Bug 1398691 - Unescape data: URI for console message when blocking toplevel data: URI navigations. r=smaug
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Tue, 12 Sep 2017 07:06:38 +0200
changeset 429766 ba39904a38ebdde78a04b792172254c3ddb1dd1b
parent 429765 b21ad1316ba60537d00e99fa89951580802c963b
child 429767 ff02238411b7f263bb085011f586ee111b4e47a9
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1398691
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1398691 - Unescape data: URI for console message when blocking toplevel data: URI navigations. r=smaug
dom/security/nsContentSecurityManager.cpp
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -1,9 +1,10 @@
 #include "nsContentSecurityManager.h"
+#include "nsEscape.h"
 #include "nsIChannel.h"
 #include "nsIHttpChannelInternal.h"
 #include "nsIStreamListener.h"
 #include "nsILoadInfo.h"
 #include "nsIOService.h"
 #include "nsContentUtils.h"
 #include "nsCORSListenerProxy.h"
 #include "nsIStreamListener.h"
@@ -52,21 +53,23 @@ nsContentSecurityManager::AllowTopLevelN
   if (StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/")) &&
       !StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/svg+xml"))) {
     return true;
   }
   if (!aLoadFromExternal &&
       nsContentUtils::IsSystemPrincipal(aTriggeringPrincipal)) {
     return true;
   }
-  NS_ConvertUTF8toUTF16 specUTF16(aURI->GetSpecOrDefault());
-  if (specUTF16.Length() > 50) {
-    specUTF16.Truncate(50);
-    specUTF16.AppendLiteral("...");
+  nsAutoCString dataSpec;
+  aURI->GetSpec(dataSpec);
+  if (dataSpec.Length() > 50) {
+    dataSpec.Truncate(50);
+    dataSpec.AppendLiteral("...");
   }
+  NS_ConvertUTF8toUTF16 specUTF16(NS_UnescapeURL(dataSpec));
   const char16_t* params[] = { specUTF16.get() };
   nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
                                   NS_LITERAL_CSTRING("DATA_URI_BLOCKED"),
                                   // no doc available, log to browser console
                                   nullptr,
                                   nsContentUtils::eSECURITY_PROPERTIES,
                                   "BlockTopLevelDataURINavigation",
                                   params, ArrayLength(params));