tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 65a8d9226edf2a5a4cccb3786faa03d29f67bc31
parent 8c7c936159d9a81368aa076c326c2b643912def7
Author: Calixte Denizet <calixte.denizet@gmail.com>
Date:   Fri,  2 Jan 2026 18:43:15 +0000

Bug 2006500 - Don't load external css resources when loading a pdf r=robwu

Differential Revision: https://phabricator.services.mozilla.com/D276839

Diffstat:

Mtoolkit/components/pdfjs/content/PdfStreamConverter.sys.mjs | 3+++


Mtoolkit/components/pdfjs/test/browser.toml | 3+++


Atoolkit/components/pdfjs/test/browser_pdfjs_response_link.js | 46++++++++++++++++++++++++++++++++++++++++++++++


Atoolkit/components/pdfjs/test/pdf_response_link.sjs | 24++++++++++++++++++++++++


4 files changed, 76 insertions(+), 0 deletions(-)

diff --git a/toolkit/components/pdfjs/content/PdfStreamConverter.sys.mjs b/toolkit/components/pdfjs/content/PdfStreamConverter.sys.mjs
@@ -1213,6 +1213,9 @@ PdfStreamConverter.prototype = {
       );
       // The viewer does not need to handle HTTP Refresh header.
       aRequest.setResponseHeader("Refresh", "", false);
+      // There is no reason to load something via <link>: the only external
+      // resource is the pdf itself.
+      aRequest.setResponseHeader("Link", "", false);
     }
 
     lazy.PdfJsTelemetryContent.onViewerIsUsed();
diff --git a/toolkit/components/pdfjs/test/browser.toml b/toolkit/components/pdfjs/test/browser.toml
@@ -102,6 +102,9 @@ support-files = [
 
 ["browser_pdfjs_properties.js"]
 
+["browser_pdfjs_response_link.js"]
+support-files = ["pdf_response_link.sjs"]
+
 ["browser_pdfjs_saveas.js"]
 support-files = [
   "!/toolkit/content/tests/browser/common/mockTransfer.js",
diff --git a/toolkit/components/pdfjs/test/browser_pdfjs_response_link.js b/toolkit/components/pdfjs/test/browser_pdfjs_response_link.js
@@ -0,0 +1,46 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+const RELATIVE_DIR = "toolkit/components/pdfjs/test/";
+const TESTROOT = "https://example.com/browser/" + RELATIVE_DIR;
+
+function getBodyBackgroundColor(browser) {
+  return SpecialPowers.spawn(browser, [], async () => {
+    return content.getComputedStyle(content.document.querySelector("body"))
+      .backgroundColor;
+  });
+}
+
+// Sanity check: the pdf test does not trivially pass due to the lack of support
+// for Link header.
+add_task(async function test_plain_text_with_link_in_response() {
+  await BrowserTestUtils.withNewTab(
+    { gBrowser, url: `${TESTROOT}pdf_response_link.sjs?text` },
+    async function (browser) {
+      const bodyBackgroundColor = await getBodyBackgroundColor(browser);
+      Assert.equal(
+        bodyBackgroundColor,
+        "rgb(255, 0, 0)",
+        "Body background is red"
+      );
+    }
+  );
+});
+
+add_task(async function test_pdf_with_link_in_response() {
+  makePDFJSHandler();
+
+  await BrowserTestUtils.withNewTab(
+    { gBrowser, url: "about:blank" },
+    async function (browser) {
+      await waitForPdfJSCanvas(browser, `${TESTROOT}pdf_response_link.sjs?pdf`);
+      const bodyBackgroundColor = await getBodyBackgroundColor(browser);
+      Assert.notEqual(
+        bodyBackgroundColor,
+        "rgb(255, 0, 0)",
+        "Body background is not red"
+      );
+      await waitForPdfJSClose(browser);
+    }
+  );
+});
diff --git a/toolkit/components/pdfjs/test/pdf_response_link.sjs b/toolkit/components/pdfjs/test/pdf_response_link.sjs
@@ -0,0 +1,24 @@
+const DATA = {
+  pdf: {
+    mimetype: "application/pdf",
+    content:
+      "%PDF-1.\ntrailer<</Root<</Pages<</Kids[<</MediaBox[0 0 3 3]>>]>>>>>>",
+  },
+  text: {
+    mimetype: "text/plain",
+    content: "hello world",
+  },
+};
+
+function handleRequest(request, response) {
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader(
+    "Link",
+    "<data:text/css,body{background:red%20!important;}>; rel=stylesheet",
+    false
+  );
+  response.setStatusLine(request.httpVersion, "200", "Found");
+  const { mimetype, content } = DATA[request.queryString];
+  response.setHeader("Content-Type", mimetype, false);
+  response.write(content);
+}