blob: 0a401cf3a85fef4037410f6809a6fa54e6f55639 [file] [log] [blame]
<pre id="console"></pre>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
log = function(msg)
{
document.getElementById('console').appendChild(document.createTextNode(msg + "\n"));
}
var image;
var url = "http://localhost:8000/security/resources/abe-allow-star.py";
function testGetImageData(shouldWork)
{
var canvas = document.createElement("canvas");
canvas.width = 100;
canvas.height = 100;
var context = canvas.getContext("2d");
context.drawImage(image, 0, 0, 100, 100);
var worked = true;
try {
context.getImageData(0, 0, 100, 100);
} catch (e) {
worked = false;
}
if (worked == shouldWork) {
if (shouldWork) {
log("PASS: image did not taint canvas");
} else {
log("PASS: image tainted canvas");
}
} else {
if (shouldWork) {
log("FAIL: image tainted canvas");
} else {
log("FAIL: image did not taint canvas");
}
}
}
function testWithoutCORS()
{
log("Testing uploading without CORS headers");
testGetImageData(false);
image = new Image();
image.onload = testWithCORS;
image.crossOrigin = "";
image.src = url;
}
function testWithCORS()
{
log("Testing uploading with CORS headers");
testGetImageData(true);
if (window.testRunner)
testRunner.notifyDone();
}
function start()
{
log('Test that if an image is served with "Access-Control-Allow-Origin: *", then loading it first without and then with a CORS request works the second time.');
image = new Image();
image.onload = testWithoutCORS;
image.src = url;
}
start();
</script>