Pier Angelo Vendrame pushed to branch tor-browser-140.1.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: d68f1d0a by Pier Angelo Vendrame at 2025-08-11T11:31:57+02:00 fixup! BB 40925: Implemented the Security Level component BB 44090: Add CSP to our XUL XHTML documents. - - - - - 7a4c6fc9 by Pier Angelo Vendrame at 2025-08-11T11:32:06+02:00 fixup! BB 40926: Implemented the New Identity feature BB 44090: Add CSP to our XUL XHTML documents. - - - - - bdec800c by Pier Angelo Vendrame at 2025-08-11T11:32:06+02:00 fixup! TB 30237: Add v3 onion services client authentication prompt BB 44090: Add CSP to our XUL XHTML documents. - - - - - 70a4871e by Pier Angelo Vendrame at 2025-08-11T11:32:07+02:00 fixup! TB 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection BB 44090: Add CSP to our XUL XHTML documents. - - - - - 11 changed files: - browser/components/newidentity/content/newIdentityDialog.xhtml - browser/components/onionservices/content/savedKeysDialog.xhtml - browser/components/securitylevel/content/securityLevelDialog.xhtml - browser/components/torpreferences/content/bridgeQrDialog.xhtml - browser/components/torpreferences/content/builtinBridgeDialog.xhtml - browser/components/torpreferences/content/connectionSettingsDialog.xhtml - browser/components/torpreferences/content/loxInviteDialog.xhtml - browser/components/torpreferences/content/provideBridgeDialog.xhtml - browser/components/torpreferences/content/requestBridgeDialog.xhtml - browser/components/torpreferences/content/torLogDialog.xhtml - dom/security/nsContentSecurityUtils.cpp Changes: ===================================== browser/components/newidentity/content/newIdentityDialog.xhtml ===================================== @@ -6,6 +6,8 @@ <!-- based on resetProfile.xhtml --> +<?csp default-src chrome: ?> + <window id="newIdentityDialogWindow" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" ===================================== browser/components/onionservices/content/savedKeysDialog.xhtml ===================================== @@ -1,6 +1,8 @@ <?xml version="1.0"?> <!-- Copyright (c) 2020, The Tor Project, Inc. --> +<?csp default-src chrome: ?> + <window id="onionservices-savedkeys-dialog" windowtype="OnionServices:SavedKeys" ===================================== browser/components/securitylevel/content/securityLevelDialog.xhtml ===================================== @@ -1,5 +1,7 @@ <?xml version="1.0"?> +<?csp default-src chrome: ?> + <window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" xmlns:html="http://www.w3.org/1999/xhtml" ===================================== browser/components/torpreferences/content/bridgeQrDialog.xhtml ===================================== @@ -1,5 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> +<?csp default-src chrome: ?> + <window type="child" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" ===================================== browser/components/torpreferences/content/builtinBridgeDialog.xhtml ===================================== @@ -1,5 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> +<?csp default-src chrome: ?> + <window type="child" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" ===================================== browser/components/torpreferences/content/connectionSettingsDialog.xhtml ===================================== @@ -1,5 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> +<?csp default-src chrome: ?> + <window type="child" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" ===================================== browser/components/torpreferences/content/loxInviteDialog.xhtml ===================================== @@ -1,5 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> +<?csp default-src chrome: ?> + <window type="child" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" ===================================== browser/components/torpreferences/content/provideBridgeDialog.xhtml ===================================== @@ -1,5 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> +<?csp default-src chrome: ?> + <window type="child" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" ===================================== browser/components/torpreferences/content/requestBridgeDialog.xhtml ===================================== @@ -1,5 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> +<?csp default-src chrome:; img-src data: ?> + <window type="child" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" ===================================== browser/components/torpreferences/content/torLogDialog.xhtml ===================================== @@ -1,5 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> +<?csp default-src chrome: ?> + <window type="child" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" ===================================== dom/security/nsContentSecurityUtils.cpp ===================================== @@ -1361,6 +1361,7 @@ static nsLiteralCString sImgSrcDataBlobAllowList[] = { "chrome://devtools/content/webconsole/index.html"_ns, "chrome://global/content/alerts/alert.xhtml"_ns, "chrome://global/content/print.html"_ns, + "chrome://browser/content/torpreferences/requestBridgeDialog.xhtml"_ns, }; // img-src https: static nsLiteralCString sImgSrcHttpsAllowList[] = { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/cca7d67... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/cca7d67... You're receiving this email because of your account on gitlab.torproject.org.