Bug 1744352 - Part 2: Add test for sandboxing javascript uris in pop-ups, r=smaug a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D138211

Author: mystor

docshell/test/mochitest/mochitest.ini

@@ -137,3 +137,4 @@ support-files =
   clicker.html
   double_submit.sjs
 [test_iframe_srcdoc_to_remote.html]
+[test_javascript_sandboxed_popup.html]

docshell/test/mochitest/test_javascript_sandboxed_popup.html

@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<head>
+<meta charset="utf-8">
+<script src="/tests/SimpleTest/SimpleTest.js"></script>
+<link rel="stylesheet" href="/tests/SimpleTest/test.css" />
+</head>
+
+<body>
+<iframe srcdoc="<a href='javascript:opener.parent.ok(false, `The JS ran!`)' target=_blank rel=opener>click</a>"
+  sandbox="allow-popups allow-same-origin"></iframe>
+
+<script>
+add_task(async function() {
+  let promise = new Promise(resolve =>{
+    SpecialPowers.addObserver(function obs(subject) {
+      is(subject.opener, window[0],
+         "blocked javascript URI should have been targeting the pop-up document");
+      subject.close();
+      SpecialPowers.removeObserver(obs, "javascript-uri-blocked-by-sandbox");
+      resolve();
+    }, "javascript-uri-blocked-by-sandbox");
+  });
+  document.querySelector("iframe").contentDocument.querySelector("a").click();
+  await promise;
+});
+</script>
+</body>

dom/jsurl/nsJSProtocolHandler.cpp

@@ -236,6 +236,11 @@ nsresult nsJSThunk::EvaluateScript(
     // Sandboxed document check: javascript: URI execution is disabled
     // in a sandboxed document unless 'allow-scripts' was specified.
     if (targetDoc->HasScriptsBlockedBySandbox()) {
+      if (nsCOMPtr<nsIObserverService> obs =
+              mozilla::services::GetObserverService()) {
+        obs->NotifyWhenScriptSafe(ToSupports(innerWin),
+                                  "javascript-uri-blocked-by-sandbox");
+      }
       return NS_ERROR_DOM_RETVAL_UNDEFINED;
     }