| <pre id="console"></pre> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| |
| log = function(msg) |
| { |
| document.getElementById('console').appendChild(document.createTextNode(msg + "\n")); |
| } |
| |
| var image; |
| var url = "http://localhost:8000/security/resources/abe-allow-star.py"; |
| |
| function testGetImageData(shouldWork) |
| { |
| var canvas = document.createElement("canvas"); |
| canvas.width = 100; |
| canvas.height = 100; |
| var context = canvas.getContext("2d"); |
| context.drawImage(image, 0, 0, 100, 100); |
| var worked = true; |
| try { |
| context.getImageData(0, 0, 100, 100); |
| } catch (e) { |
| worked = false; |
| } |
| if (worked == shouldWork) { |
| if (shouldWork) { |
| log("PASS: image did not taint canvas"); |
| } else { |
| log("PASS: image tainted canvas"); |
| } |
| } else { |
| if (shouldWork) { |
| log("FAIL: image tainted canvas"); |
| } else { |
| log("FAIL: image did not taint canvas"); |
| } |
| } |
| } |
| |
| function testWithoutCORS() |
| { |
| log("Testing uploading without CORS headers"); |
| testGetImageData(false); |
| image = new Image(); |
| image.onload = testWithCORS; |
| image.crossOrigin = ""; |
| image.src = url; |
| } |
| |
| function testWithCORS() |
| { |
| log("Testing uploading with CORS headers"); |
| testGetImageData(true); |
| if (window.testRunner) |
| testRunner.notifyDone(); |
| } |
| |
| function start() |
| { |
| log('Test that if an image is served with "Access-Control-Allow-Origin: *", then loading it first without and then with a CORS request works the second time.'); |
| image = new Image(); |
| image.onload = testWithoutCORS; |
| image.src = url; |
| } |
| |
| start(); |
| </script> |