1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
"use strict";
const TEST_PATH = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://example.com"
);
add_task(async function () {
await BrowserTestUtils.withNewTab(
TEST_PATH + "file_pdfjs_not_subject_to_csp.html",
async function (browser) {
let pdfPromise = BrowserTestUtils.waitForContentEvent(
browser,
"documentloaded",
false,
null,
true
);
await ContentTask.spawn(browser, {}, async function () {
let pdfButton = content.document.getElementById("pdfButton");
pdfButton.click();
});
await pdfPromise;
await ContentTask.spawn(browser, {}, async function () {
let pdfFrame = content.document.getElementById("pdfFrame");
// 1) Sanity that we have loaded the PDF using a blob
ok(pdfFrame.src.startsWith("blob:"), "it's a blob URL");
// 2) Ensure that the PDF has actually loaded
ok(
pdfFrame.contentDocument.querySelector("div#viewer"),
"document content has viewer UI"
);
// 3) Ensure we have the correct CSP attached
let cspJSON = pdfFrame.contentDocument.cspJSON;
ok(cspJSON.includes("script-src"), "found script-src directive");
ok(cspJSON.includes("allowPDF"), "found script-src nonce value");
});
}
);
});
|
