| <pre id="console"></pre> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| |
| log = function(msg) |
| { |
| document.getElementById('console').appendChild(document.createTextNode(msg + "\n")); |
| } |
| |
| testGetImageData = function(context, description) |
| { |
| description = "Calling getImageData() from a canvas tainted by a " + description; |
| try { |
| var imageData = context.getImageData(0,0,100,100); |
| log("FAIL: " + description + " was allowed."); |
| } catch (e) { |
| log("PASS: " + description + " was not allowed - Threw error: " + e + "."); |
| } |
| } |
| |
| testToDataURL = function(canvas, description) |
| { |
| description = "Calling toDataURL() on a canvas tainted by a " + description; |
| try { |
| var dataURL = canvas.toDataURL(); |
| log("FAIL: " + description + " was allowed."); |
| } catch (e) { |
| log("PASS: " + description + " was not allowed - Threw error: " + e + "."); |
| } |
| } |
| |
| test = function(canvas, description) |
| { |
| testGetImageData(canvas.getContext("2d"), description); |
| testToDataURL(canvas, description); |
| } |
| |
| var image = new Image(); |
| image.onload = function() { |
| var canvas = document.createElement("canvas"); |
| canvas.width = 100; |
| canvas.height = 100; |
| var context = canvas.getContext("2d"); |
| |
| // Control tests |
| log("Untainted canvas:"); |
| try { |
| var imageData = context.getImageData(0, 0, 100, 100); |
| log("PASS: Calling getImageData() from an untainted canvas was allowed."); |
| } catch (e) { |
| log("FAIL: Calling getImageData() from an untainted canvas was not allowed: Threw error: " + e + "."); |
| } |
| try { |
| var dataURL = canvas.toDataURL(); |
| log("PASS: Calling toDataURL() on an untainted canvas was allowed."); |
| } catch (e) { |
| log("FAIL: Calling toDataURL() on an untainted canvas was not allowed: Threw error: " + e + "."); |
| } |
| |
| log("\n"); |
| log("Tainted canvas:"); |
| // Test reading from a canvas after drawing a remote image onto it |
| context.drawImage(image, 0, 0, 100, 100); |
| |
| test(canvas, "remote image"); |
| |
| var dirtyCanvas = canvas; |
| |
| // Now test reading from a canvas after drawing a tainted canvas onto it |
| canvas = document.createElement("canvas"); |
| canvas.width = 100; |
| canvas.height = 100; |
| var context = canvas.getContext("2d"); |
| context.drawImage(dirtyCanvas, 0, 0, 100, 100); |
| |
| test(canvas, "tained canvas"); |
| |
| // Test reading after using a tainted pattern |
| canvas = document.createElement("canvas"); |
| canvas.width = 100; |
| canvas.height = 100; |
| var context = canvas.getContext("2d"); |
| var remoteImagePattern = context.createPattern(image, "repeat"); |
| context.fillStyle = remoteImagePattern; |
| context.fillRect(0, 0, 100, 100); |
| |
| test(canvas, "remote image tainted pattern"); |
| |
| // Test reading after using a tainted pattern |
| canvas = document.createElement("canvas"); |
| canvas.width = 100; |
| canvas.height = 100; |
| var context = canvas.getContext("2d"); |
| var taintedCanvasPattern = context.createPattern(dirtyCanvas, "repeat"); |
| context.fillStyle = taintedCanvasPattern; |
| context.fillRect(0, 0, 100, 100); |
| |
| test(canvas, "tainted canvas pattern"); |
| |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| } |
| // Notice that we forget to set the image.crossOrigin property! |
| image.src = "http://localhost:8000/security/resources/abe-allow-star.php"; |
| </script> |
