Allow SVG images to not taint the canvas with drawImage/drawPattern

This is a merge of http://trac.webkit.org/changeset/153876 by Timothy
Hatcher with a large modification to prevent leaks through embedded
images. In SVGImage::hasSingleSecurityOrigin, this patch checks
that the SVG image does not contain other images. I've reported
this to the WebKit team in wkbug.com/119639

The main idea in this patch is to allow single origin images to be
drawn into a canvas by checking SVGImage::hasSingleSecurityOrigin().
At the moment we are blacklisting <foreignObject>, <image>, and
<feImage>.

A leak of data is possible through SVG's <a> element, and this patch
disables <a> in both HTML and SVG if the content is embedded through
an SVG image (one day, we may white-list <foreignObject>).

BUG=249037

Review URL: https://chromiumcodereview.appspot.com/22604008

git-svn-id: svn://svn.chromium.org/blink/trunk@156422 bbb929c8-8fbe-4397-9dbb-9b2b20218538
22 files changed