File: image-tainting-in-cross-origin-iframe.sub.html

package info (click to toggle)
firefox 143.0.3-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,617,328 kB
  • sloc: cpp: 7,478,492; javascript: 6,417,157; ansic: 3,720,058; python: 1,396,372; xml: 627,523; asm: 438,677; java: 186,156; sh: 63,477; makefile: 19,171; objc: 13,059; perl: 12,983; yacc: 4,583; cs: 3,846; pascal: 3,405; lex: 1,720; ruby: 1,003; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 53; csh: 10
file content (23 lines) | stat: -rw-r--r-- 893 bytes parent folder | download | duplicates (27) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
</body>
<script>
async_test(t => {
  const img = document.createElement('img');
  img.onload = t.step_func(() => {
    const iframe = document.createElement('iframe');
    window.onmessage = t.step_func_done(e => {
      assert_equals(e.data, 'DONE');
    });
    iframe.src = 'http://{{domains[www1]}}:{{ports[http][0]}}/cors/resources/image-tainting-checker.sub.html';
    document.body.appendChild(iframe);
  });
  img.src = '/images/blue-png-cachable.py';
  document.body.appendChild(img);
}, 'An image resource that is same-origin to the top-level frame loaded in ' +
  'the frame is not treated as same-origin for an iframe that is ' +
  'cross-origin to the top-level frame, and therefore a canvas where the ' +
  'image is drawn gets tainted.');
</script>