Bug 1398692: Allow toplevel navigation to a data:application/pdf. r=bz
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Thu, 14 Sep 2017 07:34:41 +0200
changeset 430426 0b67372c4de0f5087149897d4829bc5d5c86fc26
parent 430425 cf78e291a937bc6a4264219bfd0d88f96b188cc4
child 430427 54e49813d0c511e326826c1add34f53f8f72061d
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1398692
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1398692: Allow toplevel navigation to a data:application/pdf. r=bz
dom/security/nsContentSecurityManager.cpp
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -49,16 +49,20 @@ nsContentSecurityManager::AllowTopLevelN
   }
   // Whitelist data: images as long as they are not SVGs
   nsAutoCString filePath;
   aURI->GetFilePath(filePath);
   if (StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/")) &&
       !StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/svg+xml"))) {
     return true;
   }
+  // Whitelist data: PDFs
+  if (StringBeginsWith(filePath, NS_LITERAL_CSTRING("application/pdf"))) {
+    return true;
+  }
   if (!aLoadFromExternal &&
       nsContentUtils::IsSystemPrincipal(aTriggeringPrincipal)) {
     return true;
   }
   nsAutoCString dataSpec;
   aURI->GetSpec(dataSpec);
   if (dataSpec.Length() > 50) {
     dataSpec.Truncate(50);