summaryrefslogtreecommitdiffstats
path: root/dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js')
-rw-r--r--dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js45
1 files changed, 45 insertions, 0 deletions
diff --git a/dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js b/dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js
new file mode 100644
index 0000000000..2391e955ba
--- /dev/null
+++ b/dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js
@@ -0,0 +1,45 @@
+"use strict";
+
+const TEST_PATH = getRootDirectory(gTestPath).replace(
+ "chrome://mochitests/content",
+ "https://example.com"
+);
+
+add_task(async function () {
+ await BrowserTestUtils.withNewTab(
+ TEST_PATH + "file_pdfjs_not_subject_to_csp.html",
+ async function (browser) {
+ let pdfPromise = BrowserTestUtils.waitForContentEvent(
+ browser,
+ "documentloaded",
+ false,
+ null,
+ true
+ );
+
+ await ContentTask.spawn(browser, {}, async function () {
+ let pdfButton = content.document.getElementById("pdfButton");
+ pdfButton.click();
+ });
+
+ await pdfPromise;
+
+ await ContentTask.spawn(browser, {}, async function () {
+ let pdfFrame = content.document.getElementById("pdfFrame");
+ // 1) Sanity that we have loaded the PDF using a blob
+ ok(pdfFrame.src.startsWith("blob:"), "it's a blob URL");
+
+ // 2) Ensure that the PDF has actually loaded
+ ok(
+ pdfFrame.contentDocument.querySelector("div#viewer"),
+ "document content has viewer UI"
+ );
+
+ // 3) Ensure we have the correct CSP attached
+ let cspJSON = pdfFrame.contentDocument.cspJSON;
+ ok(cspJSON.includes("script-src"), "found script-src directive");
+ ok(cspJSON.includes("allowPDF"), "found script-src nonce value");
+ });
+ }
+ );
+});