Allow SVG images to not taint the canvas with drawImage/drawPattern

This is a merge of by Timothy
Hatcher with a large modification to prevent leaks through embedded
images. In SVGImage::hasSingleSecurityOrigin, this patch checks
that the SVG image does not contain other images. I've reported
this to the WebKit team in

The main idea in this patch is to allow single origin images to be
drawn into a canvas by checking SVGImage::hasSingleSecurityOrigin().
At the moment we are blacklisting <foreignObject>, <image>, and

A leak of data is possible through SVG's <a> element, and this patch
disables <a> in both HTML and SVG if the content is embedded through
an SVG image (one day, we may white-list <foreignObject>).


Review URL:

git-svn-id: svn:// bbb929c8-8fbe-4397-9dbb-9b2b20218538
22 files changed