<pre id="console"></pre>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
log = function(msg)
{
document.getElementById('console').appendChild(document.createTextNode(msg + "\n"));
}
testGetImageData = function(context, description, expectTainted)
{
if (expectTainted) {
description = "Calling getImageData() from a canvas tainted by a " + description;
} else {
description = "Calling getImageData() from an untainted canvas";
}
try {
var imageData = context.getImageData(0,0,100,100);
if (expectTainted) {
log("FAIL: " + description + " was allowed.");
} else {
log("PASS: " + description + " was allowed.");
}
} catch (e) {
if (expectTainted) {
log("PASS: " + description + " was not allowed - Threw error: " + e + ".");
} else {
log("FAIL: " + description + " was not allowed - Threw error: " + e + ".");
}
}
}
testToDataURL = function(canvas, description, expectTainted)
{
if (expectTainted) {
description = "Calling toDataURL() from a canvas tainted by a " + description;
} else {
description = "Calling toDataURL() from an untainted canvas";
}
try {
var imageData = canvas.toDataURL();
if (expectTainted) {
log("FAIL: " + description + " was allowed.");
} else {
log("PASS: " + description + " was allowed.");
}
} catch (e) {
if (expectTainted) {
log("PASS: " + description + " was not allowed - Threw error: " + e + ".");
} else {
log("FAIL: " + description + " was not allowed - Threw error: " + e + ".");
}
}
}
testTainted = function(canvas, description)
{
testGetImageData(canvas.getContext("2d"), description, true);
testToDataURL(canvas, description, true);
}
testUntainted = function(canvas)
{
testGetImageData(canvas.getContext("2d"), "", false);
testToDataURL(canvas, "", false);
}
var image = new Image();
image.onload = function() {
var canvas = document.createElement("canvas");
canvas.width = 100;
canvas.height = 100;
var context = canvas.getContext("2d");
// Control tests
log("Untainted canvas:");
testUntainted(canvas);
log("\n");
log("Tainted canvas:");
// Test reading from a canvas after drawing a remote image onto it
context.drawImage(image, 0, 0, 100, 100);
testTainted(canvas, "remote image");
var dirtyCanvas = canvas;
// Now test reading from a canvas after drawing a tainted canvas onto it
canvas = document.createElement("canvas");
canvas.width = 100;
canvas.height = 100;
testUntainted(canvas);
var context = canvas.getContext("2d");
context.drawImage(dirtyCanvas, 0, 0, 100, 100);
testTainted(canvas, "tained canvas");
// Test reading after using a tainted pattern
canvas = document.createElement("canvas");
canvas.width = 100;
canvas.height = 100;
testUntainted(canvas);
var context = canvas.getContext("2d");
var remoteImagePattern = context.createPattern(image, "repeat");
context.fillStyle = remoteImagePattern;
context.fillRect(0, 0, 100, 100);
testTainted(canvas, "remote image tainted pattern");
// Test reading after using a tainted pattern
canvas = document.createElement("canvas");
canvas.width = 100;
canvas.height = 100;
testUntainted(canvas);
var context = canvas.getContext("2d");
var taintedCanvasPattern = context.createPattern(dirtyCanvas, "repeat");
context.fillStyle = taintedCanvasPattern;
context.fillRect(0, 0, 100, 100);
testTainted(canvas, "tainted canvas pattern");
if (window.testRunner)
testRunner.notifyDone();
}
// Notice that we forget to set the image.crossOrigin property!
image.src = "http://localhost:8000/security/resources/abe-allow-star.php";
</script>
Codebase Browser
chromium