Index: third_party/WebKit/LayoutTests/http/tests/security/offscreencanvas-read-blocked-no-crossorigin.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/offscreencanvas-read-blocked-no-crossorigin.html b/third_party/WebKit/LayoutTests/http/tests/security/offscreencanvas-read-blocked-no-crossorigin.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..e88521b186b800a307dec0338319fd9146e56e8b |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/security/offscreencanvas-read-blocked-no-crossorigin.html |
@@ -0,0 +1,59 @@ |
+<!DOCTYPE html> |
+<script src="../../resources/testharness.js"></script> |
+<script src="../../resources/testharnessreport.js"></script> |
+<script> |
+ |
+function verifyOffscreenCanvasTaintedThenDone(offscreen, t) { |
+ assert_throws("SecurityError", function() { |
+ offscreen.getContext("2d").getImageData(0, 0, 1, 1); |
+ }, "Check getImageData blocked."); |
+ offscreen.convertToBlob().then( |
+ function() { |
+ assert_unreached("Promise returned by convertToBlob was resolved."); |
+ t.done(); |
+ }, |
+ rejectionValue => { |
+ assert_equals(rejectionValue.name, "SecurityError"); |
+ t.done(); |
+ } |
+ ); |
+} |
+ |
+async_test(t => { |
+ var image = new Image(); |
+ // Notice that we don't set the image.crossOrigin property. |
+ image.src = "http://localhost:8000/security/resources/abe-allow-star.php"; |
+ image.onload = function() { |
+ var offscreen = new OffscreenCanvas(10, 10); |
+ var ctx = offscreen.getContext('2d'); |
+ ctx.drawImage(image, 0, 0); |
+ t.step(function() { |
+ verifyOffscreenCanvasTaintedThenDone(offscreen, t); |
+ }); |
+ } |
+}, "Verify that an OffscreenCanvas tainted with cross-origin content cannot be read."); |
+ |
+async_test(t => { |
+ var image = new Image(); |
+ // Notice that we don't set the image.crossOrigin property. |
+ image.src = "http://localhost:8000/security/resources/abe-allow-star.php"; |
+ image.onload = function() { |
+ var offscreen = new OffscreenCanvas(10, 10); |
+ var ctx = offscreen.getContext('2d'); |
+ ctx.drawImage(image, 0, 0); |
+ createImageBitmap(offscreen).then(imageBitmap => { |
+ var offscreen2 = new OffscreenCanvas(10, 10); |
+ var ctx2 = offscreen2.getContext('2d'); |
+ ctx2.drawImage(imageBitmap, 0, 0); |
+ t.step(function() { |
+ verifyOffscreenCanvasTaintedThenDone(offscreen, t); |
+ }); |
+ }) |
+ } |
+}, "Verify that createImageBitmap(OffscreenCanvas) propagates the origin-clean flag."); |
+ |
+ |
+ |
+ |
+ |
+</script> |