corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1958805. Add CSP to megalist.html r=tschuster,credential-management-reviewers,mtigley

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D244844
This commit is contained in:
Simon Friedberger
2025-04-09 14:47:31 +00:00
parent cdc567e2fc
commit 3eeac6b6e5
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dom/security/nsContentSecurityUtils.cpp
View File

@@ -1502,7 +1502,8 @@ class AllowBuiltinSrcVisitor : public DisallowingVisitor {
bool visitSchemeSrc(const nsCSPSchemeSrc& src) override {
nsAutoString scheme;
src.getScheme(scheme);
if (scheme == u"chrome"_ns || scheme == u"moz-src" || scheme == u"resource"_ns) {
if (scheme == u"chrome"_ns || scheme == u"moz-src" ||
scheme == u"resource"_ns) {
return true;
}
@@ -1836,8 +1837,7 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
const nsCSPPolicy* policy = csp->GetPolicy(0);
{
AllowBuiltinSrcVisitor visitor(CSPDirective::DEFAULT_SRC_DIRECTIVE,
spec);
AllowBuiltinSrcVisitor visitor(CSPDirective::DEFAULT_SRC_DIRECTIVE, spec);
if (!visitor.visit(policy)) {
MOZ_ASSERT(false, "about: page must contain a secure default-src");
}
@@ -1914,8 +1914,7 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
const nsCSPPolicy* policy =
static_cast<nsCSPContext*>(csp.get())->GetPolicy(0);
{
AllowBuiltinSrcVisitor visitor(CSPDirective::DEFAULT_SRC_DIRECTIVE,
spec);
AllowBuiltinSrcVisitor visitor(CSPDirective::DEFAULT_SRC_DIRECTIVE, spec);
if (!visitor.visit(policy)) {
MOZ_CRASH_UNSAFE_PRINTF(
"Document (%s) CSP does not have a default-src!", spec.get());
@@ -1962,7 +1961,6 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
"chrome://geckoview/content/geckoview.xhtml"_ns,
"chrome://global/content/alerts/alert.xhtml"_ns,
"chrome://global/content/appPicker.xhtml"_ns,
"chrome://global/content/megalist/megalist.html"_ns,
// Test files
"chrome://mochikit/"_ns,
"chrome://mochitests/"_ns,

4
toolkit/components/satchel/megalist/content/megalist.html
View File

@@ -10,6 +10,10 @@
name="viewport"
content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"
/>
<meta
http-equiv="Content-Security-Policy"
content="default-src chrome: resource:;"
/>
<script
type="module"
src="chrome://global/content/megalist/MegalistAlpha.mjs"