commit 46947ad2a818a89643d75ca2397feb39fc6ef8c3
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Thu Jun 1 12:28:50 2017 -0400
Bug 22104: Adjust our content policy whitelist for ff52-esr.
Fix problems with missing video playback controls and missing scrollbars.
Use a regex solution to allow access to all png images, svg images,
and css files under chrome://global/skin/media.
---
src/components/content-policy.js | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/src/components/content-policy.js b/src/components/content-policy.js
index b2fdff7..db72efe 100644
--- a/src/components/content-policy.js
+++ b/src/components/content-policy.js
@@ -43,23 +43,36 @@ ContentPolicy.prototype = {
// Video playback.
"chrome://global/content/TopLevelVideoDocument.js": Ci.nsIContentPolicy.TYPE_SCRIPT,
"resource://gre/res/TopLevelVideoDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
- "chrome://global/skin/media/TopLevelVideoDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
"chrome://global/content/bindings/videocontrols.xml": Ci.nsIContentPolicy.TYPE_XBL,
"chrome://global/content/bindings/scale.xml": Ci.nsIContentPolicy.TYPE_XBL,
"chrome://global/content/bindings/progressmeter.xml": Ci.nsIContentPolicy.TYPE_XBL,
+ "chrome://global/content/bindings/button.xml": Ci.nsIContentPolicy.TYPE_XBL,
+ "chrome://global/content/bindings/general.xml": Ci.nsIContentPolicy.TYPE_XBL,
+ "chrome://global/content/bindings/text.xml": Ci.nsIContentPolicy.TYPE_XBL,
// Image display.
"resource://gre/res/ImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
"resource://gre/res/TopLevelImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
- "chrome://global/skin/media/TopLevelImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
- // Resizing text boxes.
+ // Scrollbars, text box resizer, and content keyboard shortcuts.
+ "chrome://global/content/bindings/scrollbar.xml": Ci.nsIContentPolicy.TYPE_XBL,
"chrome://global/content/bindings/resizer.xml": Ci.nsIContentPolicy.TYPE_XBL,
+ "chrome://global/content/platformHTMLBindings.xml": Ci.nsIContentPolicy.TYPE_XBL,
// Directory listing.
"chrome://global/skin/dirListing/dirListing.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
},
+ uriRegexWhitelist: [
+ // Video playback: whitelist png and svg images under chrome://global/skin/media
+ { regex: /^chrome:\/\/global\/skin\/media\/.+\.(png|svg)$/,
+ type: Ci.nsIContentPolicy.TYPE_IMAGE },
+
+ // Video playback and image display: whitelist css files under chrome://global/skin/media
+ { regex: /^chrome:\/\/global\/skin\/media\/.+\.css$/,
+ type: Ci.nsIContentPolicy.TYPE_STYLESHEET },
+ ],
+
// nsISupports
QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy, Ci.nsIFactory,
Ci.nsISupportsWeakReference]),
@@ -105,6 +118,11 @@ ContentPolicy.prototype = {
if (this.uriWhitelist[aContentLocation.spec] == aContentType)
return Ci.nsIContentPolicy.ACCEPT;
+ for (let wlObj of this.uriRegexWhitelist) {
+ if ((wlObj.type == aContentType) && wlObj.regex.test(aContentLocation.spec))
+ return Ci.nsIContentPolicy.ACCEPT;
+ }
+
return Ci.nsIContentPolicy.REJECT_REQUEST;
},