| OLD | NEW |
|---|
| 1 <!doctype html> |
| 2 <html> |
| 3 <body> |
| 1 <pre id="console"></pre> | 4 <pre id="console"></pre> |
| 2 <script> | 5 <script> |
| 3 if (window.testRunner) { | 6 if (window.testRunner) { |
| 4 testRunner.overridePreference("WebKitWebGLEnabled", "1"); | 7 testRunner.overridePreference("WebKitWebGLEnabled", "1"); |
| 5 testRunner.dumpAsText(); | 8 testRunner.dumpAsText(); |
| 6 testRunner.waitUntilDone(); | 9 testRunner.waitUntilDone(); |
| 7 } | 10 } |
| 8 | 11 |
| 9 log = function(msg) | 12 log = function(msg) |
| 10 { | 13 { |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 44 log("FAIL: " + description + " was not allowed - Threw error: " + e + ".
"); | 47 log("FAIL: " + description + " was not allowed - Threw error: " + e + ".
"); |
| 45 } | 48 } |
| 46 } | 49 } |
| 47 | 50 |
| 48 test = function(canvas, description) | 51 test = function(canvas, description) |
| 49 { | 52 { |
| 50 testReadPixels(canvas.getContext("experimental-webgl"), description); | 53 testReadPixels(canvas.getContext("experimental-webgl"), description); |
| 51 testToDataURL(canvas, description); | 54 testToDataURL(canvas, description); |
| 52 } | 55 } |
| 53 | 56 |
| 54 var image = new Image(); | 57 testResource = function (resource, resourceType, continuation) |
| 55 image.onload = function() { | 58 { |
| 59 log(""); |
| 60 log("Testing " + resourceType + "..."); |
| 61 |
| 56 var canvas = document.createElement("canvas"); | 62 var canvas = document.createElement("canvas"); |
| 57 canvas.width = 100; | 63 canvas.width = 100; |
| 58 canvas.height = 100; | 64 canvas.height = 100; |
| 59 var gl = canvas.getContext("experimental-webgl"); | 65 var gl = canvas.getContext("experimental-webgl"); |
| 60 | 66 |
| 61 // Control tests | 67 // Control tests |
| 62 log("Untainted canvas:"); | 68 log("Untainted canvas:"); |
| 63 try { | 69 try { |
| 64 var pixels = new Uint8Array(4); | 70 var pixels = new Uint8Array(4); |
| 65 gl.readPixels(0, 0, 1, 1, gl.RGBA, gl.UNSIGNED_BYTE, pixels); | 71 gl.readPixels(0, 0, 1, 1, gl.RGBA, gl.UNSIGNED_BYTE, pixels); |
| 66 log("PASS: Calling readPixels() from an untainted canvas was allowed."); | 72 log("PASS: Calling readPixels() from an untainted canvas was allowed."); |
| 67 } catch (e) { | 73 } catch (e) { |
| 68 log("FAIL: Calling readPixels() from an untainted canvas was not allowed
: Threw error: " + e + "."); | 74 log("FAIL: Calling readPixels() from an untainted canvas was not allowed
: Threw error: " + e + "."); |
| 69 } | 75 } |
| 70 try { | 76 try { |
| 71 var dataURL = canvas.toDataURL(); | 77 var dataURL = canvas.toDataURL(); |
| 72 log("PASS: Calling toDataURL() on an untainted canvas was allowed."); | 78 log("PASS: Calling toDataURL() on an untainted canvas was allowed."); |
| 73 } catch (e) { | 79 } catch (e) { |
| 74 log("FAIL: Calling toDataURL() on an untainted canvas was not allowed: T
hrew error: " + e + "."); | 80 log("FAIL: Calling toDataURL() on an untainted canvas was not allowed: T
hrew error: " + e + "."); |
| 75 } | 81 } |
| 76 | 82 |
| 77 log("\n"); | 83 log(""); |
| 78 log("Tainted canvas:"); | 84 log("Tainted canvas:"); |
| 79 // Test reading from a canvas after uploading a remote image as a texture | 85 // Test reading from a canvas after uploading a remote image as a texture |
| 80 var texture = gl.createTexture(); | 86 var texture = gl.createTexture(); |
| 81 gl.bindTexture(gl.TEXTURE_2D, texture); | 87 gl.bindTexture(gl.TEXTURE_2D, texture); |
| 82 testTexImage2D(gl, image, "image"); | 88 testTexImage2D(gl, resource, resourceType); |
| 83 | 89 |
| 84 test(canvas, "remote image"); | 90 test(canvas, "remote " + resourceType); |
| 85 | 91 |
| 86 var dirtyCanvas = canvas; | 92 var dirtyCanvas = canvas; |
| 87 | 93 |
| 88 // Now test reading from a canvas after drawing a tainted canvas onto it | 94 // Now test reading from a canvas after drawing a tainted canvas onto it |
| 89 var dirtyCanvas = document.createElement("canvas"); | 95 var dirtyCanvas = document.createElement("canvas"); |
| 90 dirtyCanvas.width = 100; | 96 dirtyCanvas.width = 100; |
| 91 dirtyCanvas.height = 100; | 97 dirtyCanvas.height = 100; |
| 92 var dirtyContext = dirtyCanvas.getContext("2d"); | 98 var dirtyContext = dirtyCanvas.getContext("2d"); |
| 93 dirtyContext.drawImage(image, 0, 0, 100, 100); | 99 dirtyContext.drawImage(resource, 0, 0, 100, 100); |
| 94 testTexImage2D(gl, dirtyCanvas, "canvas"); | 100 testTexImage2D(gl, dirtyCanvas, "canvas"); |
| 95 | 101 |
| 96 test(canvas, "tainted canvas"); | 102 test(canvas, "tainted canvas"); |
| 97 | 103 |
| 104 continuation(); |
| 105 } |
| 106 |
| 107 testImage = function () |
| 108 { |
| 109 var image = new Image(); |
| 110 image.onload = testResource.bind(null, image, "image", testVideo); |
| 111 // Notice that we forget to set the image.crossOrigin property! |
| 112 image.src = "http://localhost:8000/security/resources/abe-allow-star.php"; |
| 113 } |
| 114 |
| 115 testVideo = function () |
| 116 { |
| 117 var video = document.createElement('video'); |
| 118 video.oncanplay = testResource.bind(null, video, "video", finishUp); |
| 119 // No crossOrigin set here either. |
| 120 var name = "../../media/resources/test.ogv"; |
| 121 var type = "video/ogg"; |
| 122 video.src = "http://localhost:8000/security/resources/video-cross-origin-all
ow.php?name=" + name + "&type=" + type; |
| 123 } |
| 124 |
| 125 finishUp = function () |
| 126 { |
| 127 log("DONE"); |
| 98 if (window.testRunner) | 128 if (window.testRunner) |
| 99 testRunner.notifyDone(); | 129 testRunner.notifyDone(); |
| 100 } | 130 } |
| 101 // Notice that we forget to set the image.crossOrigin property! | 131 |
| 102 image.src = "http://localhost:8000/security/resources/abe-allow-star.php"; | 132 testImage(); |
| 103 </script> | 133 </script> |
| 134 </body> |
| 135 </html> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 80263004:
Test Canvas tainting and WebGL video textures (CORS fetched.) (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master