Add a origin clean flag in ImageBitmap class

third_party/WebKit/LayoutTests/http/tests/security/cross-origin-createImageBitmap.html

Index: third_party/WebKit/LayoutTests/http/tests/security/cross-origin-createImageBitmap.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/cross-origin-createImageBitmap.html b/third_party/WebKit/LayoutTests/http/tests/security/cross-origin-createImageBitmap.html
index b5b56246330c1651dda1cd7b99ac56b1721b2f14..fd3d9d504407019bf15c576ee63aee715574db05 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/cross-origin-createImageBitmap.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/cross-origin-createImageBitmap.html
@@ -3,22 +3,37 @@
 <body>
 <script src="/js-test-resources/js-test.js"></script>
 <script>
-description("The image bitmap factories should throw exceptions on cross-origin access.");
+description("The image bitmap factories should not throw exceptions on cross-origin access.");
 
 window.jsTestIsAsync = true;
 var reason;
 
-function shouldBeRejected(promise, message) {
-    return promise.then(function() {
-        testFailed('Resolved unexpectedly: ' + message);
+function shouldBeAccepted(promise, message) {

[Justin Novosad, 2015/12/29 17:33:50]

-> shouldBeAcceptedAndTainted

[xidachen, 2015/12/30 17:45:30]

Done.

+    return promise.then(function(imageBitmap) {
+        testPassed('Resolved as expected: ' + message);
+        shouldBeTaint(imageBitmap);
     }, function(e) {
         reason = e;
-        testPassed('Rejected as expected: ' + message);
+        testFailed('Rejected unexpectedly: ' + message);
         shouldBeTrue('reason instanceof Error');
         debug(e);
     });
 }
 
+function shouldBeTaint(imageBitmap) {

[Justin Novosad, 2015/12/29 17:33:50]

-> shouldBeTainted

[xidachen, 2015/12/30 17:45:30]

Done.

+    var canvas = document.createElement("canvas");
+    canvas.width = 10;
+    canvas.height = 10;
+    var context = canvas.getContext("2d");
+    context.drawImage(imageBitmap, 0, 0, 10, 10);
+    try {
+        var imageData = context.getImageData(0, 0, 10, 10);
+        testFailed("FAIL: ImageBitmap is not tainted.");
+    } catch (e) {
+        testPassed("PASS: ImageBitmap is tainted. Threw error: " + e);
+    }
+}
+
 Promise.resolve().then(function() {
     return new Promise(function(resolve, reject) {
         var image = document.createElement('img');
@@ -26,7 +41,30 @@ Promise.resolve().then(function() {
         image.src = 'http://localhost:8080/security/resources/abe.png';

[Justin Novosad, 2015/12/29 17:33:50]

This image is being re-use repeatedly now. I would suggest simplifying the test
by loading the image once into a global scope var and running the Promise chain
from the image onload handler

[xidachen, 2015/12/30 17:45:31]

Done.

         document.body.appendChild(image);
     }).then(function(image) {
-        return shouldBeRejected(createImageBitmap(image, 0, 0, 10, 10), 'image');
+        return shouldBeAccepted(createImageBitmap(image, 0, 0, 10, 10), 'image');
+    });
+}).then(function() {
+    return new Promise(function(resolve, reject) {
+        var image = document.createElement('img');
+        image.addEventListener('load', resolve.bind(undefined, image));

[Justin Novosad, 2015/12/29 17:33:50]

This is not right. you are resolving the promise with the image element instead
of the intended image bitmap.

[xidachen, 2015/12/30 17:45:31]

Done.

+        image.src = 'http://localhost:8080/security/resources/abe.png';
+        document.body.appendChild(image);
+        var imageBitmap = createImageBitmap(image);

[Justin Novosad, 2015/12/29 17:33:50]

This is not correct 'imageBitmap' is a promise object, and it is just dropped on
the floor here.

[xidachen, 2015/12/30 17:45:31]

Done.

+    }).then(function(imageBitmap) {
+        return shouldBeAccepted(createImageBitmap(imageBitmap, 0, 0, 10, 10), 'imageBitmap');
+    });
+}).then(function() {
+    return new Promise(function(resolve, reject) {
+        var image = document.createElement('img');
+        image.addEventListener('load', resolve.bind(undefined, image));

[Justin Novosad, 2015/12/29 17:33:50]

This is not right. You want to resolve the promise with the canvas created
below.

[xidachen, 2015/12/30 17:45:31]

Done.

+        image.src = 'http://localhost:8080/security/resources/abe.png';
+        var canvas = document.createElement("canvas");
+        canvas.width = 10;
+        canvas.height = 10;
+        var context = canvas.getContext("2d");
+        context.drawImage(image, 0, 0, 10, 10);
+    }).then(function(canvas) {
+        return shouldBeAccepted(createImageBitmap(canvas, 0, 0, 10, 10), 'canvas');
     });
 }).then(function() {
     return new Promise(function(resolve, reject) {
@@ -36,7 +74,7 @@ Promise.resolve().then(function() {
         document.body.appendChild(video);
         video.play();
     }).then(function(video) {
-        return shouldBeRejected(createImageBitmap(video, 0, 0, 10, 10), 'video');
+        return shouldBeAccepted(createImageBitmap(video, 0, 0, 10, 10), 'video');
     });
 }).catch(function(e) {
     testFailed('Unexpected rejection: ' + e);