Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/canvas-remote-read-remote-image-redirect.html 

<pre id="console"></pre>
<script>
if (window.testRunner) {
    testRunner.dumpAsText();
    testRunner.waitUntilDone();
}

log = function(msg)
{
    document.getElementById('console').appendChild(document.createTextNode(msg + "\n"));
}

testGetImageData = function(context, description)
{
    description = "Calling getImageData() from a canvas tainted by a " + description;
    try {
        var imageData = context.getImageData(0,0,100,100);
        log("FAIL: " + description + " was allowed.");
    } catch (e) {
        log("PASS: " + description + " was not allowed - Threw error: " + e + ".");
    }
}

testToDataURL = function(canvas, description)
{
    description = "Calling toDataURL() on a canvas tainted by a " + description;
    try {
        var dataURL = canvas.toDataURL();
        log("FAIL: " + description + " was allowed.");
    } catch (e) {
        log("PASS: " + description + " was not allowed - Threw error: " + e + ".");
    }
}

test = function(canvas, description)
{
    testGetImageData(canvas.getContext("2d"), description);
    testToDataURL(canvas, description);
}

var image = new Image();
image.onload = function() {
    var canvas = document.createElement("canvas");
    canvas.width = 100;
    canvas.height = 100;
    var context = canvas.getContext("2d");

    // Control tests
    log("Untainted canvas:");
    try {
        var imageData = context.getImageData(0, 0, 100, 100);
        log("PASS: Calling getImageData() from an untainted canvas was allowed.");
    } catch (e) {
        log("FAIL: Calling getImageData() from an untainted canvas was not allowed: Threw error: " + e + ".");
    }
    try {
        var dataURL = canvas.toDataURL();
        log("PASS: Calling toDataURL() on an untainted canvas was allowed.");
    } catch (e) {
        log("FAIL: Calling toDataURL() on an untainted canvas was not allowed: Threw error: " + e + ".");
    }

    log("\n");
    log("Tainted canvas:");
    // Test reading from a canvas after drawing a remote image onto it
    context.drawImage(image, 0, 0, 100, 100);

    test(canvas, "remote image");

    var dirtyCanvas = canvas;

    // Now test reading from a canvas after drawing a tainted canvas onto it
    canvas = document.createElement("canvas");
    canvas.width = 100;
    canvas.height = 100;
    var context = canvas.getContext("2d");
    context.drawImage(dirtyCanvas, 0, 0, 100, 100);

    test(canvas, "tainted canvas");

    // Test reading after using a tainted pattern
    canvas = document.createElement("canvas");
    canvas.width = 100;
    canvas.height = 100;
    var context = canvas.getContext("2d");
    var remoteImagePattern = context.createPattern(image, "repeat");
    context.fillStyle = remoteImagePattern;
    context.fillRect(0, 0, 100, 100);

    test(canvas, "remote image tainted pattern");

    // Test reading after using a tainted pattern
    canvas = document.createElement("canvas");
    canvas.width = 100;
    canvas.height = 100;
    var context = canvas.getContext("2d");
    var taintedCanvasPattern = context.createPattern(dirtyCanvas, "repeat");
    context.fillStyle = taintedCanvasPattern;
    context.fillRect(0, 0, 100, 100);

    test(canvas, "tainted canvas pattern");

    if (window.testRunner)
        testRunner.notifyDone();
}
image.src = "resources/redir.php?url=http://localhost:8000/security/resources/abe.png";
</script>