1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99


content / test / data / loader / image-taint.html [blame]

<!DOCTYPE html>
<body>
<script>

function fail() {
  document.title = 'FAIL';
}

function pass() {
  if (!document.title)
    document.title = 'PASS';
}

function should_throw(test) {
  try {
    test();
    fail();
  } catch (e) {
    if (e.name != 'SecurityError')
      fail();
  }
}

const runNoCorsTest = function () {
  const image = new Image();
  image.src = './empty16x16.png';
  image.onerror = fail;
  image.onload = () => {
    const canvas = document.createElement('canvas');
    document.body.appendChild(canvas);
    const ctx = canvas.getContext('2d');
    ctx.drawImage(image, 0, 0, image.width, image.height);
    should_throw(() => { ctx.getImageData(0, 0, canvas.width, canvas.height); });
    should_throw(() => { canvas.toBlob(fail); });
    should_throw(() => { canvas.toDataURL(); });
    pass();
  }
}

const runCorsTest = function () {
  const image = new Image();
  image.setAttribute('crossorigin', '');
  image.src = './empty16x16.png';
  image.onload = fail;
  image.onerror = pass;
}

const runNoCorsTestWithoutSecurity = function () {
  const image = new Image();
  image.src = './empty16x16.png';
  image.onerror = fail;
  image.onload = () => {
    const canvas = document.createElement('canvas');
    document.body.appendChild(canvas);
    const ctx = canvas.getContext('2d');
    ctx.drawImage(image, 0, 0, image.width, image.height);
    try {
      ctx.getImageData(0, 0, canvas.width, canvas.height);
      canvas.toBlob(() => {});
      canvas.toDataURL();
      pass();
    } catch (e) {
      fail();
    }
  }
}

const runCorsTestWithoutSecurity = function () {
  const image = new Image();
  image.setAttribute('crossorigin', '');
  image.src = './empty16x16.png';
  image.onerror = fail;
  image.onload = () => {
    const canvas = document.createElement('canvas');
    document.body.appendChild(canvas);
    const ctx = canvas.getContext('2d');
    ctx.drawImage(image, 0, 0, image.width, image.height);
    try {
      ctx.getImageData(0, 0, canvas.width, canvas.height);
      canvas.toBlob(() => {});
      canvas.toDataURL();
      pass();
    } catch (e) {
      fail();
    }
  }
}

const tests = {
  'no_cors': runNoCorsTest,
  'cors': runCorsTest,
  'no_cors_with_file_access': runNoCorsTestWithoutSecurity,
  'cors_with_file_access': runCorsTestWithoutSecurity,
  'no_cors_with_disable_web_security': runNoCorsTestWithoutSecurity,
  'cors_with_disable_web_security': runCorsTestWithoutSecurity,
}[(new URL(location.href)).searchParams.get('test')]();

</script>
</body>