third_party/blink/web_tests/http/tests/serviceworker/resources/fetch-canvas-tainting-iframe.html - chromium/src - Git at Google

 <script src="/resources/get-host-info.js?pipe=sub"></script>
 <script src="test-helpers.js"></script>
 <script>
 var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE';
 var host_info = get_host_info();

 var NOT_TAINTED = 'NOT_TAINTED';
 var TAINTED = 'TAINTED';
 var LOAD_ERROR = 'LOAD_ERROR';

 function create_test_case_promise(url, cross_origin) {
   return new Promise(function(resolve) {
       var img = new Image();
       if (cross_origin != '') {
         img.crossOrigin = cross_origin;
       }
       img.onload = function() {
         try {
           var canvas = document.createElement('canvas');
           canvas.width = 100;
           canvas.height = 100;
           var context = canvas.getContext('2d');
           context.drawImage(img, 0, 0);
           context.getImageData(0, 0, 100, 100);
           resolve(NOT_TAINTED);
         } catch (e) {
           resolve(TAINTED);
         }
       };
       img.onerror = function() {
         resolve(LOAD_ERROR);
       }
       img.src = url;
     });
 }

 function create_test_promise(url, cross_origin, expected_result) {
   return new Promise(function(resolve, reject) {
       create_test_case_promise(url, cross_origin)
         .then(function(result) {
           if (result == expected_result) {
             resolve();
           } else {
             reject('Result of url:' + url + ' ' +
                    ' cross_origin: ' + cross_origin + ' must be ' +
                    expected_result + ' but ' + result);
           }
         })
     });
 }

 window.addEventListener('message', function(evt) {
     var port = evt.ports[0];
     var image_url = host_info['HTTP_ORIGIN'] + image_path;
     var remote_image_url = host_info['HTTP_REMOTE_ORIGIN'] + image_path;
     Promise.all([
         // Reject tests
         create_test_promise(image_url + '&reject', '', LOAD_ERROR),
         create_test_promise(image_url + '&reject', 'anonymous', LOAD_ERROR),
         create_test_promise(
             image_url + '&reject', 'use-credentials', LOAD_ERROR),
         // Fallback tests
         create_test_promise(
             image_url + '&ignore',
             '',
             NOT_TAINTED),
         create_test_promise(
             remote_image_url + '&ignore',
             '',
             TAINTED),
         create_test_promise(
             remote_image_url + '&ignore',
             'anonymous',
             LOAD_ERROR),
         create_test_promise(
             remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
             '&ignore',
             'anonymous',
             NOT_TAINTED),
         create_test_promise(
             remote_image_url + '&ignore',
             'use-credentials',
             LOAD_ERROR),
         create_test_promise(
             remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
             '&ignore',
             'use-credentials',
             LOAD_ERROR),
         create_test_promise(
             remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
             '&ACACredentials=true&ignore',
             'use-credentials',
             NOT_TAINTED),

         // Credential test (fallback)
         create_test_promise(
             image_url + '&Auth&ignore',
             '',
             NOT_TAINTED),
         create_test_promise(
             remote_image_url + '&Auth&ignore',
             '',
             TAINTED),
         create_test_promise(
             remote_image_url + '&Auth&ignore',
             'anonymous',
             LOAD_ERROR),
         create_test_promise(
             remote_image_url + '&Auth&ignore',
             'use-credentials',
             LOAD_ERROR),
         create_test_promise(
             remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
             '&ignore',
             'use-credentials',
             LOAD_ERROR),
         create_test_promise(
             remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
             '&ACACredentials=true&ignore',
             'use-credentials',
             NOT_TAINTED),

         // Basic response
         create_test_promise(
             image_url +
             '&mode=same-origin&url=' + encodeURIComponent(image_url),
             '',
             NOT_TAINTED),
         create_test_promise(
             image_url +
             '&mode=same-origin&url=' + encodeURIComponent(image_url),
             'anonymous',
             NOT_TAINTED),
         create_test_promise(
             image_url +
             '&mode=same-origin&url=' + encodeURIComponent(image_url),
             'use-credentials',
             NOT_TAINTED),
         create_test_promise(
             remote_image_url +
             '&mode=same-origin&url=' + encodeURIComponent(image_url),
             '',
             NOT_TAINTED),
         create_test_promise(
             remote_image_url +
             '&mode=same-origin&url=' + encodeURIComponent(image_url),
             'anonymous',
             NOT_TAINTED),
         create_test_promise(
             remote_image_url +
             '&mode=same-origin&url=' + encodeURIComponent(image_url),
             'use-credentials',
             NOT_TAINTED),

