image-tainting-in-cross-origin-iframe.sub.html (893B)
1 <!DOCTYPE html> 2 <script src="/resources/testharness.js"></script> 3 <script src="/resources/testharnessreport.js"></script> 4 <body> 5 </body> 6 <script> 7 async_test(t => { 8 const img = document.createElement('img'); 9 img.onload = t.step_func(() => { 10 const iframe = document.createElement('iframe'); 11 window.onmessage = t.step_func_done(e => { 12 assert_equals(e.data, 'DONE'); 13 }); 14 iframe.src = 'http://{{domains[www1]}}:{{ports[http][0]}}/cors/resources/image-tainting-checker.sub.html'; 15 document.body.appendChild(iframe); 16 }); 17 img.src = '/images/blue-png-cachable.py'; 18 document.body.appendChild(img); 19 }, 'An image resource that is same-origin to the top-level frame loaded in ' + 20 'the frame is not treated as same-origin for an iframe that is ' + 21 'cross-origin to the top-level frame, and therefore a canvas where the ' + 22 'image is drawn gets tainted.'); 23 </script>