Merge pull request #231 from janekptacijarabaci/security_blocking_data_1

moebius#223, #224, #226, #230: DOM - consider blocking top level window data: URIs

3 files changed, 6 insertions, 2 deletions

diff --git a/modules/libjar/nsJARURI.cpp b/modules/libjar/nsJARURI.cpp
index e46e51467..d1e4b5a59 100644
--- a/modules/libjar/nsJARURI.cpp
+++ b/modules/libjar/nsJARURI.cpp
@@ -41,7 +41,6 @@ NS_IMPL_RELEASE(nsJARURI)
 NS_INTERFACE_MAP_BEGIN(nsJARURI)
   NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIJARURI)
   NS_INTERFACE_MAP_ENTRY(nsIURI)
-  NS_INTERFACE_MAP_ENTRY(nsIURIWithQuery)
   NS_INTERFACE_MAP_ENTRY(nsIURL)
   NS_INTERFACE_MAP_ENTRY(nsIJARURI)
   NS_INTERFACE_MAP_ENTRY(nsISerializable)
diff --git a/modules/libjar/nsJARURI.h b/modules/libjar/nsJARURI.h
index 31271e4ac..d2608a5c6 100644
--- a/modules/libjar/nsJARURI.h
+++ b/modules/libjar/nsJARURI.h
@@ -41,7 +41,6 @@ class nsJARURI final : public nsIJARURI,
 public:
     NS_DECL_THREADSAFE_ISUPPORTS
     NS_DECL_NSIURI
-    NS_DECL_NSIURIWITHQUERY
     NS_DECL_NSIURL
     NS_DECL_NSIJARURI
     NS_DECL_NSISERIALIZABLE
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 182de4a11..ccc59269b 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5564,6 +5564,12 @@ pref("security.mixed_content.use_hsts", true);
 // Approximately 1 week default cache for HSTS priming failures
 pref ("security.mixed_content.hsts_priming_cache_timeout", 10080);
 
+// TODO: Bug 1380959: Block toplevel data: URI navigations
+// If true, all toplevel data: URI navigations will be blocked.
+// Please note that manually entering a data: URI in the
+// URL-Bar will not be blocked when flipping this pref.
+pref("security.data_uri.block_toplevel_data_uri_navigations", false);
+
 // Disable Storage api in release builds.
 #ifdef NIGHTLY_BUILD
 pref("dom.storageManager.enabled", true);