diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js | |
parent | Initial commit. (diff) | |
download | thunderbird-upstream.tar.xz thunderbird-upstream.zip |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js b/dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js new file mode 100644 index 0000000000..a765f5bcff --- /dev/null +++ b/dom/security/test/csp/browser_pdfjs_not_subject_to_csp.js @@ -0,0 +1,48 @@ +"use strict"; + +const TEST_PATH = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "https://example.com" +); + +add_task(async function () { + await SpecialPowers.pushPrefEnv({ + set: [["pdfjs.eventBusDispatchToDOM", true]], + }); + await BrowserTestUtils.withNewTab( + TEST_PATH + "file_pdfjs_not_subject_to_csp.html", + async function (browser) { + let pdfPromise = BrowserTestUtils.waitForContentEvent( + browser, + "documentloaded", + false, + null, + true + ); + + await ContentTask.spawn(browser, {}, async function () { + let pdfButton = content.document.getElementById("pdfButton"); + pdfButton.click(); + }); + + await pdfPromise; + + await ContentTask.spawn(browser, {}, async function () { + let pdfFrame = content.document.getElementById("pdfFrame"); + // 1) Sanity that we have loaded the PDF using a blob + ok(pdfFrame.src.startsWith("blob:"), "it's a blob URL"); + + // 2) Ensure that the PDF has actually loaded + ok( + pdfFrame.contentDocument.querySelector("div#viewer"), + "document content has viewer UI" + ); + + // 3) Ensure we have the correct CSP attached + let cspJSON = pdfFrame.contentDocument.cspJSON; + ok(cspJSON.includes("script-src"), "found script-src directive"); + ok(cspJSON.includes("allowPDF"), "found script-src nonce value"); + }); + } + ); +}); |