Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-01-12 06:52:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
587,538 Commits 616 Branches 98 Tags
Commit Graph

6 Commits

Author SHA1 Message Date
Christoph Kerschbaumer
9048e3f216 Bug 1397655 - Update tests within dom/ to comply with new toplevel data: URI navigation policy. r=smaug 2017-09-10 13:24:07 +02:00
Henry Chang
d9fddc6423 Bug 1388606 - Test case for ensuring data:font is treated same-origin. r=ckerschb 
We try to load a data:font and apply to some text in the test case. In case
data:font is treated different origin, the font will not load and the
test would fail.

MozReview-Commit-ID: LWYWJOoWL71

--HG--
extra : rebase_source : e4e133c16c75ecee80293c17703a03c7ce1ef18b
 2017-08-09 16:39:44 +08:00
Henry Chang
0038962d8f Bug 1387983 - Fix test case for data:stylesheet same origin check. r=heycam 
MozReview-Commit-ID: 1U7Aw9X13uF

--HG--
extra : rebase_source : 5cb424d70567a42df0d6521961474a89fd9d87d2
extra : source : 540b354d289a34c48b0fd2e43da3e3f6ae1aae2e
 2017-08-07 16:36:35 +08:00
Yoshi Huang
c65e15f19c Bug 1381728 - Part 1 : <object data="data:text/html,...> should have unique opaque origin. r=smaug 2017-08-03 09:38:09 +08:00
Henry Chang
efe126200b Bug 1381437 - Re-org testing promises to avoid racy tesing result. r=smaug, yoshi 
MozReview-Commit-ID: BqOUcHxw7MW

--HG--
extra : amend_source : e8c9df103b029a1454f881b77bdd1492661cc105
 2017-07-17 19:46:56 +08:00
Yoshi Huang
94d1d69dc1 Bug 1373513 - Part 1: data:image, data:css, and data:fonts should be same origin. r=smaug 
For font-face
https://drafts.csswg.org/css-fonts-3/#font-fetching-requirements

/* data url's with no redirects are treated as same origin */
src: url("data:application/font-woff;base64,...");

For image
https://html.spec.whatwg.org/multipage/images.html#updating-the-image-data
Step 12
 Fetch request. Let this instance of the fetching algorithm be
associated with image request.

This will go to Fetch spec then.

For <link rel="stylesheet" href="data:text/css" ...>
https://html.spec.whatwg.org/multipage/semantics.html#obtaining-a-resource-from-a-link-element
Step 10
Fetch request.

This will also go to Fetch spec then.

[Fetch] specification,
https://fetch.spec.whatwg.org/#main-fetch, step 12,
request’s current url’s scheme is "data"
1. Set request’s response tainting to "basic".

And from
https://html.spec.whatwg.org/multipage/urls-and-fetching.html#terminology-3
A response whose type is "basic", "cors", or "default" is
CORS-same-origin.

For subresource loading using data: URI, it should be treated as same
origin.
 2017-07-12 11:00:13 +08:00