Bug 1398692: Allow toplevel navigation to a data:application/pdf. r=bz
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Thu, 14 Sep 2017 07:34:41 +0200
changeset 432901 0b67372c4de0f5087149897d4829bc5d5c86fc26
parent 432900 cf78e291a937bc6a4264219bfd0d88f96b188cc4
child 432902 54e49813d0c511e326826c1add34f53f8f72061d
push id1567
push userjlorenzo@mozilla.com
push dateThu, 02 Nov 2017 12:36:05 +0000
treeherdermozilla-release@e512c14a0406 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1398692
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1398692: Allow toplevel navigation to a data:application/pdf. r=bz
dom/security/nsContentSecurityManager.cpp
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -49,16 +49,20 @@ nsContentSecurityManager::AllowTopLevelN
   }
   // Whitelist data: images as long as they are not SVGs
   nsAutoCString filePath;
   aURI->GetFilePath(filePath);
   if (StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/")) &&
       !StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/svg+xml"))) {
     return true;
   }
+  // Whitelist data: PDFs
+  if (StringBeginsWith(filePath, NS_LITERAL_CSTRING("application/pdf"))) {
+    return true;
+  }
   if (!aLoadFromExternal &&
       nsContentUtils::IsSystemPrincipal(aTriggeringPrincipal)) {
     return true;
   }
   nsAutoCString dataSpec;
   aURI->GetSpec(dataSpec);
   if (dataSpec.Length() > 50) {
     dataSpec.Truncate(50);