blob: dfb964311826dabfa86a82f173fa464bf0176f55 [file] [log] [blame]
<!DOCTYPE html>
<script src="../../../resources/testharness.js"></script>
<script src="../../../resources/testharnessreport.js"></script>
<script>
async_test(t => {
var image = new Image();
// Notice that we don't set the image.crossOrigin property.
image.src = "http://localhost:8000/security/resources/abe-allow-star.php";
image.onload = function() {
var canvas = document.createElement('canvas');
canvas.width = canvas.height = 10;
var offscreen = canvas.transferControlToOffscreen();
var ctx = offscreen.getContext('2d');
ctx.drawImage(image, 0, 0);
ctx.commit();
t.step(function() {
canvas.toDataURL(); // Succeeds by not throwing
});
setTimeout(function() { // sync barrier for commit() propagation
t.step(function() {
assert_throws("SecurityError", function() {
canvas.toDataURL();
}, "Check toDataURL blocked.");
});
ctx.commit(); // Second frame does not reset origin-clean flag.
setTimeout(function() { // sync barrier for commit() propagation
t.step(function() {
assert_throws("SecurityError", function() {
canvas.toDataURL();
});
});
t.done();
}, 0);
}, 0);
}
}, "Verify that the placeholder <canvas> associated with an OffscreenCanvas tainted with cross-origin content cannot be read once commit has propagated.");
</script>