tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

videoFrame-construction.crossOriginSource.sub.html (8031B)

      1 <!DOCTYPE html>
      2 <html>
      3 
      4 <head>
      5  <script src='/resources/testharness.js'></script>
      6  <script src='/resources/testharnessreport.js'></script>
      7  <script src="/common/get-host-info.sub.js"></script>
      8 </head>
      9 
     10 <body>
     11  <svg id="svg" width="200" height="200" xmlns="http://www.w3.org/2000/svg">
     12  </svg>
     13  <script>
     14    const SAMEORIGIN_BASE = get_host_info().HTTP_ORIGIN;
     15    const CROSSORIGIN_BASE = get_host_info().HTTP_NOTSAMESITE_ORIGIN;
     16 
     17    async function getVideoFilename() {
     18      const videoConfiguration = {
     19        type: 'file',
     20        video: {
     21          contentType: 'video/mp4; codecs=avc1',
     22          width: 640,
     23          height: 480,
     24          bitrate: 800,
     25          framerate: 30
     26        }
     27      };
     28      const result = await navigator.mediaCapabilities.decodingInfo(videoConfiguration);
     29      if (result.supported)
     30        return '/webcodecs/h264.mp4';
     31      return '/webcodecs/av1.mp4';
     32    }
     33 
     34    const TESTS = [
     35      // HTMLImageElement
     36      {
     37        title: 'Test creating a VideoFrame with a same-origin HTMLImageElement',
     38        factory: () => {
     39          return new Promise((resolve, reject) => {
     40            const image = new Image();
     41            image.onload = () => resolve(image);
     42            image.onerror = reject;
     43            image.src = SAMEORIGIN_BASE + '/webcodecs/four-colors.jpg';
     44          });
     45        },
     46        should_throw: false,
     47      },
     48      {
     49        title: 'Test creating a VideoFrame with a cross-origin HTMLImageElement',
     50        factory: () => {
     51          return new Promise((resolve, reject) => {
     52            const image = new Image();
     53            image.onload = () => resolve(image);
     54            image.onerror = reject;
     55            image.src = CROSSORIGIN_BASE + '/webcodecs/four-colors.jpg';
     56          });
     57        },
     58        should_throw: true,
     59      },
     60      {
     61        title: 'Test creating a VideoFrame with a CORS enabled cross-origin HTMLImageElement without setting crossorigin',
     62        factory: () => {
     63          return new Promise((resolve, reject) => {
     64            const image = new Image();
     65            image.onload = () => resolve(image);
     66            image.onerror = reject;
     67            image.src = CROSSORIGIN_BASE + '/webcodecs/four-colors.jpg?pipe=header(Access-Control-Allow-Origin,*)';
     68          });
     69        },
     70        should_throw: true,
     71      },
     72      {
     73        title: 'Test creating a VideoFrame with a CORS enabled cross-origin HTMLImageElement with crossorigin="anonymous"',
     74        factory: () => {
     75          return new Promise((resolve, reject) => {
     76            const image = new Image();
     77            image.onload = () => resolve(image);
     78            image.onerror = reject;
     79            image.crossOrigin = 'anonymous';
     80            image.src = CROSSORIGIN_BASE + '/webcodecs/four-colors.jpg?pipe=header(Access-Control-Allow-Origin,*)';
     81          });
     82        },
     83        should_throw: false,
     84      },
     85      // SVGImageElement
     86      {
     87        title: 'Test creating a VideoFrame with a same-origin SVGImageElement',
     88        factory: () => {
     89          return new Promise((resolve, reject) => {
     90            const image = document.createElementNS('http://www.w3.org/2000/svg', 'image');
     91            svg.appendChild(image);
     92            image.onload = () => resolve(image);
     93            image.onerror = reject;
     94            image.setAttribute('href', SAMEORIGIN_BASE + '/webcodecs/four-colors.jpg');
     95          });
     96        },
     97        should_throw: false,
     98      },
     99      {
    100        title: 'Test creating a VideoFrame with a cross-origin SVGImageElement',
    101        factory: () => {
    102          return new Promise((resolve, reject) => {
    103            const image = document.createElementNS('http://www.w3.org/2000/svg', 'image');
    104            svg.appendChild(image);
    105            image.onload = () => resolve(image);
    106            image.onerror = reject;
    107            image.setAttribute('href', CROSSORIGIN_BASE + '/webcodecs/four-colors.jpg');
    108          });
    109        },
    110        should_throw: true,
