corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1958804: Add CSP to appPicker.xhtml r=tschuster,mossop

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D244837
This commit is contained in:
Simon Friedberger
2025-04-14 08:10:53 +00:00
parent ee5dc08aa7
commit e3652e1e4d
3 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
dom/security/nsContentSecurityUtils.cpp
View File

@@ -648,8 +648,10 @@ bool nsContentSecurityUtils::IsEvalAllowed(JSContext* cx,
if (StaticPrefs::
security_allow_unsafe_dangerous_privileged_evil_eval_AtStartup()) {
MOZ_LOG(sCSMLog, LogLevel::Debug,
("Allowing eval() because security.allow_unsafe_dangerous_priviliged_evil_eval is enabled."));
MOZ_LOG(
sCSMLog, LogLevel::Debug,
("Allowing eval() because "
"security.allow_unsafe_dangerous_priviliged_evil_eval is enabled."));
return true;
}
@@ -1967,7 +1969,6 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
static nsLiteralCString sAllowedChromePagesWithNoCSP[] = {
"chrome://browser/content/shopping/review-checker.xhtml"_ns,
"chrome://geckoview/content/geckoview.xhtml"_ns,
"chrome://global/content/appPicker.xhtml"_ns,
// Test files
"chrome://mochikit/"_ns,
"chrome://mochitests/"_ns,

2
toolkit/components/apppicker/content/appPicker.js
View File

@@ -74,6 +74,7 @@ AppPicker.prototype = {
var fileList = mimeInfo.possibleLocalHandlers;
var list = document.getElementById("app-picker-listbox");
list.addEventListener("dblclick", () => g_dialog.appDoubleClick());
var primaryCount = 0;
@@ -228,3 +229,4 @@ AppPicker.prototype = {
// Global object
var g_dialog = new AppPicker();
window.addEventListener("load", () => g_dialog.appPickerLoad());

8
toolkit/components/apppicker/content/appPicker.xhtml
View File

@@ -4,12 +4,13 @@
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<?csp default-src chrome: resource:; img-src chrome: moz-icon:; ?>
<!DOCTYPE window>
<window
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
xmlns:html="http://www.w3.org/1999/xhtml"
onload="g_dialog.appPickerLoad();"
aria-describedby="content-description suggested-filename"
persist="screenX screenY"
>
@@ -42,10 +43,7 @@
control="app-picker-listbox"
/>
<richlistbox
id="app-picker-listbox"
ondblclick="g_dialog.appDoubleClick();"
/>
<richlistbox id="app-picker-listbox" />
<label
id="app-picker-notfound"