| <!doctype html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <body></body> |
| <script> |
| |
| async_test(function(t) { |
| var canvas = document.createElement("canvas"); |
| canvas.width = canvas.height = 100; |
| |
| var svg = document.createElementNS('http://www.w3.org/2000/svg','svg'); |
| var image = document.createElementNS("http://www.w3.org/2000/svg", "image"); |
| svg.appendChild(image); |
| image.setAttribute('href', |
| 'http://localhost:8000/security/resources/red200x100.png'); |
| |
| var ctx = canvas.getContext("2d"); |
| |
| image.addEventListener('load', t.step_func_done(function() { |
| ctx.drawImage(image, 0, 0); |
| |
| assert_throws("SecurityError", function() { |
| var c = ctx.getImageData(0, 0, 1, 1); |
| }, "We are trying cross-origin getImageData"); |
| })); |
| |
| document.body.appendChild(canvas); |
| document.body.appendChild(svg); |
| }, "Checks no cross-origin on tainted canvas due to SVG image"); |
| |
| </script> |