| <!DOCTYPE html> |
| <html> |
| <body> |
| <canvas id='output' width='200' height='400'></canvas> |
| <script src="/js-test-resources/js-test.js"></script> |
| <script> |
| description("A tainted imagebitmap drawn to OffscrenCanvas cannot be transfered"); |
| |
| window.jsTestIsAsync = true; |
| |
| var image = document.createElement('img'); |
| image.src = 'http://localhost:8080/security/resources/abe.png'; |
| image.addEventListener('load', function() { |
| createImageBitmap(image, 0, 0, 10, 10).then( |
| function(originalImagebitmap) { |
| const aCanvas = new OffscreenCanvas(200, 400); |
| const ctx = aCanvas.getContext('2d'); |
| // Draw a tainted imagebitmap into OffscreenCanvas 2d |
| ctx.drawImage(originalImagebitmap, 0, 0, 10, 10); |
| const newImageBitmap = aCanvas.transferToImageBitmap(); |
| try { |
| window.postMessage(newImageBitmap, [newImageBitmap]); |
| testFailed("A tainted ImageBitmap cannot be transferred"); |
| finishJSTest(); |
| } catch (e) { |
| testPassed("A tainted ImageBitmap cannot be transferred"); |
| finishJSTest(); |
| } |
| }).catch((e) => { |
| testFailed("Image rejected unexpectedly. "); |
| debug(e); |
| }); |
| }); |
| </script> |
| </body> |
| </html> |