Bug 1954850. Add CSP to deletecert.html r=tschuster

Differential Revision: https://phabricator.services.mozilla.com/D242067

dom/security/nsContentSecurityUtils.cpp

@@ -1289,6 +1289,7 @@ static nsLiteralCString sStyleSrcUnsafeInlineAllowList[] = {
     "chrome://mozapps/content/update/history.xhtml"_ns,
     "chrome://mozapps/content/update/updateElevation.xhtml"_ns,
     "chrome://pippki/content/certManager.xhtml"_ns,
+    "chrome://pippki/content/deletecert.xhtml"_ns,
 };
 // img-src data: blob:
 static nsLiteralCString sImgSrcDataBlobAllowList[] = {
@@ -1931,7 +1932,6 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
       "chrome://global/content/win.xhtml"_ns,
       "chrome://global/skin/in-content/info-pages.css"_ns,
       "chrome://layoutdebug/content/layoutdebug.xhtml"_ns,
-      "chrome://pippki/content/deletecert.xhtml"_ns,
       "chrome://pippki/content/device_manager.xhtml"_ns,
       "chrome://pippki/content/downloadcert.xhtml"_ns,
       "chrome://pippki/content/editcacert.xhtml"_ns,

security/manager/pki/resources/content/deletecert.js

@@ -119,3 +119,5 @@ function onDialogCancel() {
   let retVals = window.arguments[2];
   retVals.deleteConfirmed = false;
 }
+
+window.addEventListener("load", () => onLoad());

security/manager/pki/resources/content/deletecert.xhtml

@@ -3,6 +3,8 @@
    - License, v. 2.0. If a copy of the MPL was not distributed with this
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
+<?csp default-src chrome:; style-src chrome: 'unsafe-inline' ?>
+
 <!DOCTYPE window>
 
 <window
@@ -10,7 +12,6 @@
   data-l10n-attrs="style"
   xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
   xmlns:html="http://www.w3.org/1999/xhtml"
-  onload="onLoad();"
 >
   <dialog id="deleteCertificate" buttons="accept,cancel">
     <linkset>