chromium/third_party/blink/web_tests/http/tests/security/cross-origin-OffscreenCanvasWebGL-texImage2D.html

<!DOCTYPE html>
<html>
<body>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>

function startTest(imageSourceElement, imageSourceType) {
    var offscreenCanvas = new OffscreenCanvas(10, 10);
    var gl = offscreenCanvas.getContext("webgl");
    var texture = gl.createTexture();
    gl.bindTexture(gl.TEXTURE_2D, texture);

    assert_throws_dom("SecurityError", function() {
      gl.texImage2D(gl.TEXTURE_2D, 0, gl.RGBA, gl.RGBA, gl.UNSIGNED_BYTE, imageSourceElement);
    }, "cross-origin " + imageSourceType + " should be tainted");
}

var t = async_test("cross-origin image/canvas passed to Offscreen webgl texImage2D should be thrown");
var image = document.createElement('img');
image.addEventListener("load", function() {
      t.step(function() {
         startTest(image, "image");
      });

      var canvas = document.createElement("canvas");
      canvas.width = 10;
      canvas.height = 10;
      var context = canvas.getContext("2d");
      // taint the canvas
      context.drawImage(image, 0, 0, 10, 10);
      t.step(function() {
        startTest(canvas, "canvas");
        t.done();
      });

});
image.src = 'http://localhost:8080/security/resources/abe.png';

var t2 = async_test("cross-origin video passed to Offscreen webgl texImage2D should be thrown");
var video = document.createElement('video');
video.src = 'http://localhost:8080/media/resources/load-video.php?name=test.ogv&amp;type=video/ogv';
document.body.appendChild(video);
video.addEventListener("playing", function() {
  t2.step(function() {
     startTest(video, "video");
     t2.done();
  });
});
video.play();

</script>
</body>
</html>