Merge pull request #231 from janekptacijarabaci/security_blocking_data_1

moebius#223, #224, #226, #230: DOM - consider blocking top level window data: URIs

1 files changed, 30 insertions, 0 deletions

diff --git a/dom/security/test/general/browser_test_view_image_data_navigation.js b/dom/security/test/general/browser_test_view_image_data_navigation.js
new file mode 100644
index 000000000..22de35894
--- /dev/null
+++ b/dom/security/test/general/browser_test_view_image_data_navigation.js
@@ -0,0 +1,30 @@
+"use strict";
+
+const TEST_PAGE = getRootDirectory(gTestPath) + "file_view_image_data_navigation.html";
+
+add_task(async function test_principal_right_click_open_link_in_new_tab() {
+  await SpecialPowers.pushPrefEnv({
+    "set": [["security.data_uri.block_toplevel_data_uri_navigations", true]],
+  });
+
+  await BrowserTestUtils.withNewTab(TEST_PAGE, async function(browser) {
+    let loadPromise = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser, true);
+
+    // simulate right-click->view-image
+    BrowserTestUtils.waitForEvent(document, "popupshown", false, event => {
+      // These are operations that must be executed synchronously with the event.
+      document.getElementById("context-viewimage").doCommand();
+      event.target.hidePopup();
+      return true;
+    });
+    BrowserTestUtils.synthesizeMouseAtCenter("#testimage",
+                                             { type: "contextmenu", button: 2 },
+                                             gBrowser.selectedBrowser);
+    await loadPromise;
+
+    await ContentTask.spawn(gBrowser.selectedBrowser, {}, async function() {
+      ok(content.document.location.toString().startsWith("data:image/svg+xml;"),
+         "data:image/svg navigation allowed through right-click view-image")
+    });
+  });
+});