Merge Chromium + Blink git repositories

[chromium-blink-merge.git] / third_party / WebKit / LayoutTests / http / tests / security / canvas-remote-read-remote-image-blocked-then-allowed.html

<pre id="console"></pre>
<script>
if (window.testRunner) {
    testRunner.dumpAsText();
    testRunner.waitUntilDone();
}

log = function(msg)
{
    document.getElementById('console').appendChild(document.createTextNode(msg + "\n"));
}

var image;
var url = "http://localhost:8000/security/resources/abe-allow-star.php";

function testGetImageData(shouldWork)
{
    var canvas = document.createElement("canvas");
    canvas.width = 100;
    canvas.height = 100;
    var context = canvas.getContext("2d");
    context.drawImage(image, 0, 0, 100, 100);
    var worked = true;
    try {
        context.getImageData(0, 0, 100, 100);
    } catch (e) {
        worked = false;
    }
    if (worked == shouldWork) {
        if (shouldWork) {
            log("PASS: image did not taint canvas");
        } else {
            log("PASS: image tainted canvas");
        }
    } else {
        if (shouldWork) {
            log("FAIL: image tainted canvas");
        } else {
            log("FAIL: image did not taint canvas");
        }
    }
}

function testWithoutCORS()
{
    log("Testing uploading without CORS headers");
    testGetImageData(false);
    image = new Image();
    image.onload = testWithCORS;
    image.crossOrigin = "";
    image.src = url;
}

function testWithCORS()
{
    log("Testing uploading with CORS headers");
    testGetImageData(true);
    if (window.testRunner)
        testRunner.notifyDone();
}

function start()
{
    log('Test that if an image is served with "Access-Control-Allow-Origin: *", then loading it first without and then with a CORS request works the second time.');
    image = new Image();
    image.onload = testWithoutCORS;
    image.src = url;
}

start();
</script>