Bug 1381755: Test that data: URIs can't activate plugins. r=bsmedberg
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Mon, 24 Jul 2017 20:34:44 +0200
changeset 419467 e86441746f45f15a2963ad7112cc50a6709371d4
parent 419466 44bd18fcb2e8481a40f7b8fd8d1915ae5755a744
child 419468 57601415b9a243a59dcc6b07d686d80448d2dafb
push id7566
push usermtabara@mozilla.com
push dateWed, 02 Aug 2017 08:25:16 +0000
treeherdermozilla-beta@86913f512c3c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbsmedberg
bugs1381755
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1381755: Test that data: URIs can't activate plugins. r=bsmedberg
dom/plugins/test/mochitest/browser.ini
dom/plugins/test/mochitest/browser_data_url_plugin.js
dom/plugins/test/mochitest/plugin_data_url_test.html
--- a/dom/plugins/test/mochitest/browser.ini
+++ b/dom/plugins/test/mochitest/browser.ini
@@ -1,16 +1,18 @@
 [DEFAULT]
 support-files =
   head.js
+  plugin_data_url_test.html
   plugin_test.html
   plugin_subframe_test.html
   plugin_no_scroll_div.html
 
 [browser_bug1163570.js]
 skip-if = true # Bug 1249878
 [browser_bug1196539.js]
 skip-if = (!e10s || os != "win")
 [browser_tabswitchbetweenplugins.js]
 skip-if = (!e10s || os != "win")
 [browser_pluginscroll.js]
 skip-if = (true || !e10s || os != "win") # Bug 1213631
 [browser_bug1335475.js]
+[browser_data_url_plugin.js]
new file mode 100644
--- /dev/null
+++ b/dom/plugins/test/mochitest/browser_data_url_plugin.js
@@ -0,0 +1,20 @@
+var rootDir = getRootDirectory(gTestPath);
+const gTestRoot = rootDir.replace("chrome://mochitests/content/", "http://127.0.0.1:8888/");
+
+add_task(async function() {
+  await SpecialPowers.pushPrefEnv({
+    "set": [["security.data_uri.unique_opaque_origin", true]],
+  });
+  is(navigator.plugins.length, 0,
+     "plugins should not be available to chrome-privilege pages");
+
+  await BrowserTestUtils.withNewTab({ gBrowser, url: gTestRoot + "plugin_data_url_test.html" }, async function(browser) {
+    await ContentTask.spawn(browser, null, async function() {
+      ok(content.window.navigator.plugins.length > 0,
+         "plugins should be available to HTTP-loaded pages");
+      let dataFrameWin = content.document.getElementById("dataFrame").contentWindow;
+      is(dataFrameWin.navigator.plugins.length, 0,
+         "plugins should not be available to data: URI in iframe on a site");
+    });
+  });
+});
new file mode 100644
--- /dev/null
+++ b/dom/plugins/test/mochitest/plugin_data_url_test.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+</head>
+<body>
+  <embed id="testplugin" type="application/x-test" drawmode="solid" color="ff00ff00" wmode="window"
+         style="position:absolute; top:50px; left:50px; width:500px; height:250px">
+<div style="display:block; height:3000px;"></div>
+
+<iframe id="dataFrame" src="data:text/html,foo" width="300" height="300"></iframe>
+
+</body>
+</html>