commit 46947ad2a818a89643d75ca2397feb39fc6ef8c3 Author: Kathy Brade <brade@pearlcrescent.com> Date: Thu Jun 1 12:28:50 2017 -0400 Bug 22104: Adjust our content policy whitelist for ff52-esr. Fix problems with missing video playback controls and missing scrollbars. Use a regex solution to allow access to all png images, svg images, and css files under chrome://global/skin/media. --- src/components/content-policy.js | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/components/content-policy.js b/src/components/content-policy.js index b2fdff7..db72efe 100644 --- a/src/components/content-policy.js +++ b/src/components/content-policy.js @@ -43,23 +43,36 @@ ContentPolicy.prototype = { // Video playback. "chrome://global/content/TopLevelVideoDocument.js": Ci.nsIContentPolicy.TYPE_SCRIPT, "resource://gre/res/TopLevelVideoDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, - "chrome://global/skin/media/TopLevelVideoDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, "chrome://global/content/bindings/videocontrols.xml": Ci.nsIContentPolicy.TYPE_XBL, "chrome://global/content/bindings/scale.xml": Ci.nsIContentPolicy.TYPE_XBL, "chrome://global/content/bindings/progressmeter.xml": Ci.nsIContentPolicy.TYPE_XBL, + "chrome://global/content/bindings/button.xml": Ci.nsIContentPolicy.TYPE_XBL, + "chrome://global/content/bindings/general.xml": Ci.nsIContentPolicy.TYPE_XBL, + "chrome://global/content/bindings/text.xml": Ci.nsIContentPolicy.TYPE_XBL, // Image display. "resource://gre/res/ImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, "resource://gre/res/TopLevelImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, - "chrome://global/skin/media/TopLevelImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, - // Resizing text boxes. + // Scrollbars, text box resizer, and content keyboard shortcuts. + "chrome://global/content/bindings/scrollbar.xml": Ci.nsIContentPolicy.TYPE_XBL, "chrome://global/content/bindings/resizer.xml": Ci.nsIContentPolicy.TYPE_XBL, + "chrome://global/content/platformHTMLBindings.xml": Ci.nsIContentPolicy.TYPE_XBL, // Directory listing. "chrome://global/skin/dirListing/dirListing.css": Ci.nsIContentPolicy.TYPE_STYLESHEET, }, + uriRegexWhitelist: [ + // Video playback: whitelist png and svg images under chrome://global/skin/media + { regex: /^chrome:\/\/global\/skin\/media\/.+\.(png|svg)$/, + type: Ci.nsIContentPolicy.TYPE_IMAGE }, + + // Video playback and image display: whitelist css files under chrome://global/skin/media + { regex: /^chrome:\/\/global\/skin\/media\/.+\.css$/, + type: Ci.nsIContentPolicy.TYPE_STYLESHEET }, + ], + // nsISupports QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy, Ci.nsIFactory, Ci.nsISupportsWeakReference]), @@ -105,6 +118,11 @@ ContentPolicy.prototype = { if (this.uriWhitelist[aContentLocation.spec] == aContentType) return Ci.nsIContentPolicy.ACCEPT; + for (let wlObj of this.uriRegexWhitelist) { + if ((wlObj.type == aContentType) && wlObj.regex.test(aContentLocation.spec)) + return Ci.nsIContentPolicy.ACCEPT; + } + return Ci.nsIContentPolicy.REJECT_REQUEST; },