Bug 1318565 - Test extension permission to read from a tainted canvas
MozReview-Commit-ID: FkgSLDRyY3R
--- a/toolkit/components/extensions/test/mochitest/mochitest-common.ini
+++ b/toolkit/components/extensions/test/mochitest/mochitest-common.ini
@@ -51,20 +51,20 @@ support-files =
[test_ext_inIncognitoContext_window.html]
skip-if = os == 'android' # Android does not support multiple windows.
[test_ext_geturl.html]
[test_ext_background_canvas.html]
[test_ext_content_security_policy.html]
[test_ext_contentscript_api_injection.html]
[test_ext_contentscript_async_loading.html]
[test_ext_contentscript_cache.html]
+[test_ext_contentscript_canvas.html]
[test_ext_contentscript_context.html]
[test_ext_contentscript_create_iframe.html]
[test_ext_contentscript_devtools_metadata.html]
-[test_ext_contentscript_drawWindow.html]
[test_ext_contentscript_exporthelpers.html]
[test_ext_contentscript_incognito.html]
skip-if = os == 'android' # Android does not support multiple windows.
[test_ext_contentscript_css.html]
[test_ext_contentscript_about_blank.html]
[test_ext_contentscript_permission.html]
[test_ext_contentscript_teardown.html]
[test_ext_exclude_include_globs.html]
rename from toolkit/components/extensions/test/mochitest/test_ext_contentscript_drawWindow.html
rename to toolkit/components/extensions/test/mochitest/test_ext_contentscript_canvas.html
--- a/toolkit/components/extensions/test/mochitest/test_ext_contentscript_drawWindow.html
+++ b/toolkit/components/extensions/test/mochitest/test_ext_contentscript_canvas.html
@@ -48,9 +48,62 @@ add_task(function* test_drawWindow() {
const error = yield second.awaitMessage("error");
is(error, "ctx.drawWindow is not a function", "drawWindow() method not awailable without permission");
win.close();
yield first.unload();
yield second.unload();
});
+add_task(async function test_tainted_canvas() {
+ const permissions = [
+ "<all_urls>",
+ ];
+
+ const content_scripts = [{
+ matches: ["https://example.org/*"],
+ js: ["content_script.js"],
+ }];
+
+ const files = {
+ "content_script.js": () => {
+ const canvas = document.createElement("canvas");
+ const ctx = canvas.getContext("2d");
+ const img = new Image();
+
+ img.onload = function() {
+ ctx.drawImage(img, 0, 0);
+ try {
+ const png = canvas.toDataURL();
+ const {data} = ctx.getImageData(0, 0, 10, 10);
+ browser.test.sendMessage("success", {png, colour: data.slice(0, 4).join()});
+ } catch (e) {
+ browser.test.log(`Exception: ${e.message}`);
+ browser.test.sendMessage("error", e.message);
+ }
+ };
+
+ // Cross-origin image from example.com.
+ img.src = "https://example.com/tests/toolkit/components/extensions/test/mochitest/file_image_good.png";
+ },
+ };
+
+ const first = ExtensionTestUtils.loadExtension({manifest: {permissions, content_scripts}, files});
+ const second = ExtensionTestUtils.loadExtension({manifest: {content_scripts}, files});
+
+ await first.startup();
+ await second.startup();
+
+ const win = window.open("https://example.org/tests/toolkit/components/extensions/test/mochitest/file_to_drawWindow.html");
+
+ const {png, colour} = await first.awaitMessage("success");
+ ok(png.startsWith("data:image/png;base64,"), "toDataURL() call was successful.");
+ is(colour, "0,0,0,0", "getImageData() returned the correct colour (transparent).");
+
+ const error = await second.awaitMessage("error");
+ is(error, "The operation is insecure.", "toDataURL() throws without permission.");
+
+ win.close();
+ await first.unload();
+ await second.unload();
+});
+
</script>