1 files changed, 134 insertions, 0 deletions

diff --git a/image/test/browser/browser_docshell_type_editor.js b/image/test/browser/browser_docshell_type_editor.js
new file mode 100644
index 0000000000..baa89c0f07
--- /dev/null
+++ b/image/test/browser/browser_docshell_type_editor.js
@@ -0,0 +1,134 @@
+"use strict";
+
+const SIMPLE_HTML = "data:text/html,<html><head></head><body></body></html>";
+
+/**
+ * Returns the directory where the chrome.manifest file for the test can be found.
+ *
+ * @return nsIFile of the manifest directory
+ */
+function getManifestDir() {
+  let path = getTestFilePath("browser_docshell_type_editor");
+  let file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
+  file.initWithPath(path);
+  return file;
+}
+
+// The following URI is *not* accessible to content, hence loading that URI
+// from an unprivileged site should be blocked. If docshell is of appType
+// APP_TYPE_EDITOR however the load should be allowed.
+// >> chrome://test1/skin/privileged.png
+
+add_task(async function () {
+  info("docshell of appType APP_TYPE_EDITOR can access privileged images.");
+
+  // Load a temporary manifest adding a route to a privileged image
+  let manifestDir = getManifestDir();
+  Components.manager.addBootstrappedManifestLocation(manifestDir);
+
+  await BrowserTestUtils.withNewTab(
+    {
+      gBrowser,
+      url: SIMPLE_HTML,
+    },
+    async function (browser) {
+      await SpecialPowers.spawn(browser, [], async function () {
+        let rootDocShell = docShell.sameTypeRootTreeItem.QueryInterface(
+          Ci.nsIDocShell
+        );
+        let defaultAppType = rootDocShell.appType;
+
+        rootDocShell.appType = Ci.nsIDocShell.APP_TYPE_EDITOR;
+
+        is(
+          rootDocShell.appType,
+          Ci.nsIDocShell.APP_TYPE_EDITOR,
+          "sanity check: appType after update should be type editor"
+        );
+
+        return new Promise(resolve => {
+          let doc = content.document;
+          let image = doc.createElement("img");
+          image.onload = function () {
+            ok(true, "APP_TYPE_EDITOR is allowed to load privileged image");
+            // restore appType of rootDocShell before moving on to the next test
+            rootDocShell.appType = defaultAppType;
+            resolve();
+          };
+          image.onerror = function () {
+            ok(false, "APP_TYPE_EDITOR is allowed to load privileged image");
+            // restore appType of rootDocShell before moving on to the next test
+            rootDocShell.appType = defaultAppType;
+            resolve();
+          };
+          doc.body.appendChild(image);
+          image.src = "chrome://test1/skin/privileged.png";
+        });
+      });
+    }
+  );
+
+  Components.manager.removeBootstrappedManifestLocation(manifestDir);
+});
+
+add_task(async function () {
+  info(
+    "docshell of appType APP_TYPE_UNKNOWN can *not* access privileged images."
+  );
+
+  // Load a temporary manifest adding a route to a privileged image
+  let manifestDir = getManifestDir();
+  Components.manager.addBootstrappedManifestLocation(manifestDir);
+
+  await BrowserTestUtils.withNewTab(
+    {
+      gBrowser,
+      url: SIMPLE_HTML,
+    },
+    async function (browser) {
+      await SpecialPowers.spawn(browser, [], async function () {
+        let rootDocShell = docShell.sameTypeRootTreeItem.QueryInterface(
+          Ci.nsIDocShell
+        );
+        let defaultAppType = rootDocShell.appType;
+
+        rootDocShell.appType = Ci.nsIDocShell.APP_TYPE_UNKNOWN;
+
+        is(
+          rootDocShell.appType,
+          Ci.nsIDocShell.APP_TYPE_UNKNOWN,
+          "sanity check: appType of docshell should be unknown"
+        );
+
+        return new Promise(resolve => {
+          let doc = content.document;
+          let image = doc.createElement("img");
+          image.onload = function () {
+            ok(
+              false,
+              "APP_TYPE_UNKNOWN is *not* allowed to access privileged image"
+            );
+            // restore appType of rootDocShell before moving on to the next test
+            rootDocShell.appType = defaultAppType;
+            resolve();
+          };
+          image.onerror = function () {
+            ok(
+              true,
+              "APP_TYPE_UNKNOWN is *not* allowed to access privileged image"
+            );
+            // restore appType of rootDocShell before moving on to the next test
+            rootDocShell.appType = defaultAppType;
+            resolve();
+          };
+          doc.body.appendChild(image);
+          // Set the src via wrappedJSObject so the load is triggered with
+          // the content page's principal rather than ours.
+          image.wrappedJSObject.src = "chrome://test1/skin/privileged.png";
+        });
+      });
+    }
+  );
+
+  Components.manager.removeBootstrappedManifestLocation(manifestDir);
+});