Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /html/canvas/element/manual/fill-and-stroke-styles/pattern-from-image-cross-origin-taint.https.sub.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<meta charset="utf-8">
<title>A pattern using a cross-origin SVG image should taint the canvas.</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<svg width="100" height="100">
<image x=0 y=0 width=100 height=0 id=img_source href="https://{{hosts[alt][www]}}:{{ports[https][0]}}/images/red-100x100.png" />
![https://{{hosts[alt][www]}}:{{ports[https][0]}}/images/red-100x100.png](https://{{hosts[alt][www]}}:{{ports[https][0]}}/images/red-100x100.png){kind=link}
</svg>
<canvas id=canvas width=100 height=100></canvas>
<script>
window.onload = function() {
promise_test(async function(t) {
const context = canvas.getContext("2d");
const pattern = context.createPattern(img_source, "repeat");
context.fillStyle = pattern;
context.fillRect(0, 0, 100, 100);
// The canvas should be tainted, so the following should throw.
assert_throws_dom("SecurityError",
function () { canvas.toDataURL() },
'canvas.toDataURL should throw SecurityError for a pattern using cross origin content.'
);
}, "Tainting check for cross origin image in canvas pattern");
};
</script>