corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1957071 - Add a CSP to safeMode.xhtml. r=firefox-desktop-core-reviewers ,Gijs

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D243479
This commit is contained in:
Tom Schuster
2025-04-01 13:53:37 +00:00
parent 381d728c7b
commit 80bd058669
3 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
browser/base/content/safeMode.js
View File

@@ -53,7 +53,7 @@ function onExtra1() {
showResetDialog();
}
function onLoad() {
window.addEventListener("load", () => {
const dialog = document.getElementById("safeModeDialog");
if (appStartup.automaticSafeModeNecessary) {
document.getElementById("autoSafeMode").hidden = false;
@@ -72,4 +72,4 @@ function onLoad() {
document.addEventListener("dialogaccept", onDefaultButton);
document.addEventListener("dialogcancel", onCancel);
document.addEventListener("dialogextra1", onExtra1);
}
});

3
browser/base/content/safeMode.xhtml
View File

@@ -4,12 +4,13 @@
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<?csp default-src chrome: resource:; style-src chrome: 'unsafe-inline'; ?>
<window
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
data-l10n-id="troubleshoot-mode-window"
data-l10n-attrs="title,style"
onload="onLoad()"
>
<dialog
id="safeModeDialog"

4
dom/security/nsContentSecurityUtils.cpp
View File

@@ -1248,7 +1248,6 @@ static nsLiteralCString sStyleSrcUnsafeInlineAllowList[] = {
"chrome://browser/content/places/bookmarksSidebar.xhtml"_ns,
"chrome://browser/content/places/historySidebar.xhtml"_ns,
"chrome://browser/content/places/places.xhtml"_ns,
"chrome://browser/content/search/addEngine.xhtml"_ns,
"chrome://browser/content/preferences/dialogs/applicationManager.xhtml"_ns,
"chrome://browser/content/preferences/dialogs/browserLanguages.xhtml"_ns,
"chrome://browser/content/preferences/dialogs/clearSiteData.xhtml"_ns,
@@ -1265,8 +1264,10 @@ static nsLiteralCString sStyleSrcUnsafeInlineAllowList[] = {
"chrome://browser/content/preferences/dialogs/syncChooseWhatToSync.xhtml"_ns,
"chrome://browser/content/preferences/dialogs/translations.xhtml"_ns,
"chrome://browser/content/preferences/fxaPairDevice.xhtml"_ns,
"chrome://browser/content/safeMode.xhtml"_ns,
"chrome://browser/content/sanitize.xhtml"_ns,
"chrome://browser/content/sanitize_v2.xhtml"_ns,
"chrome://browser/content/search/addEngine.xhtml"_ns,
"chrome://browser/content/setDesktopBackground.xhtml"_ns,
"chrome://browser/content/spotlight.html"_ns,
"chrome://devtools/content/debugger/index.html"_ns,
@@ -1949,7 +1950,6 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
static nsLiteralCString sAllowedChromePagesWithNoCSP[] = {
"chrome://browser/content/default-bookmarks.html"_ns,
"chrome://browser/content/places/interactionsViewer.html"_ns,
"chrome://browser/content/safeMode.xhtml"_ns,
"chrome://browser/content/shopping/review-checker.xhtml"_ns,
"chrome://browser/content/webext-panels.xhtml"_ns,
"chrome://extensions/content/dummy.xhtml"_ns,