security.pattern.image.fillStyle
Setting fillStyle to a pattern of a different-origin image makes the canvas origin-unclean
Spec references: security.fillStyle.image
Actual output:
Failed assertion: should throw exception: canvas.toDataURL()
Failed assertion: should throw exception: ctx.getImageData(0, 0, 1, 1)