mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1658878 - Isolate BlobURLs per agent-cluster - pref, r=smaug 

Differential Revision: https://phabricator.services.mozilla.com/D86968
This commit is contained in:
Andrea Marchesini 2020-08-17 09:55:56 +00:00
Родитель 2a7a7cfe86
Коммит 6b8618a091
9 изменённых файлов: 43 добавлений и 6 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
browser/base/content/test/contextMenu/browser_contextmenu_loadblobinnewtab.js
Просмотреть файл

@ -135,6 +135,12 @@ async function openInNewTabAndReturnContent(selector) {
return blobDataFromContent; return blobDataFromContent;
} }
add_task(async function setup() {
await SpecialPowers.pushPrefEnv({
set: [["privacy.partition.bloburl_per_agent_cluster", false]],
});
});
add_task(async function test_rightclick_open_bloburl_in_new_tab() { add_task(async function test_rightclick_open_bloburl_in_new_tab() {
let blobDataFromLoadedPage = await rightClickOpenInNewTabAndReturnContent( let blobDataFromLoadedPage = await rightClickOpenInNewTabAndReturnContent(
"blob-url-link" "blob-url-link"

8
browser/components/originattributes/test/browser/browser_blobURLIsolation.js
Просмотреть файл

@ -109,4 +109,10 @@ for (let blobify of [page_blobify, worker_blobify]) {
} }
} }
IsolationTestTools.runTests(TEST_PAGE, tests); async function setup() {
await SpecialPowers.pushPrefEnv({
set: [["privacy.partition.bloburl_per_agent_cluster", false]],
});
}
IsolationTestTools.runTests(TEST_PAGE, tests, null, setup);

6
dom/file/ipc/tests/browser_ipcBlob.js
Просмотреть файл

@ -4,6 +4,12 @@ requestLongerTimeout(3);
const BASE_URI = "http://mochi.test:8888/browser/dom/file/ipc/tests/empty.html"; const BASE_URI = "http://mochi.test:8888/browser/dom/file/ipc/tests/empty.html";
add_task(async function setup() {
await SpecialPowers.pushPrefEnv({
set: [["privacy.partition.bloburl_per_agent_cluster", false]],
});
});
// More than 1mb memory blob childA-parent-childB. // More than 1mb memory blob childA-parent-childB.
add_task(async function test_CtoPtoC_big() { add_task(async function test_CtoPtoC_big() {
let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI); let tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, BASE_URI);

7
dom/file/tests/test_agentcluster_bloburl.js
Просмотреть файл

@ -6,12 +6,19 @@ const { CookieXPCShellUtils } = ChromeUtils.import(
"resource://testing-common/CookieXPCShellUtils.jsm" "resource://testing-common/CookieXPCShellUtils.jsm"
); );
const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
CookieXPCShellUtils.init(this); CookieXPCShellUtils.init(this);
// Same agent cluster, all works fine: blobURLs can be opened. // Same agent cluster, all works fine: blobURLs can be opened.
add_task(async () => { add_task(async () => {
do_get_profile(); do_get_profile();
Services.prefs.setBoolPref(
"privacy.partition.bloburl_per_agent_cluster",
true
);
const server = CookieXPCShellUtils.createServer({ hosts: ["example.org"] }); const server = CookieXPCShellUtils.createServer({ hosts: ["example.org"] });
let result = new Promise(resolve => { let result = new Promise(resolve => {

5
dom/file/uri/BlobURLProtocolHandler.cpp
Просмотреть файл

@ -739,8 +739,9 @@ bool BlobURLProtocolHandler::GetDataEntry(
return false; return false;
} }
// Same agent-cluster only. // BlobURLs are openable on the same agent-cluster-id only.
if (aAgentClusterId.isSome() && info->mAgentClusterId.isSome() && if (StaticPrefs::privacy_partition_bloburl_per_agent_cluster() &&
aAgentClusterId.isSome() && info->mAgentClusterId.isSome() &&
!aAgentClusterId.value().Equals(info->mAgentClusterId.value())) { !aAgentClusterId.value().Equals(info->mAgentClusterId.value())) {
return false; return false;
} }

10
dom/url/tests/test_bloburl_location.html
Просмотреть файл

@ -19,10 +19,14 @@ onmessage = function(e) {
} }
}; };
var ifr = document.createElement("iframe"); SpecialPowers.pushPrefEnv({
document.body.appendChild(ifr); "set": [["privacy.partition.bloburl_per_agent_cluster", false]]
}).then(() => {
var ifr = document.createElement("iframe");
document.body.appendChild(ifr);
ifr.src = "data:text/html,<script>location=URL.createObjectURL(new%20Blob(['<script>parent.postMessage(location.pathname,\"*\");location.pathname=\"foo\";parent.postMessage(location.pathname,\"*\");<\/s' +'cript>'], {type:\"text/html\"}));<\/script>"; ifr.src = "data:text/html,<script>location=URL.createObjectURL(new%20Blob(['<script>parent.postMessage(location.pathname,\"*\");location.pathname=\"foo\";parent.postMessage(location.pathname,\"*\");<\/s' +'cript>'], {type:\"text/html\"}));<\/script>";
});
SimpleTest.waitForExplicitFinish(); SimpleTest.waitForExplicitFinish();

5
modules/libpref/init/StaticPrefList.yaml
Просмотреть файл

@ -8766,6 +8766,11 @@
value: @IS_NIGHTLY_BUILD@ value: @IS_NIGHTLY_BUILD@
mirror: always mirror: always
- name: privacy.partition.bloburl_per_agent_cluster
type: RelaxedAtomicBool
value: @IS_NIGHTLY_BUILD@
mirror: always
# By default, the network state isolation is not active when there is a proxy # By default, the network state isolation is not active when there is a proxy
# setting. This pref forces the network isolation even in these scenarios. # setting. This pref forces the network isolation even in these scenarios.
- name: privacy.partition.network_state.connection_with_proxy - name: privacy.partition.network_state.connection_with_proxy

1
testing/web-platform/meta/html/cross-origin-embedder-policy/blob.https.html.ini Normal file
Просмотреть файл

@ -0,0 +1 @@
prefs: [privacy.partition.bloburl_per_agent_cluster:false]

1
testing/web-platform/meta/workers/SharedWorker_blobUrl.html.ini Normal file
Просмотреть файл

@ -0,0 +1 @@
prefs: [privacy.partition.bloburl_per_agent_cluster:false]