<!DOCTYPE html>
<script src="../../resources/testharness.js"></script>
<script src="../../resources/testharnessreport.js"></script>
<script>
function verifyOffscreenCanvasTaintedThenDone(offscreen, t) {
assert_throws_dom("SecurityError", function() {
offscreen.getContext("2d").getImageData(0, 0, 1, 1);
}, "Check getImageData blocked.");
offscreen.convertToBlob().then(
function() {
assert_unreached("Promise returned by convertToBlob was resolved.");
t.done();
},
rejectionValue => {
assert_equals(rejectionValue.name, "SecurityError");
t.done();
}
);
}
async_test(t => {
var image = new Image();
// Notice that we don't set the image.crossOrigin property.
image.src = "http://localhost:8000/security/resources/abe-allow-star.php";
image.onload = function() {
var offscreen = new OffscreenCanvas(10, 10);
var ctx = offscreen.getContext('2d');
ctx.drawImage(image, 0, 0);
t.step(function() {
verifyOffscreenCanvasTaintedThenDone(offscreen, t);
});
}
}, "Verify that an OffscreenCanvas tainted with cross-origin content cannot be read.");
async_test(t => {
var image = new Image();
// Notice that we don't set the image.crossOrigin property.
image.src = "http://localhost:8000/security/resources/abe-allow-star.php";
image.onload = function() {
var offscreen = new OffscreenCanvas(10, 10);
var ctx = offscreen.getContext('2d');
ctx.drawImage(image, 0, 0);
createImageBitmap(offscreen).then(imageBitmap => {
var offscreen2 = new OffscreenCanvas(10, 10);
var ctx2 = offscreen2.getContext('2d');
ctx2.drawImage(imageBitmap, 0, 0);
t.step(function() {
verifyOffscreenCanvasTaintedThenDone(offscreen, t);
});
})
}
}, "Verify that createImageBitmap(OffscreenCanvas) propagates the origin-clean flag.");
</script>
Codebase Browser
chromium