commit d15bf493910aca41ba73ee1e79813e59a0bd9573
parent dfc730849184c1931a9c289f1f4937db71a537cc
Author: Vincent Hilla <vhilla@mozilla.com>
Date: Thu, 11 Dec 2025 12:03:10 +0000
Bug 2002654 - Initialize policy container in RecvConstructBrowser. r=sfarre,dom-core,smaug
The FrameLoader and WindowWatcher already provide a PolicyContainer to the
initial about:blank via nsOpenWindowInfo. However, initial documents created
through RecvConstructBrowser also need a PolicyContainer.
Bug 2004943 tracks always initializing the policy container for
initial about:blank documents. This commit serves as a temporary workaround.
Differential Revision: https://phabricator.services.mozilla.com/D275624
Diffstat:
3 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/docshell/test/browser/browser.toml b/docshell/test/browser/browser.toml
@@ -274,6 +274,8 @@ skip-if = [
["browser_bug1798780.js"]
+["browser_bug2002654.js"]
+
["browser_bug2004165.js"]
skip-if = [
"debug", # bug 2005202
diff --git a/docshell/test/browser/browser_bug2002654.js b/docshell/test/browser/browser_bug2002654.js
@@ -0,0 +1,31 @@
+"use strict";
+
+// This test makes sure that a policy container & content security policy is initialized for frontend created documents
+// see bug https://bugzilla.mozilla.org/show_bug.cgi?id=2002654
+add_task(async function test_policy_container_and_csp_in_about_blank() {
+ let tab = await BrowserTestUtils.openNewForegroundTab(
+ gBrowser,
+ "about:blank"
+ );
+ try {
+ await ContentTask.spawn(tab.linkedBrowser, null, function () {
+ let meta = content.document.createElement("meta");
+ meta.httpEquiv = "Content-Security-Policy";
+ meta.content = "script-src 'none'";
+ content.document.head.appendChild(meta);
+ Assert.ok(
+ (() => {
+ try {
+ content.window.eval("1 + 1");
+ return false;
+ } catch (ex) {
+ return true;
+ }
+ })(),
+ "CSP set for frontend created document"
+ );
+ });
+ } finally {
+ BrowserTestUtils.removeTab(tab);
+ }
+});
diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp
@@ -76,6 +76,7 @@
#include "mozilla/dom/MemoryReportRequest.h"
#include "mozilla/dom/Navigation.h"
#include "mozilla/dom/PSessionStorageObserverChild.h"
+#include "mozilla/dom/PolicyContainer.h"
#include "mozilla/dom/PostMessageEvent.h"
#include "mozilla/dom/PushNotifier.h"
#include "mozilla/dom/RemoteWorkerDebuggerManagerChild.h"
@@ -1958,6 +1959,10 @@ mozilla::ipc::IPCResult ContentChild::RecvConstructBrowser(
RefPtr<nsOpenWindowInfo> openWindowInfo = new nsOpenWindowInfo();
openWindowInfo->mPrincipalToInheritForAboutBlank = aWindowInit.principal();
+ // XXX We should consider moving this to CreateAboutBlankDocumentViewer (bug
+ // 2004943)
+ openWindowInfo->mPolicyContainerToInheritForAboutBlank =
+ new PolicyContainer();
{
// Block the script runner that notifies about the creation of the script
