4 <pre id=
"console"></pre>
6 if (window
.testRunner
) {
7 testRunner
.overridePreference("WebKitWebGLEnabled", "1");
8 testRunner
.dumpAsText();
9 testRunner
.waitUntilDone();
14 document
.getElementById('console').appendChild(document
.createTextNode(msg
+ "\n"));
17 testTexImage2D = function(gl
, source
, description
)
19 description
= "Calling texImage2D() with an untainted " + description
;
21 gl
.texImage2D(gl
.TEXTURE_2D
, 0, gl
.RGBA
, gl
.RGBA
, gl
.UNSIGNED_BYTE
, source
);
22 log("PASS: " + description
+ " was allowed");
24 log("FAIL: " + description
+ " was not allowed: Threw error: " + e
+ ".");
28 testReadPixels = function(gl
, description
)
30 description
= "Calling readPixels() from a canvas tainted by a " + description
;
32 var pixels
= new Uint8Array(4);
33 gl
.readPixels(0, 0, 1, 1, gl
.RGBA
, gl
.UNSIGNED_BYTE
, pixels
);
34 log("PASS: " + description
+ " was allowed.");
36 log("FAIL: " + description
+ " was not allowed - Threw error: " + e
+ ".");
40 testToDataURL = function(canvas
, description
)
42 description
= "Calling toDataURL() on a canvas CORS-untainted by a " + description
;
44 var dataURL
= canvas
.toDataURL();
45 log("PASS: " + description
+ " was allowed.");
47 log("FAIL: " + description
+ " was not allowed - Threw error: " + e
+ ".");
51 test = function(canvas
, description
)
53 testReadPixels(canvas
.getContext("webgl"), description
);
54 testToDataURL(canvas
, description
);
57 testResource = function (resource
, resourceType
, continuation
)
60 log("Testing " + resourceType
+ "...");
62 var canvas
= document
.createElement("canvas");
65 var gl
= canvas
.getContext("webgl");
68 log("Untainted canvas:");
70 var pixels
= new Uint8Array(4);
71 gl
.readPixels(0, 0, 1, 1, gl
.RGBA
, gl
.UNSIGNED_BYTE
, pixels
);
72 log("PASS: Calling readPixels() from an untainted canvas was allowed.");
74 log("FAIL: Calling readPixels() from an untainted canvas was not allowed: Threw error: " + e
+ ".");
77 var dataURL
= canvas
.toDataURL();
78 log("PASS: Calling toDataURL() on an untainted canvas was allowed.");
80 log("FAIL: Calling toDataURL() on an untainted canvas was not allowed: Threw error: " + e
+ ".");
84 log("Tainted canvas:");
85 // Test reading from a canvas after uploading a remote resource as a texture
86 var texture
= gl
.createTexture();
87 gl
.bindTexture(gl
.TEXTURE_2D
, texture
);
88 testTexImage2D(gl
, resource
, resourceType
);
90 test(canvas
, "remote " + resourceType
);
92 // Now test reading from a canvas after uploading a tainted canvas onto it
93 var dirtyCanvas
= document
.createElement("canvas");
94 dirtyCanvas
.width
= 100;
95 dirtyCanvas
.height
= 100;
96 var dirtyContext
= dirtyCanvas
.getContext("2d");
97 dirtyContext
.drawImage(resource
, 0, 0, 100, 100);
98 testTexImage2D(gl
, dirtyCanvas
, "canvas");
100 test(canvas
, "CORS-untained canvas");
105 finishUp = function ()
107 if (window
.testRunner
)
108 testRunner
.notifyDone();
111 testImage = function ()
113 var image
= new Image();
114 image
.onload
= testResource
.bind(null, image
, "image", testVideo
);
115 image
.crossOrigin
= "use-credentials";
116 image
.src
= "http://localhost:8000/security/resources/abe-allow-credentials.php";
119 testVideo = function ()
121 var video
= document
.createElement('video');
122 video
.oncanplay
= testResource
.bind(null, video
, "video", finishUp
);
123 video
.crossOrigin
= "use-credentials";
124 var name
= "../../media/resources/test.ogv";
125 var type
= "video/ogg";
126 video
.src
= "http://localhost:8000/security/resources/video-cross-origin-allow.php?with_credentials&name=" + name
+ "&type=" + type
;
129 finishUp = function ()
132 if (window
.testRunner
)
133 testRunner
.notifyDone();
