1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
content / test / data / loader / image-taint.html [blame]
<!DOCTYPE html>
<body>
<script>
function fail() {
document.title = 'FAIL';
}
function pass() {
if (!document.title)
document.title = 'PASS';
}
function should_throw(test) {
try {
test();
fail();
} catch (e) {
if (e.name != 'SecurityError')
fail();
}
}
const runNoCorsTest = function () {
const image = new Image();
image.src = './empty16x16.png';
image.onerror = fail;
image.onload = () => {
const canvas = document.createElement('canvas');
document.body.appendChild(canvas);
const ctx = canvas.getContext('2d');
ctx.drawImage(image, 0, 0, image.width, image.height);
should_throw(() => { ctx.getImageData(0, 0, canvas.width, canvas.height); });
should_throw(() => { canvas.toBlob(fail); });
should_throw(() => { canvas.toDataURL(); });
pass();
}
}
const runCorsTest = function () {
const image = new Image();
image.setAttribute('crossorigin', '');
image.src = './empty16x16.png';
image.onload = fail;
image.onerror = pass;
}
const runNoCorsTestWithoutSecurity = function () {
const image = new Image();
image.src = './empty16x16.png';
image.onerror = fail;
image.onload = () => {
const canvas = document.createElement('canvas');
document.body.appendChild(canvas);
const ctx = canvas.getContext('2d');
ctx.drawImage(image, 0, 0, image.width, image.height);
try {
ctx.getImageData(0, 0, canvas.width, canvas.height);
canvas.toBlob(() => {});
canvas.toDataURL();
pass();
} catch (e) {
fail();
}
}
}
const runCorsTestWithoutSecurity = function () {
const image = new Image();
image.setAttribute('crossorigin', '');
image.src = './empty16x16.png';
image.onerror = fail;
image.onload = () => {
const canvas = document.createElement('canvas');
document.body.appendChild(canvas);
const ctx = canvas.getContext('2d');
ctx.drawImage(image, 0, 0, image.width, image.height);
try {
ctx.getImageData(0, 0, canvas.width, canvas.height);
canvas.toBlob(() => {});
canvas.toDataURL();
pass();
} catch (e) {
fail();
}
}
}
const tests = {
'no_cors': runNoCorsTest,
'cors': runCorsTest,
'no_cors_with_file_access': runNoCorsTestWithoutSecurity,
'cors_with_file_access': runCorsTestWithoutSecurity,
'no_cors_with_disable_web_security': runNoCorsTestWithoutSecurity,
'cors_with_disable_web_security': runCorsTestWithoutSecurity,
}[(new URL(location.href)).searchParams.get('test')]();
</script>
</body>