From aff9e5c230842c3841b13c8b265a1bdab2978446 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 19 Aug 2019 13:30:29 +0200
Subject: [PATCH 1/2] HTML: COEP and ImageBitmap

---
 .../imagebitmap/no-coop-coep.https.window.js  | 39 +++++++++++++++++++
 .../resources/coop-coep-popup.html            | 11 ++++++
 .../resources/coop-coep-popup.html.headers    |  2 +
 .../imagebitmap/resources/coop-coep-worker.js |  9 +++++
 .../resources/coop-coep-worker.js.headers     |  1 +
 5 files changed, 62 insertions(+)
 create mode 100644 2dcontext/imagebitmap/no-coop-coep.https.window.js
 create mode 100644 2dcontext/imagebitmap/resources/coop-coep-popup.html
 create mode 100644 2dcontext/imagebitmap/resources/coop-coep-popup.html.headers
 create mode 100644 2dcontext/imagebitmap/resources/coop-coep-worker.js
 create mode 100644 2dcontext/imagebitmap/resources/coop-coep-worker.js.headers

diff --git a/2dcontext/imagebitmap/no-coop-coep.https.window.js b/2dcontext/imagebitmap/no-coop-coep.https.window.js
new file mode 100644
index 00000000000000..2bbb85b613f529
--- /dev/null
+++ b/2dcontext/imagebitmap/no-coop-coep.https.window.js
@@ -0,0 +1,39 @@
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+
+function taintedImageBitmap(t) {
+  return new Promise(resolve => {
+    const img = new Image();
+    img.src = `${get_host_info().HTTPS_REMOTE_ORIGIN}/images/blue.png`;
+    img.onload = t.step_func(() => {
+      resolve(createImageBitmap(img));
+    });
+    img.onerror = t.unreached_func();
+  });
+}
+
+async_test(t => {
+  const bc = new BroadcastChannel(token());
+  const popup = window.open(`resources/coop-coep-popup.html?channel=${bc.name}`);
+  const popupReady = new Promise(resolve => {
+    bc.onmessage = t.step_func(resolve);
+  });
+  const imageReady = taintedImageBitmap(t);
+  Promise.all([popupReady, imageReady]).then(t.step_func(([, bitmap]) => {
+    bc.onmessage = t.step_func_done(e => {
+      assert_equals(e.data, "Got failure as expected.");
+    });
+    bc.postMessage(bitmap);
+  }));
+}, "BroadcastChannel'ing a tainted ImageBitmap to a COOP+COEP popup");
+
+async_test(t => {
+  const sw = new SharedWorker("resources/coop-coep-worker.js");
+  const imageReady = taintedImageBitmap(t);
+  imageReady.then(t.step_func(bitmap => {
+    sw.port.onmessage = t.step_func_done(e => {
+      assert_equals(e.data, "Got failure as expected.");
+    });
+    sw.port.postMessage(bitmap);
+  }));
+}, "Messaging a tainted ImageBitMap to a COEP shared worker");
diff --git a/2dcontext/imagebitmap/resources/coop-coep-popup.html b/2dcontext/imagebitmap/resources/coop-coep-popup.html
new file mode 100644
index 00000000000000..f0228503ffa8aa
--- /dev/null
+++ b/2dcontext/imagebitmap/resources/coop-coep-popup.html
@@ -0,0 +1,11 @@
+<script>
+const channel = new URLSearchParams(location.search).get("channel");
+const bc = new BroadcastChannel(channel);
+bc.onmessageerror = e => {
+  bc.postMessage("Got failure as expected.");
+}
+bc.onmessage = e => {
+  bc.postMessage("Got message, expected failure.");
+}
+bc.postMessage("Initialize");
+</script>
diff --git a/2dcontext/imagebitmap/resources/coop-coep-popup.html.headers b/2dcontext/imagebitmap/resources/coop-coep-popup.html.headers
new file mode 100644
index 00000000000000..63b60e490f47f4
--- /dev/null
+++ b/2dcontext/imagebitmap/resources/coop-coep-popup.html.headers
@@ -0,0 +1,2 @@
+Cross-Origin-Opener-Policy: same-origin
+Cross-Origin-Embedder-Policy: require-corp
diff --git a/2dcontext/imagebitmap/resources/coop-coep-worker.js b/2dcontext/imagebitmap/resources/coop-coep-worker.js
new file mode 100644
index 00000000000000..a6e9cc58935c41
--- /dev/null
+++ b/2dcontext/imagebitmap/resources/coop-coep-worker.js
@@ -0,0 +1,9 @@
+onconnect = e => {
+  const port = e.source;
+  port.onmessageerror = e => {
+    port.postMessage("Got failure as expected.");
+  }
+  port.onmessage = e => {
+    port.postMessage("Got message, expected failure.");
+  }
+}
diff --git a/2dcontext/imagebitmap/resources/coop-coep-worker.js.headers b/2dcontext/imagebitmap/resources/coop-coep-worker.js.headers
new file mode 100644
index 00000000000000..6604450991a122
--- /dev/null
+++ b/2dcontext/imagebitmap/resources/coop-coep-worker.js.headers
@@ -0,0 +1 @@
+Cross-Origin-Embedder-Policy: require-corp

From b7888c456c9bcdc00c2bb78b8814475542ea9415 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 19 Aug 2019 16:05:27 +0200
Subject: [PATCH 2/2] test transfer as well

---
 .../imagebitmap/no-coop-coep.https.window.js  | 31 +++++++++++++------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/2dcontext/imagebitmap/no-coop-coep.https.window.js b/2dcontext/imagebitmap/no-coop-coep.https.window.js
index 2bbb85b613f529..5295f1e10cfdd5 100644
--- a/2dcontext/imagebitmap/no-coop-coep.https.window.js
+++ b/2dcontext/imagebitmap/no-coop-coep.https.window.js
@@ -27,13 +27,24 @@ async_test(t => {
   }));
 }, "BroadcastChannel'ing a tainted ImageBitmap to a COOP+COEP popup");
 
-async_test(t => {
-  const sw = new SharedWorker("resources/coop-coep-worker.js");
-  const imageReady = taintedImageBitmap(t);
-  imageReady.then(t.step_func(bitmap => {
-    sw.port.onmessage = t.step_func_done(e => {
-      assert_equals(e.data, "Got failure as expected.");
-    });
-    sw.port.postMessage(bitmap);
-  }));
-}, "Messaging a tainted ImageBitMap to a COEP shared worker");
+[
+  {
+    "type": "serialize/deserialize",
+    "message": (port, bitmap) => port.postMessage(bitmap)
+  },
+  {
+    "type": "transfer",
+    "message": (port, bitmap) => port.postMessage(bitmap, [bitmap])
+  }
+].forEach(({ type, message }) => {
+  async_test(t => {
+    const sw = new SharedWorker("resources/coop-coep-worker.js");
+    const imageReady = taintedImageBitmap(t);
+    imageReady.then(t.step_func(bitmap => {
+      sw.port.onmessage = t.step_func_done(e => {
+        assert_equals(e.data, "Got failure as expected.");
+      });
+      message(sw.port, bitmap);
+    }));
+  }, `Messaging a tainted ImageBitMap via ${type} to a COEP shared worker`);
+});