From 4e66cb86cae2c0918791536a82f5a40e7fff993e Mon Sep 17 00:00:00 2001 From: Tomislav Jovanovic Date: Sat, 1 Apr 2017 15:38:23 +0200 Subject: [PATCH] Bug 1318565 - Test extension permission to read from a tainted canvas r=kmag MozReview-Commit-ID: FkgSLDRyY3R --HG-- rename : toolkit/components/extensions/test/mochitest/test_ext_contentscript_drawWindow.html => toolkit/components/extensions/test/mochitest/test_ext_contentscript_canvas.html extra : rebase_source : 19099e6c1bea2acc564e1321ff115ad4a5d4d39a --- .../test/mochitest/mochitest-common.ini | 2 +- ...tml => test_ext_contentscript_canvas.html} | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) rename toolkit/components/extensions/test/mochitest/{test_ext_contentscript_drawWindow.html => test_ext_contentscript_canvas.html} (50%) diff --git a/toolkit/components/extensions/test/mochitest/mochitest-common.ini b/toolkit/components/extensions/test/mochitest/mochitest-common.ini index 908b9a80d17b..97b86eab8f19 100644 --- a/toolkit/components/extensions/test/mochitest/mochitest-common.ini +++ b/toolkit/components/extensions/test/mochitest/mochitest-common.ini @@ -56,10 +56,10 @@ skip-if = os == 'android' # Android does not support multiple windows. [test_ext_contentscript_api_injection.html] [test_ext_contentscript_async_loading.html] [test_ext_contentscript_cache.html] +[test_ext_contentscript_canvas.html] [test_ext_contentscript_context.html] [test_ext_contentscript_create_iframe.html] [test_ext_contentscript_devtools_metadata.html] -[test_ext_contentscript_drawWindow.html] [test_ext_contentscript_exporthelpers.html] [test_ext_contentscript_incognito.html] skip-if = os == 'android' # Android does not support multiple windows. diff --git a/toolkit/components/extensions/test/mochitest/test_ext_contentscript_drawWindow.html b/toolkit/components/extensions/test/mochitest/test_ext_contentscript_canvas.html similarity index 50% rename from toolkit/components/extensions/test/mochitest/test_ext_contentscript_drawWindow.html rename to toolkit/components/extensions/test/mochitest/test_ext_contentscript_canvas.html index 761694d59c43..c18f93aa4181 100644 --- a/toolkit/components/extensions/test/mochitest/test_ext_contentscript_drawWindow.html +++ b/toolkit/components/extensions/test/mochitest/test_ext_contentscript_canvas.html @@ -53,4 +53,57 @@ add_task(function* test_drawWindow() { yield second.unload(); }); +add_task(async function test_tainted_canvas() { + const permissions = [ + "", + ]; + + const content_scripts = [{ + matches: ["https://example.org/*"], + js: ["content_script.js"], + }]; + + const files = { + "content_script.js": () => { + const canvas = document.createElement("canvas"); + const ctx = canvas.getContext("2d"); + const img = new Image(); + + img.onload = function() { + ctx.drawImage(img, 0, 0); + try { + const png = canvas.toDataURL(); + const {data} = ctx.getImageData(0, 0, 10, 10); + browser.test.sendMessage("success", {png, colour: data.slice(0, 4).join()}); + } catch (e) { + browser.test.log(`Exception: ${e.message}`); + browser.test.sendMessage("error", e.message); + } + }; + + // Cross-origin image from example.com. + img.src = "https://example.com/tests/toolkit/components/extensions/test/mochitest/file_image_good.png"; + }, + }; + + const first = ExtensionTestUtils.loadExtension({manifest: {permissions, content_scripts}, files}); + const second = ExtensionTestUtils.loadExtension({manifest: {content_scripts}, files}); + + await first.startup(); + await second.startup(); + + const win = window.open("https://example.org/tests/toolkit/components/extensions/test/mochitest/file_to_drawWindow.html"); + + const {png, colour} = await first.awaitMessage("success"); + ok(png.startsWith("data:image/png;base64,"), "toDataURL() call was successful."); + is(colour, "0,0,0,0", "getImageData() returned the correct colour (transparent)."); + + const error = await second.awaitMessage("error"); + is(error, "The operation is insecure.", "toDataURL() throws without permission."); + + win.close(); + await first.unload(); + await second.unload(); +}); +