         // Opaque response
         create_test_promise(
             image_url +
             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
             '',
             TAINTED),
         create_test_promise(
             image_url +
             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
             'anonymous',
             LOAD_ERROR),
         create_test_promise(
             image_url +
             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
             'use-credentials',
             LOAD_ERROR),
         create_test_promise(
             remote_image_url +
             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
             '',
             TAINTED),
         create_test_promise(
             remote_image_url +
             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
             'anonymous',
             LOAD_ERROR),
         create_test_promise(
             remote_image_url +
             '&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
             'use-credentials',
             LOAD_ERROR),

         // CORS response
         create_test_promise(
             image_url +
             '&mode=cors&url=' +
             encodeURIComponent(remote_image_url +
                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
             '',
             NOT_TAINTED),
         create_test_promise(
             image_url +
             '&mode=cors&url=' +
             encodeURIComponent(remote_image_url +
                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
             'anonymous',
             NOT_TAINTED),
         create_test_promise(
             image_url +
             '&mode=cors&url=' +
             encodeURIComponent(remote_image_url +
                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
             'use-credentials',
             NOT_TAINTED),
         create_test_promise(
             image_url +
             '&mode=cors&url=' +
             encodeURIComponent(
                 remote_image_url +
                 '&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']),
             'use-credentials',
             NOT_TAINTED),
         create_test_promise(
             remote_image_url +
             '&mode=cors&url=' +
             encodeURIComponent(remote_image_url +
                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
             '',
             NOT_TAINTED),
         create_test_promise(
             remote_image_url +
             '&mode=cors&url=' +
             encodeURIComponent(remote_image_url +
                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
             'anonymous',
             NOT_TAINTED),
         create_test_promise(
             remote_image_url +
             '&mode=cors&url=' +
             encodeURIComponent(remote_image_url +
                                '&ACAOrigin=' + host_info['HTTP_ORIGIN']),
             'use-credentials',
             NOT_TAINTED),
         create_test_promise(
             remote_image_url +
             '&mode=cors&url=' +
             encodeURIComponent(
                 remote_image_url +
                 '&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']),
             'use-credentials',
             NOT_TAINTED)
       ])
       .then(function() {
           port.postMessage({results: 'finish'});
         })
       .catch(function(e) {
           port.postMessage({results: 'failure:' + e});
         });
   }, false);
 </script>
	<script src="/resources/get-host-info.js?pipe=sub"></script>
	<script src="test-helpers.js"></script>
	<script>
	var image_path = base_path() + 'fetch-access-control.php?PNGIMAGE';
	var host_info = get_host_info();

	var NOT_TAINTED = 'NOT_TAINTED';
	var TAINTED = 'TAINTED';
	var LOAD_ERROR = 'LOAD_ERROR';

	function create_test_case_promise(url, cross_origin) {
	return new Promise(function(resolve) {
	var img = new Image();
	if (cross_origin != '') {
	img.crossOrigin = cross_origin;
	}
	img.onload = function() {
	try {
	var canvas = document.createElement('canvas');
	canvas.width = 100;
	canvas.height = 100;
	var context = canvas.getContext('2d');
	context.drawImage(img, 0, 0);
	context.getImageData(0, 0, 100, 100);
	resolve(NOT_TAINTED);
	} catch (e) {
	resolve(TAINTED);
	}
	};
	img.onerror = function() {
	resolve(LOAD_ERROR);
	}
	img.src = url;
	});
	}

	function create_test_promise(url, cross_origin, expected_result) {
	return new Promise(function(resolve, reject) {
	create_test_case_promise(url, cross_origin)
	.then(function(result) {
	if (result == expected_result) {
	resolve();
	} else {
	reject('Result of url:' + url + ' ' +
	' cross_origin: ' + cross_origin + ' must be ' +
	expected_result + ' but ' + result);
	}
	})
	});
	}

	window.addEventListener('message', function(evt) {
	var port = evt.ports[0];
	var image_url = host_info['HTTP_ORIGIN'] + image_path;
	var remote_image_url = host_info['HTTP_REMOTE_ORIGIN'] + image_path;
	Promise.all([
	// Reject tests
	create_test_promise(image_url + '&reject', '', LOAD_ERROR),
	create_test_promise(image_url + '&reject', 'anonymous', LOAD_ERROR),
	create_test_promise(
	image_url + '&reject', 'use-credentials', LOAD_ERROR),
	// Fallback tests
	create_test_promise(
	image_url + '&ignore',
	'',
	NOT_TAINTED),
	create_test_promise(
	remote_image_url + '&ignore',
	'',
	TAINTED),
	create_test_promise(
	remote_image_url + '&ignore',
	'anonymous',
	LOAD_ERROR),
	create_test_promise(
	remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
	'&ignore',
	'anonymous',
	NOT_TAINTED),
	create_test_promise(
	remote_image_url + '&ignore',
	'use-credentials',
	LOAD_ERROR),
	create_test_promise(
	remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
	'&ignore',
	'use-credentials',
	LOAD_ERROR),
	create_test_promise(
	remote_image_url + '&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
	'&ACACredentials=true&ignore',
	'use-credentials',
	NOT_TAINTED),

