tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

fetch-canvas-tainting-iframe.html (2144B)


      1 <html>
      2 <title>iframe for fetch canvas tainting test</title>
      3 <script>
      4 const NOT_TAINTED = 'NOT_TAINTED';
      5 const TAINTED = 'TAINTED';
      6 const LOAD_ERROR = 'LOAD_ERROR';
      7 
      8 // Creates an image/video element with src=|url| and an optional |cross_origin|
      9 // attibute. Tries to read from the image/video using a canvas element. Returns
     10 // NOT_TAINTED if it could be read, TAINTED if it could not be read, and
     11 // LOAD_ERROR if loading the image/video failed.
     12 function create_test_case_promise(url, cross_origin) {
     13  return new Promise(resolve => {
     14      if (url.indexOf('PNGIMAGE') != -1) {
     15        const img = document.createElement('img');
     16        if (cross_origin != '') {
     17          img.crossOrigin = cross_origin;
     18        }
     19        img.onload = function() {
     20          try {
     21            const canvas = document.createElement('canvas');
     22            canvas.width = 100;
     23            canvas.height = 100;
     24            const context = canvas.getContext('2d');
     25            context.drawImage(img, 0, 0);
     26            context.getImageData(0, 0, 100, 100);
     27            resolve(NOT_TAINTED);
     28          } catch (e) {
     29            resolve(TAINTED);
     30          }
     31        };
     32        img.onerror = function() {
     33          resolve(LOAD_ERROR);
     34        }
     35        img.src = url;
     36        return;
     37      }
     38 
     39      if (url.indexOf('VIDEO') != -1) {
     40        const video = document.createElement('video');
     41        video.autoplay = true;
     42        video.muted = true;
     43        if (cross_origin != '') {
     44          video.crossOrigin = cross_origin;
     45        }
     46        video.onplay = function() {
     47          try {
     48            const canvas = document.createElement('canvas');
     49            canvas.width = 100;
     50            canvas.height = 100;
     51            const context = canvas.getContext('2d');
     52            context.drawImage(video, 0, 0);
     53            context.getImageData(0, 0, 100, 100);
     54            resolve(NOT_TAINTED);
     55          } catch (e) {
     56            resolve(TAINTED);
     57          }
     58        };
     59        video.onerror = function() {
     60          resolve(LOAD_ERROR);
     61        }
     62        video.src = url;
     63        return;
     64      }
     65 
     66      resolve('unknown resource type');
     67  });
     68 }
     69 </script>
     70 </html>