[torbutton/master] Bug 22104: Adjust our content policy whitelist for ff52-esr. - tbb-commits

2 Jun 2017

commit 46947ad2a818a89643d75ca2397feb39fc6ef8c3
Author: Kathy Brade brade@pearlcrescent.com
Date:   Thu Jun 1 12:28:50 2017 -0400
Bug 22104: Adjust our content policy whitelist for ff52-esr.
Fix problems with missing video playback controls and missing scrollbars.
    Use a regex solution to allow access to all png images, svg images,
    and css files under chrome://global/skin/media.
---
 src/components/content-policy.js | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/components/content-policy.js b/src/components/content-policy.js
index b2fdff7..db72efe 100644
--- a/src/components/content-policy.js
+++ b/src/components/content-policy.js
@@ -43,23 +43,36 @@ ContentPolicy.prototype = {
     // Video playback.
     "chrome://global/content/TopLevelVideoDocument.js": Ci.nsIContentPolicy.TYPE_SCRIPT,
     "resource://gre/res/TopLevelVideoDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
-    "chrome://global/skin/media/TopLevelVideoDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
     "chrome://global/content/bindings/videocontrols.xml": Ci.nsIContentPolicy.TYPE_XBL,
     "chrome://global/content/bindings/scale.xml": Ci.nsIContentPolicy.TYPE_XBL,
     "chrome://global/content/bindings/progressmeter.xml": Ci.nsIContentPolicy.TYPE_XBL,
+    "chrome://global/content/bindings/button.xml": Ci.nsIContentPolicy.TYPE_XBL,
+    "chrome://global/content/bindings/general.xml": Ci.nsIContentPolicy.TYPE_XBL,
+    "chrome://global/content/bindings/text.xml": Ci.nsIContentPolicy.TYPE_XBL,
// Image display.
     "resource://gre/res/ImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
     "resource://gre/res/TopLevelImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
-    "chrome://global/skin/media/TopLevelImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
-    // Resizing text boxes.
+    // Scrollbars, text box resizer, and content keyboard shortcuts.
+    "chrome://global/content/bindings/scrollbar.xml": Ci.nsIContentPolicy.TYPE_XBL,
     "chrome://global/content/bindings/resizer.xml": Ci.nsIContentPolicy.TYPE_XBL,
+    "chrome://global/content/platformHTMLBindings.xml": Ci.nsIContentPolicy.TYPE_XBL,
// Directory listing.
     "chrome://global/skin/dirListing/dirListing.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
   },
+  uriRegexWhitelist: [
+    // Video playback: whitelist png and svg images under chrome://global/skin/media
+    { regex: /^chrome://global/skin/media/.+.(png|svg)$/,
+      type: Ci.nsIContentPolicy.TYPE_IMAGE },
+
+    // Video playback and image display: whitelist css files under chrome://global/skin/media
+    { regex: /^chrome://global/skin/media/.+.css$/,
+      type: Ci.nsIContentPolicy.TYPE_STYLESHEET },
+  ],
+
   // nsISupports
   QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy, Ci.nsIFactory,
                                          Ci.nsISupportsWeakReference]),
@@ -105,6 +118,11 @@ ContentPolicy.prototype = {
       if (this.uriWhitelist[aContentLocation.spec] == aContentType)
         return Ci.nsIContentPolicy.ACCEPT;
+    for (let wlObj of this.uriRegexWhitelist) {
+      if ((wlObj.type == aContentType) && wlObj.regex.test(aContentLocation.spec))
+        return Ci.nsIContentPolicy.ACCEPT;
+    }
+
     return Ci.nsIContentPolicy.REJECT_REQUEST;
   },

    