chromium/src/third_party/blink/web_tests/http/tests/security/offscreencanvas-placeholder-read-blocked-no-crossorigin.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <script src="../../../resources/testharness.js"></script>
 <script src="../../../resources/testharnessreport.js"></script>
 <script>
 async_test(t => {
   var image = new Image();
   // Notice that we don't set the image.crossOrigin property.
   image.src = "http://localhost:8000/security/resources/abe-allow-star.php";
   image.onload = function() {
     var canvas = document.createElement('canvas');
     canvas.width = canvas.height = 10;
     var offscreen = canvas.transferControlToOffscreen();
     var ctx = offscreen.getContext('2d');
     ctx.drawImage(image, 0, 0);
     t.step(function() {
       canvas.toDataURL(); // Succeeds by not throwing
     });
     // TODO(junov): Use the Promise returned by commit to schedule after the
     // commit. (crbug.com/709484)
     setTimeout(function() {
       setTimeout(function() {
         t.step(function() {
           assert_throws_dom("SecurityError", function() {
             canvas.toDataURL();
           }, "Check toDataURL blocked.");
         });
         // TODO(junov): Use the Promise returned by commit to schedule after the
         // commit. (crbug.com/709484)
         setTimeout(function() {
           setTimeout(function() {
             t.step(function() {
               assert_throws_dom("SecurityError", function() {
                 canvas.toDataURL();
               });
             });
             t.done();
           }, 0);
         }, 0);
       }, 0);
     }, 0);
   }
 }, "Verify that the placeholder <canvas> associated with an OffscreenCanvas tainted with cross-origin content cannot be read once commit has propagated.");
 </script>
	<!DOCTYPE html>
	<script src="../../../resources/testharness.js"></script>
	<script src="../../../resources/testharnessreport.js"></script>
	<script>
	async_test(t => {
	var image = new Image();
	// Notice that we don't set the image.crossOrigin property.
	image.src = "http://localhost:8000/security/resources/abe-allow-star.php";
	image.onload = function() {
	var canvas = document.createElement('canvas');
	canvas.width = canvas.height = 10;
	var offscreen = canvas.transferControlToOffscreen();
	var ctx = offscreen.getContext('2d');
	ctx.drawImage(image, 0, 0);
	t.step(function() {
	canvas.toDataURL(); // Succeeds by not throwing
	});
	// TODO(junov): Use the Promise returned by commit to schedule after the
	// commit. (crbug.com/709484)
	setTimeout(function() {
	setTimeout(function() {
	t.step(function() {
	assert_throws_dom("SecurityError", function() {
	canvas.toDataURL();
	}, "Check toDataURL blocked.");
	});
	// TODO(junov): Use the Promise returned by commit to schedule after the
	// commit. (crbug.com/709484)
	setTimeout(function() {
	setTimeout(function() {
	t.step(function() {
	assert_throws_dom("SecurityError", function() {
	canvas.toDataURL();
	});
	});
	t.done();
	}, 0);
	}, 0);
	}, 0);
	}, 0);
	}
	}, "Verify that the placeholder <canvas> associated with an OffscreenCanvas tainted with cross-origin content cannot be read once commit has propagated.");
	</script>