Bug 1826009 - Restrict who can set tab icon. r=darktrojan

Document at mailbox://, imap:// etc. urls should not be allowed to set favicon. Content tabs should be able to set favicon. (To test, `openContentTab("https://google.com");`) Loading without restrictions is a privacy violation as well as unexpected UX. Differential Revision: https://phabricator.services.mozilla.com/D179633 --HG-- extra : amend_source : 81d5cbb8383562dd928196ece83748108a4194a0
2023-06-06 00:40:23 +00:00 · 2023-06-06 00:40:23 +00:00 · a7b7deb245
--- a/mail/base/content/mailTabs.js
+++ b/mail/base/content/mailTabs.js
@ -36,16 +36,18 @@ var mailTabType = {
      },
      true
    );
-    browser.addEventListener("DOMLinkAdded", event => {
-      if (event.target.rel == "icon") {
+    let linkRelIconHandler = event => {
+      if (event.target.rel != "icon") {
+        return;
+      }
+      // Allow 3pane and message tab to set a tab favicon. Mail content should
+      // not be allowed to do that.
+      if (event.target.ownerGlobal.frameElement == browser) {
        tabmail.setTabFavIcon(tab, event.target.href);
      }
-    });
-    browser.addEventListener("DOMLinkChanged", event => {
-      if (event.target.rel == "icon") {
-        tabmail.setTabFavIcon(tab, event.target.href);
-      }
-    });
+    };
+    browser.addEventListener("DOMLinkAdded", linkRelIconHandler);
+    browser.addEventListener("DOMLinkChanged", linkRelIconHandler);
    if (onDOMContentLoaded) {
      browser.addEventListener(
        "DOMContentLoaded",
--- a/mail/base/test/browser/browser.ini
+++ b/mail/base/test/browser/browser.ini
@ -45,6 +45,7 @@ skip-if = os == 'mac'
 [browser_spacesToolbar.js]
 [browser_spacesToolbarCustomize.js]
 [browser_selectionWidgetController.js]
+[browser_tabIcon.js]
 [browser_tagsMode.js]
 [browser_threads.js]
 [browser_threadTreeQuirks.js]
--- a/mail/base/test/browser/browser_tabIcon.js
+++ b/mail/base/test/browser/browser_tabIcon.js
@ -0,0 +1,99 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const { GlodaIndexer } = ChromeUtils.import(
+  "resource:///modules/gloda/GlodaIndexer.jsm"
+);
+const { MessageGenerator } = ChromeUtils.import(
+  "resource://testing-common/mailnews/MessageGenerator.jsm"
+);
+const { PromiseTestUtils } = ChromeUtils.import(
+  "resource://testing-common/mailnews/PromiseTestUtils.jsm"
+);
+
+const TEST_DOCUMENT_URL =
+  "http://mochi.test:8888/browser/comm/mail/base/test/browser/files/sampleContent.html";
+const TEST_IMAGE_URL =
+  "http://mochi.test:8888/browser/comm/mail/base/test/browser/files/tb-logo.png";
+
+let tabmail = document.getElementById("tabmail");
+let rootFolder, testFolder, testMessages;
+
+add_setup(async function () {
+  MailServices.accounts.createLocalMailAccount();
+  let account = MailServices.accounts.accounts[0];
+  account.addIdentity(MailServices.accounts.createIdentity());
+  rootFolder = account.incomingServer.rootFolder;
+
+  rootFolder.createSubfolder("tabIcon", null);
+  testFolder = rootFolder
+    .getChildNamed("tabIcon")
+    .QueryInterface(Ci.nsIMsgLocalMailFolder);
+
+  let messageFile = new FileUtils.File(
+    getTestFilePath("files/sampleContent.eml")
+  );
+  Assert.ok(messageFile.exists(), "test data file should exist");
+  let promiseCopyListener = new PromiseTestUtils.PromiseCopyListener();
+  // Copy gIncomingMailFile into the Inbox.
+  MailServices.copy.copyFileMessage(
+    messageFile,
+    testFolder,
+    null,
+    false,
+    0,
+    "",
+    promiseCopyListener,
+    null
+  );
+  await promiseCopyListener.promise;
+  testMessages = [...testFolder.messages];
+  tabmail.currentAbout3Pane.displayFolder(testFolder);
+
+  registerCleanupFunction(() => {
+    tabmail.closeOtherTabs(0);
+    MailServices.accounts.removeAccount(account, false);
+  });
+});
+
+add_task(async function testMsgInFolder() {
+  tabmail.currentAbout3Pane.threadTree.selectedIndex = 0;
+  await BrowserTestUtils.browserLoaded(
+    tabmail.currentAboutMessage.getMessagePaneBrowser()
+  );
+  let icon = tabmail.tabInfo[0].tabNode.querySelector(".tab-icon-image");
+  await TestUtils.waitForCondition(() => icon.complete, "Icon loaded");
+  Assert.equal(
+    icon.src,
+    "chrome://messenger/skin/icons/new/compact/folder.svg"
+  );
+});
+
+add_task(async function testMsgInTab() {
+  window.OpenMessageInNewTab(testMessages[0], { background: false });
+  await BrowserTestUtils.waitForEvent(
+    tabmail.tabInfo[1].chromeBrowser,
+    "MsgLoaded"
+  );
+  let tab = tabmail.tabInfo[1];
+  let icon = tab.tabNode.querySelector(".tab-icon-image");
+  await TestUtils.waitForCondition(() => icon.complete, "Icon loaded");
+  Assert.equal(icon.src, "chrome://messenger/skin/icons/new/compact/draft.svg");
+});
+
+add_task(async function testContentTab() {
+  let tab = window.openTab("contentTab", {
+    url: TEST_DOCUMENT_URL,
+    background: false,
+  });
+  await BrowserTestUtils.browserLoaded(tab.browser);
+
+  let icon = tab.tabNode.querySelector(".tab-icon-image");
+
+  // Start of TEST_IMAGE_URL as data url.
+  await TestUtils.waitForCondition(
+    () => icon.src.startsWith("data:image/png;base64,iVBORw0KGgoAAAANSUhEU"),
+    "Waited for icon to be correct"
+  );
+});
--- a/mail/base/test/browser/files/sampleContent.eml
+++ b/mail/base/test/browser/files/sampleContent.eml
@ -12,13 +12,20 @@ This is a multi-part message in MIME format.
 Content-Type: text/html; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit

-<p>This is a page of sample content for tests.</p>
-<p><a href="https://www.thunderbird.net/">Link to a web page</a></p>
-<form>
-  <input type="text" />
-</form>
-<p><img src="cid:logo" width="304" height="84" /></p>
-
+<!DOCTYPE html>
+<html>
+  <head>
+    <link rel="icon" href="http://mochi.test:8888/browser/comm/mail/base/test/browser/files/tb-logo.png" />
+  </head>
+  <body>
+    <p>This is a page of sample content for tests.</p>
+    <p><a href="https://www.thunderbird.net/">Link to a web page</a></p>
+    <form>
+      <input type="text" />
+    </form>
+    <p><img src="cid:logo" width="304" height="84" /></p>
+  </body>
+</html>

 ----------------CHOPCHOP0
 Content-Type: image/png; charset=ISO-8859-1; format=flowed;
--- a/mail/base/test/browser/files/sampleContent.html
+++ b/mail/base/test/browser/files/sampleContent.html
@ -3,6 +3,7 @@
  <head>
    <meta charset="utf-8" />
    <title>Sample Content</title>
+    <link rel="icon" href="tb-logo.png" />
  </head>
  <body>
    <p>This is a page of sample content for tests.</p>