LayoutTests/http/tests/security/shape-image-cors.html - WebKit - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
 <style>
     #clear-left {
         clear: left;
         font: 20px/1 Ahem, sans-serif;
         color: green;
     }

     #clear-left > div {
         float: left;
         width: 200px;
         height: 20px;
     }

     /* blocked because the URL's port number doesn't match this document's origin. */
     #shape-outside-block-origin {
         -webkit-shape-outside: url("http://localhost:8080/resources/square100.png");
     }

     /* Access is OK because the URL and this document have the same origin. */
     #shape-outside-same-origin {
         -webkit-shape-outside: url("/resources/square100.png");
     }

     /* DataURL Access is OK, as it is with Canvas. */
     #shape-outside-data-url {
         -webkit-shape-outside: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='100px' height='20px'><rect width='200' height='20' fill='blue'/></svg>");
     }

     /* Cross-origin request is OK because the "Access-Control-Allow-Origin: *" is returned. */
     #shape-outside-allow-origin-url {
         -webkit-shape-outside: url("http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=true");
     }

     /* Cross-origin request is not OK because a "Access-Control-Allow-Origin:" header is not returned. */
     #shape-outside-disallow-origin-url {
         -webkit-shape-outside: url("http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=false");
     }
 </style>
 </head>
 <body>
     <p>Verify that images not allowed by CORS don't affect the layout and that same-origin images, data URLs, and images with a "Access-Control-Allow-Origin: *" header do define the layout.</p>
     <div id="clear-left"><div id="shape-outside-block-origin"></div>X</div>
     <div id="clear-left"><div id="shape-outside-same-origin"></div>X</div>
     <div id="clear-left"><div id="shape-outside-data-url"></div>X</div>
     <div id="clear-left"><div id="shape-outside-allow-origin-url"></div>X</div>
     <div id="clear-left"><div id="shape-outside-disallow-origin-url"></div>X</div>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<style>
	#clear-left {
	clear: left;
	font: 20px/1 Ahem, sans-serif;
	color: green;
	}

	#clear-left > div {
	float: left;
	width: 200px;
	height: 20px;
	}

	/* blocked because the URL's port number doesn't match this document's origin. */
	#shape-outside-block-origin {
	-webkit-shape-outside: url("http://localhost:8080/resources/square100.png");
	}

	/* Access is OK because the URL and this document have the same origin. */
	#shape-outside-same-origin {
	-webkit-shape-outside: url("/resources/square100.png");
	}

	/* DataURL Access is OK, as it is with Canvas. */
	#shape-outside-data-url {
	-webkit-shape-outside: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='100px' height='20px'><rect width='200' height='20' fill='blue'/></svg>");
	}

	/* Cross-origin request is OK because the "Access-Control-Allow-Origin: " is returned. /
	#shape-outside-allow-origin-url {
	-webkit-shape-outside: url("http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=true");
	}

	/* Cross-origin request is not OK because a "Access-Control-Allow-Origin:" header is not returned. */
	#shape-outside-disallow-origin-url {
	-webkit-shape-outside: url("http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=false");
	}
	</style>
	</head>
	<body>
	<p>Verify that images not allowed by CORS don't affect the layout and that same-origin images, data URLs, and images with a "Access-Control-Allow-Origin: *" header do define the layout.</p>
	<div id="clear-left"><div id="shape-outside-block-origin"></div>X</div>
	<div id="clear-left"><div id="shape-outside-same-origin"></div>X</div>
	<div id="clear-left"><div id="shape-outside-data-url"></div>X</div>
	<div id="clear-left"><div id="shape-outside-allow-origin-url"></div>X</div>
	<div id="clear-left"><div id="shape-outside-disallow-origin-url"></div>X</div>
	</body>
	</html>