Bug 1381755: Test that data: URIs can't activate plugins. r=bsmedberg
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Mon, 24 Jul 2017 20:34:44 +0200
changeset 421869 e86441746f45f15a2963ad7112cc50a6709371d4
parent 421868 44bd18fcb2e8481a40f7b8fd8d1915ae5755a744
child 421870 57601415b9a243a59dcc6b07d686d80448d2dafb
push id1517
push userjlorenzo@mozilla.com
push dateThu, 14 Sep 2017 16:50:54 +0000
treeherdermozilla-release@3b41fd564418 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbsmedberg
bugs1381755
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1381755: Test that data: URIs can't activate plugins. r=bsmedberg
dom/plugins/test/mochitest/browser.ini
dom/plugins/test/mochitest/browser_data_url_plugin.js
dom/plugins/test/mochitest/plugin_data_url_test.html
--- a/dom/plugins/test/mochitest/browser.ini
+++ b/dom/plugins/test/mochitest/browser.ini
@@ -1,16 +1,18 @@
 [DEFAULT]
 support-files =
   head.js
+  plugin_data_url_test.html
   plugin_test.html
   plugin_subframe_test.html
   plugin_no_scroll_div.html
 
 [browser_bug1163570.js]
 skip-if = true # Bug 1249878
 [browser_bug1196539.js]
 skip-if = (!e10s || os != "win")
 [browser_tabswitchbetweenplugins.js]
 skip-if = (!e10s || os != "win")
 [browser_pluginscroll.js]
 skip-if = (true || !e10s || os != "win") # Bug 1213631
 [browser_bug1335475.js]
+[browser_data_url_plugin.js]
new file mode 100644
--- /dev/null
+++ b/dom/plugins/test/mochitest/browser_data_url_plugin.js
@@ -0,0 +1,20 @@
+var rootDir = getRootDirectory(gTestPath);
+const gTestRoot = rootDir.replace("chrome://mochitests/content/", "http://127.0.0.1:8888/");
+
+add_task(async function() {
+  await SpecialPowers.pushPrefEnv({
+    "set": [["security.data_uri.unique_opaque_origin", true]],
+  });
+  is(navigator.plugins.length, 0,
+     "plugins should not be available to chrome-privilege pages");
+
+  await BrowserTestUtils.withNewTab({ gBrowser, url: gTestRoot + "plugin_data_url_test.html" }, async function(browser) {
+    await ContentTask.spawn(browser, null, async function() {
+      ok(content.window.navigator.plugins.length > 0,
+         "plugins should be available to HTTP-loaded pages");
+      let dataFrameWin = content.document.getElementById("dataFrame").contentWindow;
+      is(dataFrameWin.navigator.plugins.length, 0,
+         "plugins should not be available to data: URI in iframe on a site");
+    });
+  });
+});
new file mode 100644
--- /dev/null
+++ b/dom/plugins/test/mochitest/plugin_data_url_test.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+</head>
+<body>
+  <embed id="testplugin" type="application/x-test" drawmode="solid" color="ff00ff00" wmode="window"
+         style="position:absolute; top:50px; left:50px; width:500px; height:250px">
+<div style="display:block; height:3000px;"></div>
+
+<iframe id="dataFrame" src="data:text/html,foo" width="300" height="300"></iframe>
+
+</body>
+</html>