corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1958802: Add CSP to alert.xhtml r=emilio

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D245073
This commit is contained in:
Simon Friedberger
2025-04-10 19:45:20 +00:00
parent cf2a793a52
commit 1b675b2aed
3 changed files with 28 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dom/security/nsContentSecurityUtils.cpp
View File

@@ -1360,6 +1360,7 @@ static nsLiteralCString sImgSrcHttpsAllowList[] = {
"chrome://devtools/content/framework/browser-toolbox/window.html"_ns,
"chrome://devtools/content/framework/toolbox-window.xhtml"_ns,
"chrome://browser/content/preferences/dialogs/applicationManager.xhtml"_ns,
"chrome://global/content/alerts/alert.xhtml"_ns,
"chrome://mozapps/content/handling/appChooser.xhtml"_ns,
};
// img-src http:
@@ -1959,7 +1960,6 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
static nsLiteralCString sAllowedChromePagesWithNoCSP[] = {
"chrome://browser/content/shopping/review-checker.xhtml"_ns,
"chrome://geckoview/content/geckoview.xhtml"_ns,
"chrome://global/content/alerts/alert.xhtml"_ns,
"chrome://global/content/appPicker.xhtml"_ns,
// Test files
"chrome://mochikit/"_ns,

21
toolkit/components/alerts/alert.js
View File

@@ -193,6 +193,8 @@ function onAlertLoad() {
moveWindowToEnd();
}
window.addEventListener("click", onAlertClick);
window.addEventListener("beforeunload", onAlertBeforeUnload);
window.addEventListener("XULAlertClose", function () {
window.close();
});
@@ -223,6 +225,22 @@ function onAlertLoad() {
alertSettings.addEventListener("focus", onAlertSettingsFocus);
alertSettings.addEventListener("click", onAlertSettingsClick);
document
.getElementById("alert-close")
.addEventListener("click", event => event.stopPropagation());
document
.getElementById("alert-close")
.addEventListener("command", onAlertClose);
document
.getElementById("doNotDisturbMenuItem")
.addEventListener("command", doNotDisturb);
document
.getElementById("disableForOriginMenuItem")
.addEventListener("command", disableForOrigin);
document
.getElementById("openSettingsMenuItem")
.addEventListener("command", openSettings);
gIsActive = true;
let ev = new CustomEvent("AlertActive", { bubbles: true, cancelable: true });
@@ -381,3 +399,6 @@ function onAlertClose() {
window.close();
}
}
window.addEventListener("DOMContentLoaded", prefillAlertInfo);
window.addEventListener("load", onAlertLoad);

24
toolkit/components/alerts/alert.xhtml
View File

@@ -3,6 +3,8 @@
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<?csp default-src chrome: resource:; img-src chrome: resource: https: ?>
<!DOCTYPE window>
<window
@@ -13,9 +15,6 @@
role="alert"
pack="start"
hidechrome="true"
onload="onAlertLoad();"
onclick="onAlertClick();"
onbeforeunload="onAlertBeforeUnload();"
>
<linkset>
<xhtml:link
@@ -35,9 +34,8 @@
<vbox>
<toolbarbutton
class="close-icon"
id="alert-close"
data-l10n-id="alert-close"
onclick="event.stopPropagation();"
oncommand="onAlertClose();"
/>
</vbox>
</box>
@@ -62,24 +60,14 @@
data-l10n-id="alert-settings-title"
>
<menupopup position="after_end">
<menuitem id="doNotDisturbMenuItem" oncommand="doNotDisturb();" />
<menuitem id="doNotDisturbMenuItem" />
<menuseparator />
<menuitem
id="disableForOriginMenuItem"
oncommand="disableForOrigin();"
/>
<menuitem id="openSettingsMenuItem" oncommand="openSettings();" />
<menuitem id="disableForOriginMenuItem" />
<menuitem id="openSettingsMenuItem" />
</menupopup>
</button>
</box>
</vbox>
</box>
</vbox>
<!-- This method is called inline because we want to make sure we establish the width
and height of the alert before we fire the onload handler. -->
<script>
/* eslint-disable no-undef */
prefillAlertInfo();
</script>
</window>