Bug 1638711 - Call DisplayLoadError for NS_ERROR_DOM_BAD_URI during EndPageLoad, since we would also have done this for the same error during AsyncOpen. r=nika,ckerschb

Previously we called DisplayLoadError with NS_ERROR_DOM_BASE_URI for errors detected during AsyncOpen, but not for asynchronous errors, and this patch queue changed when some security errors happen to be asynchronous.

GeckoView has tests that require DisplayLoadError to be called (which allows for a custom error page to be loaded). Unfortunately, doing so breaks existing gecko tests, since the method of detecting a blocked load fails when GeckoView loads a custom error page.

Differential Revision: https://phabricator.services.mozilla.com/D77171

docshell/base/nsDocShell.cpp

@@ -6185,6 +6185,7 @@ nsresult nsDocShell::EndPageLoad(nsIWebProgress* aProgress,
                aStatus == NS_ERROR_NET_INADEQUATE_SECURITY ||
                aStatus == NS_ERROR_NET_HTTP2_SENT_GOAWAY ||
                aStatus == NS_ERROR_NET_HTTP3_PROTOCOL_ERROR ||
+               aStatus == NS_ERROR_DOM_BAD_URI ||
                NS_ERROR_GET_MODULE(aStatus) == NS_ERROR_MODULE_SECURITY) {
       // Errors to be shown for any frame
       DisplayLoadError(aStatus, url, nullptr, aChannel);

dom/security/test/general/file_block_toplevel_data_navigation2.html

@@ -8,10 +8,22 @@
 test2: data: URI in iframe tries to window.open(data:, _blank);<br/>
 <iframe id="testFrame" src=""></iframe>
 <script>
+  // GeckoView displays an error page for invalid navigations,
+  // so catch the security error trying to access the cross-origin error
+  // document and treat that as blocked.
   let DATA_URI = `data:text/html,<body><script>
     var win = window.open("data:text/html,<body>toplevel data: URI navigations should be blocked</body>", "_blank");
     setTimeout(function () {
-      var result = win.document.body.innerHTML === "" ? "blocked" : "navigated";
+      let result = "navigated";
+      try {
+        result = win.document.body.innerHTML === "" ? "blocked" : "navigated";
+      } catch (e) {
+        if (e instanceof DOMException && e.name === "SecurityError") {
+          result = "blocked";
+        } else {
+          throw e;
+        }
+      }
       parent.postMessage(result, "*");
       win.close();
     }, 1000);

dom/security/test/general/test_block_toplevel_data_navigation.html

@@ -80,7 +80,11 @@ function test4() {
   setTimeout(function () {
     // Please note that the data: URI will be displayed in the URL-Bar but not
     // loaded, hence we rather rely on document.body than document.location
-    is(win4.document.body.innerHTML, "",
+    // GeckoView displays an error page for invalid navigations,
+    // so catch the case where we're not allowed to access to (cross-origin)
+    // error document and treat that as blocked.
+    let body = SpecialPowers.wrap(win4).document.body;
+    is(body ? body.innerHTML : "", "",
       "navigating to a data: URI using window.open() should be blocked");
     test5();
   }, 1000);
@@ -92,7 +96,8 @@ function test5() {
   setTimeout(function () {
     // Please note that the data: URI will be displayed in the URL-Bar but not
     // loaded, hence we rather rely on document.body than document.location
-    is(SpecialPowers.wrap(win5).document.body.innerHTML, "",
+    let body = SpecialPowers.wrap(win5).document.body;
+    is(body ? body.innerHTML : "", "",
       "navigating to URI which redirects to a data: URI using window.open() should be blocked");
     win5.close();
     SimpleTest.finish();