    111      },
    112      {
    113        title: 'Test creating a VideoFrame with a CORS enabled cross-origin SVGImageElement without setting crossorigin',
    114        factory: () => {
    115          return new Promise((resolve, reject) => {
    116            const image = document.createElementNS('http://www.w3.org/2000/svg', 'image');
    117            svg.appendChild(image);
    118            image.onload = () => resolve(image);
    119            image.onerror = reject;
    120            image.setAttribute('href', CROSSORIGIN_BASE + '/webcodecs/four-colors.jpg?pipe=header(Access-Control-Allow-Origin,*)');
    121          });
    122        },
    123        should_throw: true,
    124      },
    125      {
    126        title: 'Test creating a VideoFrame with a CORS enabled cross-origin SVGImageElement with crossorigin="anonymous"',
    127        factory: () => {
    128          return new Promise((resolve, reject) => {
    129            const image = document.createElementNS('http://www.w3.org/2000/svg', 'image');
    130            svg.appendChild(image);
    131            image.onload = () => resolve(image);
    132            image.onerror = reject;
    133            image.crossOrigin = 'anonymous';
    134            image.setAttribute('href', CROSSORIGIN_BASE + '/webcodecs/four-colors.jpg?pipe=header(Access-Control-Allow-Origin,*)');
    135          });
    136        },
    137        should_throw: false,
    138      },
    139      // HTMLVideoElement
    140      {
    141        title: 'Test creating a VideoFrame with a same-origin HTMLVideoElement',
    142        factory: () => {
    143          return new Promise(async (resolve, reject) => {
    144            const video = document.createElement('video');
    145            on_frame_available(video, () => resolve(video));
    146            video.onerror = reject;
    147            video.src = SAMEORIGIN_BASE + await getVideoFilename();
    148          });
    149        },
    150        should_throw: false,
    151      },
    152      {
    153        title: 'Test creating a VideoFrame with a cross-origin HTMLVideoElement',
    154        factory: () => {
    155          return new Promise(async (resolve, reject) => {
    156            const video = document.createElement('video');
    157            on_frame_available(video, () => resolve(video));
    158            video.onerror = reject;
    159            video.src = CROSSORIGIN_BASE + await getVideoFilename();
    160          });
    161        },
    162        should_throw: true,
    163      },
    164      {
    165        title: 'Test creating a VideoFrame with a CORS enabled cross-origin HTMLVideoElement without setting crossorigin',
    166        factory: () => {
    167          return new Promise(async (resolve, reject) => {
    168            const video = document.createElement('video');
    169            on_frame_available(video, () => resolve(video));
    170            video.onerror = reject;
    171            video.src = CROSSORIGIN_BASE + await getVideoFilename() + '?pipe=header(Access-Control-Allow-Origin,*)';
    172          });
    173        },
    174        should_throw: true,
    175      },
    176      {
    177        title: 'Test creating a VideoFrame with a CORS enabled cross-origin HTMLVideoElement with crossorigin="anonymous"',
    178        factory: () => {
    179          return new Promise(async (resolve, reject) => {
    180            const video = document.createElement('video');
    181            on_frame_available(video, () => resolve(video));
    182            video.onerror = reject;
    183            video.crossOrigin = 'anonymous';
    184            video.src = CROSSORIGIN_BASE + await getVideoFilename() + '?pipe=header(Access-Control-Allow-Origin,*)';
    185          });
    186        },
    187        should_throw: false,
    188      },
    189    ];
    190 
    191    TESTS.forEach(test => run_test(test));
    192 
    193    function run_test(test) {
    194      promise_test(async t => {
    195        const source = await test.factory();
    196        if (test.should_throw) {
    197          assert_throws_dom('SecurityError', () => { create_frame(source); });
    198        } else {
    199          create_frame(source);
    200        }
    201      }, test.title);
    202    }
    203 
    204    function create_frame(img) {
    205      let frame = new VideoFrame(img, { timestamp: 0 });
    206      frame.close();
    207    }
    208 
    209    function on_frame_available(video, callback) {
    210      if ('requestVideoFrameCallback' in video)
    211        video.requestVideoFrameCallback(callback);
    212      else
    213        video.onloadeddata = callback;
    214    }
    215 
    216  </script>
    217 </body>
    218 
    219 </html>