commit f87cd0af7462faab1d349e28e7b17c76274624b0 Author: Alex Catarineu acat@torproject.org Date: Tue Jan 14 13:14:06 2020 +0100
Bug 31395: Remove inline script in aboutTor.xhtml --- chrome.manifest | 1 + chrome/content/aboutTor/aboutTor.xhtml | 11 ++--------- chrome/content/aboutTor/resources/aboutTor.js | 11 +++++++++++ jar.mn | 1 + 4 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/chrome.manifest b/chrome.manifest index d1ffe6d6..6d9d12d4 100644 --- a/chrome.manifest +++ b/chrome.manifest @@ -1,5 +1,6 @@ content torbutton chrome/content/ resource torbutton ./ +resource torbutton-abouttor resource://torbutton/content/aboutTor/resources/ contentaccessible=yes resource torbutton-assets resource://torbutton/chrome/skin/ contentaccessible=yes
# browser branding diff --git a/chrome/content/aboutTor/aboutTor.xhtml b/chrome/content/aboutTor/aboutTor.xhtml index 56777ba3..db313c3d 100644 --- a/chrome/content/aboutTor/aboutTor.xhtml +++ b/chrome/content/aboutTor/aboutTor.xhtml @@ -20,19 +20,12 @@
<html xmlns="http://www.w3.org/1999/xhtml"> <head> - <meta http-equiv="Content-Security-Policy" content="default-src chrome: resource:; script-src chrome: resource: 'unsafe-inline';" /> + <meta http-equiv="Content-Security-Policy" content="default-src resource:;" /> <meta name="viewport" content="width=device-width, initial-scale=1"/> <title>&aboutTor.title;</title> <link rel="stylesheet" type="text/css" media="all" href="resource://torbutton-assets/aboutTor.css"/> -<script type="text/javascript"> - <![CDATA[ -window.addEventListener("pageshow", function() { - let evt = new CustomEvent("AboutTorLoad", { bubbles: true }); - document.dispatchEvent(evt); -}); -]]> -</script> + <script type="text/javascript" src="resource://torbutton-abouttor/aboutTor.js"></script> </head> <body dir="&locale.dir;"> <div class="torcontent-container"> diff --git a/chrome/content/aboutTor/resources/aboutTor.js b/chrome/content/aboutTor/resources/aboutTor.js new file mode 100644 index 00000000..6687390b --- /dev/null +++ b/chrome/content/aboutTor/resources/aboutTor.js @@ -0,0 +1,11 @@ +/************************************************************************* + * Copyright (c) 2020, The Tor Project, Inc. + * See LICENSE for licensing information. + * + * vim: set sw=2 sts=2 ts=8 et syntax=javascript: + *************************************************************************/ + +window.addEventListener("pageshow", function() { + let evt = new CustomEvent("AboutTorLoad", { bubbles: true }); + document.dispatchEvent(evt); +}); diff --git a/jar.mn b/jar.mn index 45c8c9b8..3838bc9b 100644 --- a/jar.mn +++ b/jar.mn @@ -10,6 +10,7 @@ torbutton.jar: skin/ (chrome/skin/*)
% resource torbutton % +% resource torbutton-abouttor resource://torbutton/content/aboutTor/resources/ contentaccessible=yes % resource torbutton-assets resource://torbutton/skin/ contentaccessible=yes
# browser branding