image-tainting-checker.sub.html (711B)
1 <!DOCTYPE html> 2 <body> 3 <canvas id="canvas"></canvas> 4 <script> 5 // Used by image-tainting-in-cross-origin-iframe.sub.html to check that an 6 // image resource loaded by the top level frame that is same-origin to the 7 // frame isn't treated as a same-origin resource in a cross-origin iframe. 8 const canvas = document.getElementById('canvas'); 9 const ctx = canvas.getContext('2d'); 10 const img = new Image(); 11 img.src = 'http://{{host}}:{{ports[http][0]}}/images/blue-png-cachable.py'; 12 img.onload = () => { 13 ctx.drawImage(img, 0, 0); 14 try { 15 ctx.getImageData(0, 0, 1, 1); 16 parent.postMessage('FAIL: getImageData() didn\'t throw', '*'); 17 } catch (e) { 18 parent.postMessage('DONE', '*'); 19 } 20 }; 21 </script> 22 </body>