Bug 1380959: Block oplevel data: URI navigations in Nightly and early Beta. r=bz
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Mon, 18 Sep 2017 17:21:40 +0200
changeset 666432 2c1e11c618240f3a110efaf8c41dc05b1ffc9384
parent 666431 01992997c2bb93f53606b30c34aeb3383d488b7a
child 666433 5eed51cc22286f8c9a738604e5cc7e7a6539229b
push id80410
push userbmo:ttromey@mozilla.com
push dateMon, 18 Sep 2017 19:18:46 +0000
reviewersbz
bugs1380959
milestone57.0a1
Bug 1380959: Block oplevel data: URI navigations in Nightly and early Beta. r=bz
modules/libpref/init/all.js
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5812,21 +5812,24 @@ pref("security.mixed_content.hsts_primin
 
 // TODO: Bug 1324406: Treat 'data:' documents as unique, opaque origins
 // If true, data: URIs will be treated as unique opaque origins, hence will use
 // a NullPrincipal as the security context.
 // Otherwise it will inherit the origin from parent node, this is the legacy
 // behavior of Firefox.
 pref("security.data_uri.unique_opaque_origin", true);
 
-// TODO: Bug 1380959: Block toplevel data: URI navigations
+#ifdef EARLY_BETA_OR_EARLIER
 // If true, all toplevel data: URI navigations will be blocked.
 // Please note that manually entering a data: URI in the
 // URL-Bar will not be blocked when flipping this pref.
+pref("security.data_uri.block_toplevel_data_uri_navigations", true);
+#else
 pref("security.data_uri.block_toplevel_data_uri_navigations", false);
+#endif
 
 // Enable Storage API for all platforms except Android.
 #if !defined(MOZ_WIDGET_ANDROID)
 pref("dom.storageManager.enabled", true);
 #else
 pref("dom.storageManager.enabled", false);
 #endif
 pref("dom.storageManager.prompt.testing", false);