Bug 1401895 - Block top-level navigations to data: URIs. r=bz
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Mon, 13 Nov 2017 21:22:59 +0100
changeset 391533 479f3105ad3bdc7e777ff9cf11bcae713b465c96
parent 391532 4017a9d65a94457f05df28569d9ac69439dcd566
child 391534 57e412af505d1bf9538a69b4140ef769bf6bbdc0
push id97295
push usermozilla@christophkerschbaumer.com
push dateMon, 13 Nov 2017 20:29:16 +0000
treeherdermozilla-inbound@479f3105ad3b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1401895
milestone59.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1401895 - Block top-level navigations to data: URIs. r=bz
modules/libpref/init/all.js
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5808,24 +5808,20 @@ pref("security.mixed_content.hsts_primin
 
 // TODO: Bug 1324406: Treat 'data:' documents as unique, opaque origins
 // If true, data: URIs will be treated as unique opaque origins, hence will use
 // a NullPrincipal as the security context.
 // Otherwise it will inherit the origin from parent node, this is the legacy
 // behavior of Firefox.
 pref("security.data_uri.unique_opaque_origin", true);
 
-#ifdef EARLY_BETA_OR_EARLIER
 // If true, all toplevel data: URI navigations will be blocked.
 // Please note that manually entering a data: URI in the
 // URL-Bar will not be blocked when flipping this pref.
 pref("security.data_uri.block_toplevel_data_uri_navigations", true);
-#else
-pref("security.data_uri.block_toplevel_data_uri_navigations", false);
-#endif
 
 // Enable Storage API for all platforms except Android.
 #if !defined(MOZ_WIDGET_ANDROID)
 pref("dom.storageManager.enabled", true);
 #else
 pref("dom.storageManager.enabled", false);
 #endif
 pref("dom.storageManager.prompt.testing", false);