OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE html> |
| 2 <script src="../../../resources/testharness.js"></script> |
| 3 <script src="../../../resources/testharnessreport.js"></script> |
| 4 <script> |
| 5 async_test(t => { |
| 6 var image = new Image(); |
| 7 // Notice that we don't set the image.crossOrigin property. |
| 8 image.src = "http://localhost:8000/security/resources/abe-allow-star.php"; |
| 9 image.onload = function() { |
| 10 var canvas = document.createElement('canvas'); |
| 11 canvas.width = canvas.height = 10; |
| 12 var offscreen = canvas.transferControlToOffscreen(); |
| 13 var ctx = offscreen.getContext('2d'); |
| 14 ctx.drawImage(image, 0, 0); |
| 15 ctx.commit(); |
| 16 t.step(function() { |
| 17 canvas.toDataURL(); // Succeeds by not throwing |
| 18 }); |
| 19 setTimeout(function() { // sync barrier for commit() propagation |
| 20 t.step(function() { |
| 21 assert_throws("SecurityError", function() { |
| 22 canvas.toDataURL(); |
| 23 }, "Check toDataURL blocked."); |
| 24 }); |
| 25 ctx.commit(); // Second frame does not reset origin-clean flag. |
| 26 setTimeout(function() { // sync barrier for commit() propagation |
| 27 t.step(function() { |
| 28 assert_throws("SecurityError", function() { |
| 29 canvas.toDataURL(); |
| 30 }); |
| 31 }); |
| 32 t.done(); |
| 33 }, 0); |
| 34 }, 0); |
| 35 } |
| 36 }, "Verify that the placeholder <canvas> associated with an OffscreenCanvas tain
ted with cross-origin content cannot be read once commit has propagated."); |
| 37 </script> |
OLD | NEW |