<!DOCTYPE html>
<html>
<body>
<canvas id='output' width='200' height='400'></canvas>
<script src="/js-test-resources/js-test.js"></script>
<script>
description("A tainted imagebitmap drawn to OffscrenCanvas cannot be transfered");
window.jsTestIsAsync = true;
var image = document.createElement('img');
image.src = 'http://localhost:8080/security/resources/abe.png';
image.addEventListener('load', function() {
createImageBitmap(image, 0, 0, 10, 10).then(
function(originalImagebitmap) {
const aCanvas = new OffscreenCanvas(200, 400);
const ctx = aCanvas.getContext('2d');
// Draw a tainted imagebitmap into OffscreenCanvas 2d
ctx.drawImage(originalImagebitmap, 0, 0, 10, 10);
const newImageBitmap = aCanvas.transferToImageBitmap();
try {
window.postMessage(newImageBitmap, [newImageBitmap]);
testFailed("A tainted ImageBitmap cannot be transferred");
finishJSTest();
} catch (e) {
testPassed("A tainted ImageBitmap cannot be transferred");
finishJSTest();
}
}).catch((e) => {
testFailed("Image rejected unexpectedly. ");
debug(e);
});
});
</script>
</body>
</html>
Codebase Browser
chromium