Bug 1958798 - Actually apply the CSP in the interactions viewer. r=simonf,jteow

Differential Revision: https://phabricator.services.mozilla.com/D244889

browser/components/places/metadataViewer/interactionsViewer.html

@@ -3,12 +3,14 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -->
-<?csp default-src chrome:; img-src chrome: moz-icon:; object-src 'none'; ?>
-
 <!doctype html>
 
 <html>
   <head>
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src chrome:; img-src chrome: moz-icon:; style-src chrome: 'unsafe-inline'; object-src 'none';"
+    />
     <title>Interactions Debug Viewer</title>
     <script
       type="module"

dom/security/nsContentSecurityUtils.cpp

@@ -1247,6 +1247,7 @@ static nsLiteralCString sStyleSrcUnsafeInlineAllowList[] = {
     "chrome://browser/content/places/bookmarkProperties.xhtml"_ns,
     "chrome://browser/content/places/bookmarksSidebar.xhtml"_ns,
     "chrome://browser/content/places/historySidebar.xhtml"_ns,
+    "chrome://browser/content/places/interactionsViewer.html"_ns,
     "chrome://browser/content/places/places.xhtml"_ns,
     "chrome://browser/content/preferences/dialogs/applicationManager.xhtml"_ns,
     "chrome://browser/content/preferences/dialogs/browserLanguages.xhtml"_ns,
@@ -1958,7 +1959,6 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
 
   static nsLiteralCString sAllowedChromePagesWithNoCSP[] = {
       "chrome://browser/content/default-bookmarks.html"_ns,
-      "chrome://browser/content/places/interactionsViewer.html"_ns,
       "chrome://browser/content/shopping/review-checker.xhtml"_ns,
       "chrome://geckoview/content/geckoview.xhtml"_ns,
       "chrome://global/content/alerts/alert.xhtml"_ns,