Browser Canvas CORS Support for Cross Domain Loaded Image Manipulation

by

Test Results: Bad News, it appears to only work in Chrome.
All other browsers (including Android Mobile) give an error like this:

Failed: DOM Exception: SECURITY_ERR (18)

Mobile Devices I tested Android (samsung galaxy kernel version 2.6.32.9), Iphone and IPAD V1 and it failed in all three.

You can test your own mobile device with this URL:
http://maplarge.com/CrossOriginImageTest.html

The Test Script:

  <!DOCTYPE html>
<html>
<head>
<title>Canvas Cross Origin Image Test: Testing for Canvas Cross Domain Image CORS Support</title>
<script type="text/javascript">
    function initialize() {

        //will fail here if no canvas support
        try {
            var can = document.getElementById('mycanvas');
            var ctx = can.getContext('2d');
            var img = new Image();
            img.crossOrigin = '';
            //domain needs to be different from html page domain to test cross origin security
            img.src="http://lobbydata.com/Content/images/bg_price2.gif";
        } catch (ex) {
            document.getElementById("results").innerHTML = "<span style="color:Red;">Failed: " + ex.Message + "</span>";
        }

        //will fail here if security error
        img.onload = function () {
            try {
                var start = new Date().getTime();
                can.width = img.width;
                can.height = img.height;
                ctx.drawImage(img, 0, 0, img.width, img.height);
                var url = can.toDataURL(); // if read succeeds, canvas isn't dirty.
                //get pixels
                var imgd = ctx.getImageData(0, 0, img.width, img.width);
                var pix = imgd.data;
                var len = pix.length;
                var argb = []; //pixels as int
                for (var i = 0; i < len; i += 4) {
                    argb.push((pix[i + 3] << 24) + (pix[i] << 16) + (pix[i + 1] << 8) + pix[i + 2]);
                }
                var end = new Date().getTime();
                var time = end - start;
                document.getElementById("results").innerHTML = "<span style="color:Green;">" +
                "Success: Your browser supports CORS for cross domain images in Canvas <br>"+
                "Read " + argb.length+ " pixels in "+ time+"ms</span>";
            } catch (ex) {
                document.getElementById("results").innerHTML = "<span style="color:Red;">Failed: " + ex + "</span>";
            }

        }

    }
</script>
</head>
<body onload="initialize()">
<h2>Canvas Cross Origin Image Test: Testing for Canvas Cross Domain Image CORS Support</h2>
<h2><a href="http://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html">What is CORS Image Security?</a></h2>
<h1 id="results" style="color:Orange;">Testing...</h1>
<canvas id="mycanvas"></canvas>
<br />
<a href="http://stackoverflow.com/Example/List">More Examples</a>
</body>
</html>

More Related Contents:

  1. What are the integrity and crossorigin attributes?
  2. How do I use Access-Control-Allow-Origin? Does it just go in between the html head tags?
  3. Why does canvas.toDataURL() throw a security exception?
  4. HTML5 Canvas Rotate Image
  5. How to allow http content within an iframe on a https site [duplicate]
  6. Draw on HTML5 Canvas using a mouse
  7. html5 – canvas element – Multiple layers
  8. How to Copy Contents of One Canvas to Another Canvas Locally
  9. Can local storage ever be considered secure? [closed]
  10. Cross-origin data in HTML5 canvas
  11. Is it possible to put binary image data into html markup and then get the image displayed as usual in any browser?
  12. Canvas drawings, like lines, are blurry
  13. How to prevent a browser from storing passwords
  14. Why are iframes considered dangerous and a security risk?
  15. HTML5 localStorage security
  16. get click event of each rectangle inside canvas?
  17. canvas default size
  18. How can I write text on a HTML5 canvas element?
  19. Gradient Stroke Along Curve in Canvas
  20. Drawing a dot on HTML5 canvas [duplicate]
  21. context.getImageData() operation is insecure
  22. All html canvas shapes are given the color of the last object added
  23. Create links in HTML canvas
  24. Content Security Policy: “img-src ‘self’ data:”
  25. “Erasing” in html5 canvas
  26. How put percentage width into html canvas (no css)
  27. Clear Canvas Rect (but keep background)
  28. Poor anti-aliasing of text drawn on Canvas
  29. HTML5 Canvas – Fill circle with image
  30. HTML canvas with scrollbar

Leave a Comment