings.qml
@@ -78,6 +78,42 @@ TestWebEngineView {
 
             webEngineView2.destroy();
         }
+
+        function test_disableReadingFromCanvas_data() {
+            return [
+                { tag: 'disabled', disableReadingFromCanvas: false, result: true },
+                { tag: 'enabled', disableReadingFromCanvas: true, result: false },
+            ]
+        }
+
+        function test_disableReadingFromCanvas(data) {
+            webEngineView.settings.disableReadingFromCanvas = data.disableReadingFromCanvas;
+            webEngineView.loadHtml("<html><body>" +
+                                   "<canvas id='myCanvas' width='200' height='40' style='border:1px solid #000000;'></canvas>" +
+                                   "</body></html>");
+            verify(webEngineView.waitForLoadSucceeded());
+            verify(webEngineView.settings.disableReadingFromCanvas === data.disableReadingFromCanvas )
+
+            var jsCode = "(function(){" +
+                       "   var canvas = document.getElementById(\"myCanvas\");" +
+                       "   var ctx = canvas.getContext(\"2d\");" +
+                       "   ctx.fillStyle = \"rgb(255,0,255)\";" +
+                       "   ctx.fillRect(0, 0, 200, 40);" +
+                       "   try {" +
+                       "      src = canvas.toDataURL();" +
+                       "   }" +
+                       "   catch(err) {" +
+                       "      src = \"\";" +
+                       "   }" +
+                       "   return src.length ? true : false;" +
+                       "})();";
+
+            var isDataRead = false;
+            runJavaScript(jsCode, function(result) {
+                isDataRead = result
+            });
+            tryVerify(function() { return isDataRead === data.result });
+        }
     }
 }