source: trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html @ 87473

Revision 87473, 3.4 KB checked in by abarth@webkit.org, 3 years ago (diff)

2011-05-26 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.

Support cross-origin property for images
https://bugs.webkit.org/show_bug.cgi?id=61015

Test various cases involving CORS requests and canvas tainting.

  • http/tests/security/canvas-remote-read-remote-image-allowed-expected.txt: Added.
  • http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials-expected.txt: Added.
  • http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html: Added.
  • http/tests/security/canvas-remote-read-remote-image-allowed.html: Added.
  • http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin-expected.txt: Added.
  • http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html: Added.
  • http/tests/security/resources/abe-allow-credentials.php: Added.
  • http/tests/security/resources/abe-allow-star.php: Added.

2011-05-26 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.

Support cross-origin property for images
https://bugs.webkit.org/show_bug.cgi?id=61015

This patch add support for the crossorigin attribute of images and
teaches 2D canvas to respect that flag and not taint a canvas if the
image drawn on the canvas is allowed by CORS.

While I was editing this code, I couldn't resist a couple touch-up
changes.

Tests: http/tests/security/canvas-remote-read-remote-image-allowed-with-credentials.html

http/tests/security/canvas-remote-read-remote-image-allowed.html
http/tests/security/canvas-remote-read-remote-image-blocked-no-crossorigin.html

  • html/HTMLAttributeNames.in:
  • html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::securityOrigin):
  • html/HTMLCanvasElement.h:
  • html/HTMLImageElement.idl:
  • html/canvas/CanvasRenderingContext.cpp: (WebCore::CanvasRenderingContext::checkOrigin):
  • html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::createPattern):
  • loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement):
  • loader/cache/CachedResource.cpp: (WebCore::CachedResource::passesAccessControlCheck):
  • loader/cache/CachedResource.h:
Line 
1<pre id="console"></pre>
2<script>
3if (window.layoutTestController) {
4    layoutTestController.dumpAsText();
5    layoutTestController.waitUntilDone();
6}
7
8log = function(msg)
9{
10    document.getElementById('console').appendChild(document.createTextNode(msg + "\n"));
11}
12
13testGetImageData = function(context, description)
14{
15    description = "Calling getImageData() from a canvas tainted by a " + description;
16    try {
17        var imageData = context.getImageData(0,0,100,100);
18        log("FAIL: " + description + " was allowed.");
19    } catch (e) {
20        log("PASS: " + description + " was not allowed - Threw error: " + e + ".");
21    }
22}
23
24testToDataURL = function(canvas, description)
25{
26    description = "Calling toDataURL() on a canvas tainted by a " + description;
27    try {
28        var dataURL = canvas.toDataURL();
29        log("FAIL: " + description + " was allowed.");
30    } catch (e) {
31        log("PASS: " + description + " was not allowed - Threw error: " + e + ".");
32    }
33}
34
35test = function(canvas, description)
36{
37    testGetImageData(canvas.getContext("2d"), description);
38    testToDataURL(canvas, description);
39}
40
41var image = new Image();
42image.onload = function() {
43    var canvas = document.createElement("canvas");
44    canvas.width = 100;
45    canvas.height = 100;
46    var context = canvas.getContext("2d");
47
48    // Control tests
49    log("Untainted canvas:");
50    try {
51        var imageData = context.getImageData(0, 0, 100, 100);
52        log("PASS: Calling getImageData() from an untainted canvas was allowed.");
53    } catch (e) {
54        log("FAIL: Calling getImageData() from an untainted canvas was not allowed: Threw error: " + e + ".");
55    }
56    try {
57        var dataURL = canvas.toDataURL();
58        log("PASS: Calling toDataURL() on an untainted canvas was allowed.");
59    } catch (e) {
60        log("FAIL: Calling toDataURL() on an untainted canvas was not allowed: Threw error: " + e + ".");
61    }
62
63    log("\n");
64    log("Tainted canvas:");
65    // Test reading from a canvas after drawing a remote image onto it
66    context.drawImage(image, 0, 0, 100, 100);
67
68    test(canvas, "remote image");
69
70    var dirtyCanvas = canvas;
71
72    // Now test reading from a canvas after drawing a tainted canvas onto it
73    canvas = document.createElement("canvas");
74    canvas.width = 100;
75    canvas.height = 100;
76    var context = canvas.getContext("2d");
77    context.drawImage(dirtyCanvas, 0, 0, 100, 100);
78
79    test(canvas, "tained canvas");
80
81    // Test reading after using a tainted pattern
82    canvas = document.createElement("canvas");
83    canvas.width = 100;
84    canvas.height = 100;
85    var context = canvas.getContext("2d");
86    var remoteImagePattern = context.createPattern(image, "repeat");
87    context.fillStyle = remoteImagePattern;
88    context.fillRect(0, 0, 100, 100);
89
90    test(canvas, "remote image tainted pattern");
91
92    // Test reading after using a tainted pattern
93    canvas = document.createElement("canvas");
94    canvas.width = 100;
95    canvas.height = 100;
96    var context = canvas.getContext("2d");
97    var taintedCanvasPattern = context.createPattern(dirtyCanvas, "repeat");
98    context.fillStyle = taintedCanvasPattern;
99    context.fillRect(0, 0, 100, 100);
100
101    test(canvas, "tainted canvas pattern");
102
103    if (window.layoutTestController)
104        layoutTestController.notifyDone();
105}
106// Notice that we forget to set the image.crossOrigin property!
107image.src = "http://localhost:8000/security/resources/abe-allow-star.php";
108</script>
Note: See TracBrowser for help on using the repository browser.