Bug 1800916 - [devtools] Allow interactions with HTML previews in netmonitor. r=devtools-reviewers,bomsy

It might be misleading to allow interactions with HTML previews.
Links/forms may navigate to another URL without any way to navigate back.
But it sounds unlikely this will lead to major security issue,
while letting users copy and paste partial pieces of these previews.

Differential Revision: https://phabricator.services.mozilla.com/D169075

devtools/client/netmonitor/src/components/previews/HtmlPreview.js

@@ -27,9 +27,12 @@ class HTMLPreview extends Component {
     this.iframe = iframe;
     iframe.setAttribute("type", "content");
     iframe.setAttribute("remote", "true");
-    iframe.addEventListener("mousedown", e => e.preventDefault(), {
-      capture: true,
-    });
+    // Bug 1800916 allow interaction with the preview page until
+    // we find a way to prevent navigation without preventing copy paste from it.
+    //
+    // iframe.addEventListener("mousedown", e => e.preventDefault(), {
+    //   capture: true,
+    // });
     container.appendChild(iframe);
 
     // browsingContext attribute is only available after the iframe

devtools/client/netmonitor/test/browser_net_html-preview.js

@@ -96,41 +96,8 @@ add_task(async function() {
   await selectIndexAndWaitForHtmlView(0, TEST_HTML);
   await selectIndexAndWaitForHtmlView(1, FETCH_CONTENT_1);
   await selectIndexAndWaitForHtmlView(2, FETCH_CONTENT_2);
-  let previewIframe = await selectIndexAndWaitForHtmlView(3, FETCH_CONTENT_3);
-
-  info("Try to click on the link and submit the form");
-  await SpecialPowers.spawn(previewIframe.browsingContext, [], async function(
-    expectedHtml
-  ) {
-    EventUtils.synthesizeMouseAtCenter(
-      content.document.querySelector("a"),
-      {},
-      content
-    );
-    EventUtils.synthesizeMouseAtCenter(
-      content.document.querySelector("form"),
-      {},
-      content
-    );
-  });
-
-  info("Wait for some time to let a chance for the link/form to navigate");
-  await wait(1000);
-
-  info("Verify that the content did not change");
-  await SpecialPowers.spawn(
-    previewIframe.browsingContext,
-    [FETCH_CONTENT_3],
-    async function(expectedHtml) {
-      is(
-        content.document.documentElement.outerHTML,
-        expectedHtml,
-        "Verify that link and form are both disabled and the HTML content stays the same"
-      );
-    }
-  );
-
-  previewIframe = await selectIndexAndWaitForHtmlView(4, FETCH_CONTENT_4);
+  await selectIndexAndWaitForHtmlView(3, FETCH_CONTENT_3);
+  await selectIndexAndWaitForHtmlView(4, FETCH_CONTENT_4);
 
   await teardown(monitor);
 

devtools/client/webconsole/test/browser/browser_webconsole_network_messages_html_preview.js

@@ -111,44 +111,11 @@ add_task(async function task() {
   });
 
   info("Try to click on the link and submit the form");
-  const previewIframe = await expandNetworkRequestAndWaitForHtmlView({
+  await expandNetworkRequestAndWaitForHtmlView({
     hud,
     url: "fetch-4.html",
     expectedHtml: FETCH_CONTENT_4,
   });
-
-  await SpecialPowers.spawn(
-    previewIframe.browsingContext,
-    [],
-    async function() {
-      EventUtils.synthesizeMouseAtCenter(
-        content.document.querySelector("a"),
-        {},
-        content
-      );
-      EventUtils.synthesizeMouseAtCenter(
-        content.document.querySelector("form"),
-        {},
-        content
-      );
-    }
-  );
-
-  info("Wait for some time to let a chance for the link/form to navigate");
-  await wait(1000);
-
-  info("Verify that the content did not change");
-  await SpecialPowers.spawn(
-    previewIframe.browsingContext,
-    [FETCH_CONTENT_4],
-    async function(expectedHtml) {
-      is(
-        content.document.documentElement.outerHTML,
-        expectedHtml,
-        "Verify that link and form are both disabled and the HTML content stays the same"
-      );
-    }
-  );
 });
 
 async function expandNetworkRequestAndWaitForHtmlView({