Bug 1955438. Add CSP to setp12password.xhtml r=tschuster

Depends on D242484

Differential Revision: https://phabricator.services.mozilla.com/D242485

dom/security/nsContentSecurityUtils.cpp

@@ -1297,6 +1297,7 @@ static nsLiteralCString sStyleSrcUnsafeInlineAllowList[] = {
     "chrome://pippki/content/downloadcert.xhtml"_ns,
     "chrome://pippki/content/editcacert.xhtml"_ns,
     "chrome://pippki/content/load_device.xhtml"_ns,
+    "chrome://pippki/content/setp12password.xhtml"_ns,
 };
 // img-src data: blob:
 static nsLiteralCString sImgSrcDataBlobAllowList[] = {
@@ -1960,7 +1961,6 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
       "chrome://global/content/selectDialog.xhtml"_ns,
       "chrome://global/content/win.xhtml"_ns,
       "chrome://layoutdebug/content/layoutdebug.xhtml"_ns,
-      "chrome://pippki/content/setp12password.xhtml"_ns,
       // Test files
       "chrome://mochikit/"_ns,
       "chrome://mochitests/"_ns,

security/manager/pki/resources/content/setp12password.js

@@ -27,7 +27,11 @@
  */
 function onLoad() {
   // Ensure the first password textbox has focus.
-  document.getElementById("pw1").focus();
+  let pw1 = document.getElementById("pw1");
+  pw1.focus();
+  pw1.addEventListener("input", () => onPasswordInput(true));
+  let pw2 = document.getElementById("pw2");
+  pw2.addEventListener("input", () => onPasswordInput(false));
   document.addEventListener("dialogaccept", onDialogAccept);
   document.addEventListener("dialogcancel", onDialogCancel);
 }
@@ -125,3 +129,5 @@ function onPasswordInput(recalculatePasswordStrength) {
   document.getElementById("setp12password").getButton("accept").disabled =
     pw1 != pw2;
 }
+
+window.addEventListener("load", () => onLoad());

security/manager/pki/resources/content/setp12password.xhtml

@@ -3,6 +3,8 @@
    - License, v. 2.0. If a copy of the MPL was not distributed with this
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
+<?csp default-src chrome:; style-src chrome: 'unsafe-inline'; ?>
+
 <!DOCTYPE window>
 
 <window
@@ -10,7 +12,6 @@
   xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
   xmlns:html="http://www.w3.org/1999/xhtml"
   style="width: 48em"
-  onload="onLoad();"
 >
   <dialog id="setp12password" buttons="accept,cancel">
     <linkset>
@@ -29,15 +30,11 @@
     <vbox>
       <hbox class="input-row">
         <label flex="1" data-l10n-id="set-password-backup-pw" />
-        <html:input id="pw1" type="password" oninput="onPasswordInput(true);" />
+        <html:input id="pw1" type="password" />
       </hbox>
       <hbox class="input-row">
         <label flex="1" data-l10n-id="set-password-repeat-backup-pw" />
-        <html:input
-          id="pw2"
-          type="password"
-          oninput="onPasswordInput(false);"
-        />
+        <html:input id="pw2" type="password" />
       </hbox>
     </vbox>
     <separator />

security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js

@@ -109,8 +109,8 @@ add_task(async function testPasswordStrengthAndEquality() {
     password2Textbox.value = testCase.password2;
     // Setting the value of the password textboxes via |.value| apparently
     // doesn't cause the oninput handlers to be called, so we do it here.
-    password1Textbox.oninput();
-    password2Textbox.oninput();
+    password1Textbox.dispatchEvent(new Event("input", { bubbles: true }));
+    password2Textbox.dispatchEvent(new Event("input", { bubbles: true }));
 
     Assert.equal(
       win.document.getElementById("setp12password").getButton("accept")