commit db86c6dbc87e7180ef46d73ec87ddce925f9d592 parent ac6f10029acb81ff30ab1e15313d442da2719f0f Author: Andrei Volykhin <andrei.volykhin@gmail.com> Date: Wed, 15 Oct 2025 08:58:17 +0000 Bug 1993994 [wpt PR 55389] - canvas: Reset origin clean flag on reset the context to its default state, a=testonly Automatic update from web-platform-tests canvas: Reset origin clean flag on reset the context to its default state The canvas `origin clean` flag for 2D rendering context should be reset on the reset the context to its default state. See https://html.spec.whatwg.org/multipage/#security-with-canvas-elements The following operations are resetting the `origin clean` flag. - reset() method https://html.spec.whatwg.org/multipage/#dom-context-2d-reset - canvas (output bitmap) dimensions change https://html.spec.whatwg.org/multipage/#concept-canvas-set-bitmap-dimensions Testing: Improvements in the following tests - html/semantics/embedded-content/the-canvas-element/security.reset.* - html/semantics/embedded-content/the-canvas-element/security.resize.* Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com> -- wpt-commits: 71a2257ed707e04a791207b2fc40dbeee2e53a89 wpt-pr: 55389 Diffstat:
4 files changed, 72 insertions(+), 2 deletions(-)
diff --git a/testing/web-platform/tests/html/semantics/embedded-content/the-canvas-element/security.reset.cross.html b/testing/web-platform/tests/html/semantics/embedded-content/the-canvas-element/security.reset.cross.html @@ -22,7 +22,7 @@ _addTest(function(canvas, ctx) { canvas.width = 50; ctx.drawImage(document.getElementById('yellow.png'), 0, 0); assert_throws_dom("SECURITY_ERR", function() { canvas.toDataURL(); }); -canvas.width = 100; +ctx.reset(); canvas.toDataURL(); ctx.getImageData(0, 0, 1, 1); _assert(true, "true"); // okay if there was no exception diff --git a/testing/web-platform/tests/html/semantics/embedded-content/the-canvas-element/security.reset.redirect.html b/testing/web-platform/tests/html/semantics/embedded-content/the-canvas-element/security.reset.redirect.html @@ -22,7 +22,7 @@ _addTest(function(canvas, ctx) { canvas.width = 50; ctx.drawImage(document.getElementById('yellow.png'), 0, 0); assert_throws_dom("SECURITY_ERR", function() { canvas.toDataURL(); }); -canvas.width = 100; +ctx.reset(); canvas.toDataURL(); ctx.getImageData(0, 0, 1, 1); _assert(true, "true"); // okay if there was no exception diff --git a/testing/web-platform/tests/html/semantics/embedded-content/the-canvas-element/security.resize.cross.html b/testing/web-platform/tests/html/semantics/embedded-content/the-canvas-element/security.resize.cross.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! This test has been generated by /html/canvas/tools/gentest.py. --> +<title>Canvas test: security.resize.cross</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/html/canvas/resources/canvas-tests.js"></script> +<link rel="stylesheet" href="/html/canvas/resources/canvas-tests.css"> +<body class="show_output"> + +<h1>security.resize.cross</h1> +<p class="desc">Resizing the canvas dimensions resets the origin-clean flag</p> + + +<p class="output">Actual output:</p> +<canvas id="c" class="output" width="100" height="50"><p class="fallback">FAIL (fallback content)</p></canvas> + +<ul id="d"></ul> +<script> +var t = async_test("Resizing the canvas dimensions resets the origin-clean flag"); +_addTest(function(canvas, ctx) { + +canvas.width = 50; +ctx.drawImage(document.getElementById('yellow.png'), 0, 0); +assert_throws_dom("SECURITY_ERR", function() { canvas.toDataURL(); }); +canvas.width = 100; +canvas.toDataURL(); +ctx.getImageData(0, 0, 1, 1); +_assert(true, "true"); // okay if there was no exception + + +}); +</script> +<script src="/common/get-host-info.sub.js"></script> +<script src="data:text/javascript,addCrossOriginYellowImage()"></script> + diff --git a/testing/web-platform/tests/html/semantics/embedded-content/the-canvas-element/security.resize.redirect.html b/testing/web-platform/tests/html/semantics/embedded-content/the-canvas-element/security.resize.redirect.html @@ -0,0 +1,35 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! This test has been generated by /html/canvas/tools/gentest.py. --> +<title>Canvas test: security.resize.redirect</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/html/canvas/resources/canvas-tests.js"></script> +<link rel="stylesheet" href="/html/canvas/resources/canvas-tests.css"> +<body class="show_output"> + +<h1>security.resize.redirect</h1> +<p class="desc">Resizing the canvas dimensions resets the origin-clean flag</p> + + +<p class="output">Actual output:</p> +<canvas id="c" class="output" width="100" height="50"><p class="fallback">FAIL (fallback content)</p></canvas> + +<ul id="d"></ul> +<script> +var t = async_test("Resizing the canvas dimensions resets the origin-clean flag"); +_addTest(function(canvas, ctx) { + +canvas.width = 50; +ctx.drawImage(document.getElementById('yellow.png'), 0, 0); +assert_throws_dom("SECURITY_ERR", function() { canvas.toDataURL(); }); +canvas.width = 100; +canvas.toDataURL(); +ctx.getImageData(0, 0, 1, 1); +_assert(true, "true"); // okay if there was no exception + + +}); +</script> +<script src="/common/get-host-info.sub.js"></script> +<script src="data:text/javascript,addCrossOriginRedirectYellowImage()"></script> +