diff options
Diffstat (limited to 'dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js')
-rw-r--r-- | dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js b/dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js new file mode 100644 index 0000000000..a765f5bcff --- /dev/null +++ b/dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js @@ -0,0 +1,48 @@ +"use strict"; + +const TEST_PATH = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "https://example.com" +); + +add_task(async function () { + await SpecialPowers.pushPrefEnv({ + set: [["pdfjs.eventBusDispatchToDOM", true]], + }); + await BrowserTestUtils.withNewTab( + TEST_PATH + "file_pdfjs_not_subject_to_csp.html", + async function (browser) { + let pdfPromise = BrowserTestUtils.waitForContentEvent( + browser, + "documentloaded", + false, + null, + true + ); + + await ContentTask.spawn(browser, {}, async function () { + let pdfButton = content.document.getElementById("pdfButton"); + pdfButton.click(); + }); + + await pdfPromise; + + await ContentTask.spawn(browser, {}, async function () { + let pdfFrame = content.document.getElementById("pdfFrame"); + // 1) Sanity that we have loaded the PDF using a blob + ok(pdfFrame.src.startsWith("blob:"), "it's a blob URL"); + + // 2) Ensure that the PDF has actually loaded + ok( + pdfFrame.contentDocument.querySelector("div#viewer"), + "document content has viewer UI" + ); + + // 3) Ensure we have the correct CSP attached + let cspJSON = pdfFrame.contentDocument.cspJSON; + ok(cspJSON.includes("script-src"), "found script-src directive"); + ok(cspJSON.includes("allowPDF"), "found script-src nonce value"); + }); + } + ); +}); |