| <!DOCTYPE html> |
| <script src="../../resources/testharness.js"></script> |
| <script src="../../resources/testharnessreport.js"></script> |
| <script> |
| |
| function verifyOffscreenCanvasTaintedThenDone(offscreen, t) { |
| assert_throws("SecurityError", function() { |
| offscreen.getContext("2d").getImageData(0, 0, 1, 1); |
| }, "Check getImageData blocked."); |
| offscreen.convertToBlob().then( |
| function() { |
| assert_unreached("Promise returned by convertToBlob was resolved."); |
| t.done(); |
| }, |
| rejectionValue => { |
| assert_equals(rejectionValue.name, "SecurityError"); |
| t.done(); |
| } |
| ); |
| } |
| |
| async_test(t => { |
| var image = new Image(); |
| // Notice that we don't set the image.crossOrigin property. |
| image.src = "http://localhost:8000/security/resources/abe-allow-star.php"; |
| image.onload = function() { |
| var offscreen = new OffscreenCanvas(10, 10); |
| var ctx = offscreen.getContext('2d'); |
| ctx.drawImage(image, 0, 0); |
| t.step(function() { |
| verifyOffscreenCanvasTaintedThenDone(offscreen, t); |
| }); |
| } |
| }, "Verify that an OffscreenCanvas tainted with cross-origin content cannot be read."); |
| |
| async_test(t => { |
| var image = new Image(); |
| // Notice that we don't set the image.crossOrigin property. |
| image.src = "http://localhost:8000/security/resources/abe-allow-star.php"; |
| image.onload = function() { |
| var offscreen = new OffscreenCanvas(10, 10); |
| var ctx = offscreen.getContext('2d'); |
| ctx.drawImage(image, 0, 0); |
| createImageBitmap(offscreen).then(imageBitmap => { |
| var offscreen2 = new OffscreenCanvas(10, 10); |
| var ctx2 = offscreen2.getContext('2d'); |
| ctx2.drawImage(imageBitmap, 0, 0); |
| t.step(function() { |
| verifyOffscreenCanvasTaintedThenDone(offscreen, t); |
| }); |
| }) |
| } |
| }, "Verify that createImageBitmap(OffscreenCanvas) propagates the origin-clean flag."); |
| |
| |
| |
| |
| |
| </script> |