Bug 1415612: Allow all plain text types when navigating top-level data URIs. r=bz

dom/security/moz.build

@@ -47,6 +47,7 @@ LOCAL_INCLUDES += [
     '/caps',
     '/docshell/base',  # for nsDocShell.h
     '/netwerk/base',
+    '/netwerk/protocol/data', # for nsDataHandler.h
 ]
 
 if CONFIG['GNU_CC']:

dom/security/nsContentSecurityManager.cpp

@@ -6,6 +6,7 @@
 
 #include "nsContentSecurityManager.h"
 #include "nsEscape.h"
+#include "nsDataHandler.h"
 #include "nsIChannel.h"
 #include "nsIHttpChannelInternal.h"
 #include "nsIStreamListener.h"
@@ -60,16 +61,24 @@ nsContentSecurityManager::AllowTopLevelNavigationToDataURI(nsIChannel* aChannel)
   if (!isDataURI) {
     return true;
   }
+
+  nsAutoCString spec;
+  rv = uri->GetSpec(spec);
+  NS_ENSURE_SUCCESS(rv, true);
+  nsAutoCString contentType;
+  bool base64;
+  rv = nsDataHandler::ParseURI(spec, contentType, nullptr, 
+                               base64, nullptr);
+  NS_ENSURE_SUCCESS(rv, true);
+
   // Whitelist data: images as long as they are not SVGs
-  nsAutoCString filePath;
-  uri->GetFilePath(filePath);
-  if (StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/")) &&
-      !StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/svg+xml"))) {
+  if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("image/")) &&
+      !contentType.EqualsLiteral("image/svg+xml")) {
     return true;
   }
-  // Whitelist data: PDFs and JSON
-  if (StringBeginsWith(filePath, NS_LITERAL_CSTRING("application/pdf")) ||
-      StringBeginsWith(filePath, NS_LITERAL_CSTRING("application/json"))) {
+  // Whitelist all plain text types as well as data: PDFs.
+  if (nsContentUtils::IsPlainTextType(contentType) ||
+      contentType.EqualsLiteral("application/pdf")) {
     return true;
   }
   // Redirecting to a toplevel data: URI is not allowed, hence we make