	// Credential test (fallback)
	create_test_promise(
	image_url + '&Auth&ignore',
	'',
	NOT_TAINTED),
	create_test_promise(
	remote_image_url + '&Auth&ignore',
	'',
	TAINTED),
	create_test_promise(
	remote_image_url + '&Auth&ignore',
	'anonymous',
	LOAD_ERROR),
	create_test_promise(
	remote_image_url + '&Auth&ignore',
	'use-credentials',
	LOAD_ERROR),
	create_test_promise(
	remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
	'&ignore',
	'use-credentials',
	LOAD_ERROR),
	create_test_promise(
	remote_image_url + '&Auth&ACAOrigin=' + host_info['HTTP_ORIGIN'] +
	'&ACACredentials=true&ignore',
	'use-credentials',
	NOT_TAINTED),

	// Basic response
	create_test_promise(
	image_url +
	'&mode=same-origin&url=' + encodeURIComponent(image_url),
	'',
	NOT_TAINTED),
	create_test_promise(
	image_url +
	'&mode=same-origin&url=' + encodeURIComponent(image_url),
	'anonymous',
	NOT_TAINTED),
	create_test_promise(
	image_url +
	'&mode=same-origin&url=' + encodeURIComponent(image_url),
	'use-credentials',
	NOT_TAINTED),
	create_test_promise(
	remote_image_url +
	'&mode=same-origin&url=' + encodeURIComponent(image_url),
	'',
	NOT_TAINTED),
	create_test_promise(
	remote_image_url +
	'&mode=same-origin&url=' + encodeURIComponent(image_url),
	'anonymous',
	NOT_TAINTED),
	create_test_promise(
	remote_image_url +
	'&mode=same-origin&url=' + encodeURIComponent(image_url),
	'use-credentials',
	NOT_TAINTED),

	// Opaque response
	create_test_promise(
	image_url +
	'&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
	'',
	TAINTED),
	create_test_promise(
	image_url +
	'&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
	'anonymous',
	LOAD_ERROR),
	create_test_promise(
	image_url +
	'&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
	'use-credentials',
	LOAD_ERROR),
	create_test_promise(
	remote_image_url +
	'&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
	'',
	TAINTED),
	create_test_promise(
	remote_image_url +
	'&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
	'anonymous',
	LOAD_ERROR),
	create_test_promise(
	remote_image_url +
	'&mode=no-cors&url=' + encodeURIComponent(remote_image_url),
	'use-credentials',
	LOAD_ERROR),

	// CORS response
	create_test_promise(
	image_url +
	'&mode=cors&url=' +
	encodeURIComponent(remote_image_url +
	'&ACAOrigin=' + host_info['HTTP_ORIGIN']),
	'',
	NOT_TAINTED),
	create_test_promise(
	image_url +
	'&mode=cors&url=' +
	encodeURIComponent(remote_image_url +
	'&ACAOrigin=' + host_info['HTTP_ORIGIN']),
	'anonymous',
	NOT_TAINTED),
	create_test_promise(
	image_url +
	'&mode=cors&url=' +
	encodeURIComponent(remote_image_url +
	'&ACAOrigin=' + host_info['HTTP_ORIGIN']),
	'use-credentials',
	NOT_TAINTED),
	create_test_promise(
	image_url +
	'&mode=cors&url=' +
	encodeURIComponent(
	remote_image_url +
	'&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']),
	'use-credentials',
	NOT_TAINTED),
	create_test_promise(
	remote_image_url +
	'&mode=cors&url=' +
	encodeURIComponent(remote_image_url +
	'&ACAOrigin=' + host_info['HTTP_ORIGIN']),
	'',
	NOT_TAINTED),
	create_test_promise(
	remote_image_url +
	'&mode=cors&url=' +
	encodeURIComponent(remote_image_url +
	'&ACAOrigin=' + host_info['HTTP_ORIGIN']),
	'anonymous',
	NOT_TAINTED),
	create_test_promise(
	remote_image_url +
	'&mode=cors&url=' +
	encodeURIComponent(remote_image_url +
	'&ACAOrigin=' + host_info['HTTP_ORIGIN']),
	'use-credentials',
	NOT_TAINTED),
	create_test_promise(
	remote_image_url +
	'&mode=cors&url=' +
	encodeURIComponent(
	remote_image_url +
	'&ACACredentials=true&ACAOrigin=' + host_info['HTTP_ORIGIN']),
	'use-credentials',
	NOT_TAINTED)
	])
	.then(function() {
	port.postMessage({results: 'finish'});
	})
	.catch(function(e) {
	port.postMessage({results: 'failure:' + e});
	});
	}, false);
	</script>