Bug 1318565 - Test extension permission to read from a tainted canvas r=kmag

MozReview-Commit-ID: FkgSLDRyY3R --HG-- rename : toolkit/components/extensions/test/mochitest/test_ext_contentscript_drawWindow.html => toolkit/components/extensions/test/mochitest/test_ext_contentscript_canvas.html extra : rebase_source : 19099e6c1bea2acc564e1321ff115ad4a5d4d39a
2017-04-01 15:38:23 +02:00 · 2017-04-01 15:38:23 +02:00 · 4e66cb86ca
--- a/toolkit/components/extensions/test/mochitest/mochitest-common.ini
+++ b/toolkit/components/extensions/test/mochitest/mochitest-common.ini
@ -56,10 +56,10 @@ skip-if = os == 'android' # Android does not support multiple windows.
 [test_ext_contentscript_api_injection.html]
 [test_ext_contentscript_async_loading.html]
 [test_ext_contentscript_cache.html]
+[test_ext_contentscript_canvas.html]
 [test_ext_contentscript_context.html]
 [test_ext_contentscript_create_iframe.html]
 [test_ext_contentscript_devtools_metadata.html]
-[test_ext_contentscript_drawWindow.html]
 [test_ext_contentscript_exporthelpers.html]
 [test_ext_contentscript_incognito.html]
 skip-if = os == 'android' # Android does not support multiple windows.
--- a/toolkit/components/extensions/test/mochitest/test_ext_contentscript_drawWindow.html
+++ b/toolkit/components/extensions/test/mochitest/test_ext_contentscript_drawWindow.html
@ -53,4 +53,57 @@ add_task(function* test_drawWindow() {
  yield second.unload();
 });

+add_task(async function test_tainted_canvas() {
+  const permissions = [
+    "<all_urls>",
+  ];
+
+  const content_scripts = [{
+    matches: ["https://example.org/*"],
+    js: ["content_script.js"],
+  }];
+
+  const files = {
+    "content_script.js": () => {
+      const canvas = document.createElement("canvas");
+      const ctx = canvas.getContext("2d");
+      const img = new Image();
+
+      img.onload = function() {
+        ctx.drawImage(img, 0, 0);
+        try {
+          const png = canvas.toDataURL();
+          const {data} = ctx.getImageData(0, 0, 10, 10);
+          browser.test.sendMessage("success", {png, colour: data.slice(0, 4).join()});
+        } catch (e) {
+          browser.test.log(`Exception: ${e.message}`);
+          browser.test.sendMessage("error", e.message);
+        }
+      };
+
+      // Cross-origin image from example.com.
+      img.src = "https://example.com/tests/toolkit/components/extensions/test/mochitest/file_image_good.png";
+    },
+  };
+
+  const first = ExtensionTestUtils.loadExtension({manifest: {permissions, content_scripts}, files});
+  const second = ExtensionTestUtils.loadExtension({manifest: {content_scripts}, files});
+
+  await first.startup();
+  await second.startup();
+
+  const win = window.open("https://example.org/tests/toolkit/components/extensions/test/mochitest/file_to_drawWindow.html");
+
+  const {png, colour} = await first.awaitMessage("success");
+  ok(png.startsWith("data:image/png;base64,"), "toDataURL() call was successful.");
+  is(colour, "0,0,0,0", "getImageData() returned the correct colour (transparent).");
+
+  const error = await second.awaitMessage("error");
+  is(error, "The operation is insecure.", "toDataURL() throws without permission.");
+
+  win.close();
+  await first.unload();
+  await second.unload();
+});
+
 </script>