Bug 1396798: Do not block toplevel data: navigation to image (except svgs). r=smaug
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Wed, 06 Sep 2017 16:27:05 +0200
changeset 428812 ff412c116b9baabf094ab4e97065d5d7dedf921f
parent 428811 735938b553b5ccd369522442ad25c8b1e17eeff4
child 428813 79bf8a92a0ea07b5a6a3c167a5586afc6dab30b4
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1396798
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1396798: Do not block toplevel data: navigation to image (except svgs). r=smaug
dom/security/nsContentSecurityManager.cpp
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -41,23 +41,27 @@ nsContentSecurityManager::AllowTopLevelN
   if (aContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT) {
     return true;
   }
   bool isDataURI =
     (NS_SUCCEEDED(aURI->SchemeIs("data", &isDataURI)) && isDataURI);
   if (!isDataURI) {
     return true;
   }
+  // Whitelist data: images as long as they are not SVGs
+  nsAutoCString filePath;
+  aURI->GetFilePath(filePath);
+  if (StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/")) &&
+      !StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/svg+xml"))) {
+    return true;
+  }
   if (!aLoadFromExternal &&
       nsContentUtils::IsSystemPrincipal(aTriggeringPrincipal)) {
     return true;
   }
-
-  nsAutoCString spec;
-  aURI->GetSpec(spec);
   NS_ConvertUTF8toUTF16 specUTF16(aURI->GetSpecOrDefault());
   if (specUTF16.Length() > 50) {
     specUTF16.Truncate(50);
     specUTF16.AppendLiteral("...");
   }
   const char16_t* params[] = { specUTF16.get() };
   nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
                                   NS_LITERAL_CSTRING("DATA_URI_BLOCKED"),