Rename TaintsCanvas to CanAccessData and use in CSSStyleSheet

Since data URLs are same-origin, their CSSStyleSheet elements should be
accessible without throwing a SecurityError. TaintsCanvas had an
appropriate check for this, but was named incorrectly for this use
case. Rename TaintsCanvas to CanAccessData, reversing the boolean
condition, and use the new method in CSSStyleSheet::CanAccessRules.

Bug: 813826
Change-Id: Ie49eecfca92af31f27a3584a64bf494083ef4742
Reviewed-on: https://chromium-review.googlesource.com/963401Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Chris Nardi <cnardi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543675}

third_party/WebKit/LayoutTests/external/wpt/css/cssom/stylesheet-same-origin.sub-expected.txt

-This is a testharness.js-based test.
-PASS Origin-clean check in cross-origin CSSOM Stylesheets
-PASS Origin-clean check in same-origin CSSOM Stylesheets
-FAIL Origin-clean check in data:css CSSOM Stylesheets Failed to read the 'cssRules' property from 'CSSStyleSheet': Cannot access rules
-Harness: the test ran to completion.
-

third_party/WebKit/Source/core/css/CSSStyleSheet.cpp

@@ -309,7 +309,7 @@ bool CSSStyleSheet::CanAccessRules() const {
     return true;
   if (document->GetStyleEngine().InspectorStyleSheet() == this)
     return true;
-  if (document->GetSecurityOrigin()->CanRequest(base_url))
+  if (document->GetSecurityOrigin()->CanReadContent(base_url))
     return true;
   if (allow_rule_access_from_origin_ &&
       document->GetSecurityOrigin()->CanAccess(

third_party/WebKit/Source/core/html/media/HTMLMediaElement.cpp

@@ -1490,12 +1490,12 @@ bool HTMLMediaElement::IsMediaDataCORSSameOrigin(
     return false;
 
   // DidPassCORSAccessCheck() means it was a successful CORS-enabled fetch (vs.
-  // non-CORS-enabled or failed). TaintsCanvas() does CheckAccess() on the URL
-  // plus allows data sources, to ensure that it is not a URL that requires
+  // non-CORS-enabled or failed). CanReadContent() does CheckAccess() on the
+  // URL plus allows data sources, to ensure that it is not a URL that requires
   // CORS (basically same origin).
   return (GetWebMediaPlayer() &&
           GetWebMediaPlayer()->DidPassCORSAccessCheck()) ||
-         !origin->TaintsCanvas(currentSrc());
+         origin->CanReadContent(currentSrc());
 }
 
 bool HTMLMediaElement::IsInCrossOriginFrame() const {

third_party/WebKit/Source/core/loader/resource/ImageResource.cpp

@@ -677,7 +677,7 @@ bool ImageResource::IsAccessAllowed(
   if (PassesAccessControlCheck(*security_origin))
     return true;
 
-  return !security_origin->TaintsCanvas(GetResponse().Url());
+  return security_origin->CanReadContent(GetResponse().Url());
 }
 
 ImageResourceContent* ImageResource::GetContent() {

third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp

@@ -318,20 +318,16 @@ bool SecurityOrigin::CanRequest(const KURL& url) const {
   return false;
 }
 
-bool SecurityOrigin::TaintsCanvas(const KURL& url) const {
+bool SecurityOrigin::CanReadContent(const KURL& url) const {
   if (CanRequest(url))
-    return false;
+    return true;
 
-  // This function exists because we treat data URLs as having a unique origin,
-  // contrary to the current (9/19/2009) draft of the HTML5 specification.
-  // We still want to let folks paint data URLs onto untainted canvases, so
-  // we special case data URLs below. If we change to match HTML5 w.r.t.
-  // data URL security, then we can remove this function in favor of
-  // !canRequest.
+  // This function exists because we treat data URLs as having a unique opaque
+  // origin, see https://fetch.spec.whatwg.org/#main-fetch.
   if (url.ProtocolIsData())
-    return false;
+    return true;
 
-  return true;
+  return false;
 }
 
 bool SecurityOrigin::CanDisplay(const KURL& url) const {

third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h

@@ -110,10 +110,10 @@ class PLATFORM_EXPORT SecurityOrigin : public RefCounted<SecurityOrigin> {
   // XMLHttpRequests.
   bool CanRequest(const KURL&) const;
 
-  // Returns true if drawing an image from this URL taints a canvas from
-  // this security origin. For example, call this function before
-  // drawing an image onto an HTML canvas element with the drawImage API.
-  bool TaintsCanvas(const KURL&) const;
+  // Returns true if content from this URL can be read without CORS from this
+  // security origin. For example, call this function before drawing an image
+  // onto an HTML canvas element with the drawImage API.
+  bool CanReadContent(const KURL&) const;
 
   // Returns true if |document| can display content from the given URL (e.g.,
   // in an iframe or as an image). For example, web sites generally cannot