1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
/* eslint-disable mozilla/no-arbitrary-setTimeout */
"use strict";
const kDataBody = "toplevel navigation to data: URI allowed";
const kDataURI = "data:text/html,<body>" + kDataBody + "</body>";
const kTestPath = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"http://example.com"
);
const kRedirectURI = kTestPath + "file_toplevel_data_navigations.sjs";
const kMetaRedirectURI = kTestPath + "file_toplevel_data_meta_redirect.html";
add_task(async function test_nav_data_uri() {
await SpecialPowers.pushPrefEnv({
set: [["security.data_uri.block_toplevel_data_uri_navigations", true]],
});
await BrowserTestUtils.withNewTab(kDataURI, async function (browser) {
await SpecialPowers.spawn(
gBrowser.selectedBrowser,
[{ kDataBody }],
async function ({ kDataBody }) {
// eslint-disable-line
is(
content.document.body.innerHTML,
kDataBody,
"data: URI navigation from system should be allowed"
);
}
);
});
});
add_task(async function test_nav_data_uri_redirect() {
await SpecialPowers.pushPrefEnv({
set: [["security.data_uri.block_toplevel_data_uri_navigations", true]],
});
let tab = BrowserTestUtils.addTab(gBrowser, kRedirectURI);
registerCleanupFunction(async function () {
BrowserTestUtils.removeTab(tab);
});
// wait to make sure data: URI did not load before checking that it got blocked
await new Promise(resolve => setTimeout(resolve, 500));
await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function () {
is(
content.document.body.innerHTML,
"",
"data: URI navigation after server redirect should be blocked"
);
});
});
add_task(async function test_nav_data_uri_meta_redirect() {
await SpecialPowers.pushPrefEnv({
set: [["security.data_uri.block_toplevel_data_uri_navigations", true]],
});
let tab = BrowserTestUtils.addTab(gBrowser, kMetaRedirectURI);
registerCleanupFunction(async function () {
BrowserTestUtils.removeTab(tab);
});
// wait to make sure data: URI did not load before checking that it got blocked
await new Promise(resolve => setTimeout(resolve, 500));
await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function () {
is(
content.document.body.innerHTML,
"",
"data: URI navigation after meta redirect should be blocked"
);
});
});
|
