Title: [95351] trunk/LayoutTests
- Revision
- 95351
- Author
- aba...@webkit.org
- Date
- 2011-09-16 18:47:36 -0700 (Fri, 16 Sep 2011)
Log Message
CORS images viewed from different domains fail security checks
https://bugs.webkit.org/show_bug.cgi?id=68011
Reviewed by Darin Adler.
I am unable to reproduce the bug, but the test I wrote in the process
might be worth having anyway.
* http/tests/security/canvas-cors-with-two-hosts-expected.txt: Added.
* http/tests/security/canvas-cors-with-two-hosts.html: Added.
* http/tests/security/resources/canvas-cors-subtest.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (95350 => 95351)
--- trunk/LayoutTests/ChangeLog 2011-09-17 01:36:07 UTC (rev 95350)
+++ trunk/LayoutTests/ChangeLog 2011-09-17 01:47:36 UTC (rev 95351)
@@ -1,3 +1,17 @@
+2011-09-16 Adam Barth <aba...@webkit.org>
+
+ CORS images viewed from different domains fail security checks
+ https://bugs.webkit.org/show_bug.cgi?id=68011
+
+ Reviewed by Darin Adler.
+
+ I am unable to reproduce the bug, but the test I wrote in the process
+ might be worth having anyway.
+
+ * http/tests/security/canvas-cors-with-two-hosts-expected.txt: Added.
+ * http/tests/security/canvas-cors-with-two-hosts.html: Added.
+ * http/tests/security/resources/canvas-cors-subtest.html: Added.
+
2011-09-16 Kentaro Hara <hara...@google.com>
Overhangs a ruby by no more than half the width of the neighboring text.
Added: trunk/LayoutTests/http/tests/security/canvas-cors-with-two-hosts-expected.txt (0 => 95351)
--- trunk/LayoutTests/http/tests/security/canvas-cors-with-two-hosts-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/canvas-cors-with-two-hosts-expected.txt 2011-09-17 01:47:36 UTC (rev 95351)
@@ -0,0 +1,13 @@
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+PASS
+
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+PASS
+
Added: trunk/LayoutTests/http/tests/security/canvas-cors-with-two-hosts.html (0 => 95351)
--- trunk/LayoutTests/http/tests/security/canvas-cors-with-two-hosts.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/canvas-cors-with-two-hosts.html 2011-09-17 01:47:36 UTC (rev 95351)
@@ -0,0 +1,26 @@
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+ layoutTestController.waitUntilDone();
+}
+
+doneCount = 0;
+
+window.addEventListener('message', function(evt) {
+ if (evt.data == 'done') {
+ ++doneCount;
+
+ if (doneCount > 1) {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ return;
+ }
+
+ var iframe = document.createElement('iframe');
+ iframe.src = ""
+ document.body.appendChild(iframe);
+ }
+});
+</script>
+<iframe src=""
Added: trunk/LayoutTests/http/tests/security/resources/canvas-cors-subtest.html (0 => 95351)
--- trunk/LayoutTests/http/tests/security/resources/canvas-cors-subtest.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/canvas-cors-subtest.html 2011-09-17 01:47:36 UTC (rev 95351)
@@ -0,0 +1,29 @@
+<pre id="console"></pre>
+<script>
+log = function(msg) {
+ document.getElementById('console').appendChild(document.createTextNode(msg + "\n"));
+}
+
+var image = new Image();
+
+image._onload_ = function() {
+ var canvas = document.createElement("canvas");
+ canvas.width = 100;
+ canvas.height = 100;
+ var context = canvas.getContext("2d");
+
+ context.drawImage(image, 0, 0, 100, 100);
+
+ try {
+ var imageData = context.getImageData(0,0,100,100);
+ log("PASS");
+ } catch (e) {
+ log("FAIL");
+ }
+
+ top.postMessage('done', '*');
+}
+
+image.crossOrigin = "anonymous";
+image.src = ""
+</script>
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes