[tbb-commits] [torbutton/master] Bug 22104: Adjust our content policy whitelist for ff52-esr.

gk at torproject.org gk at torproject.org
Fri Jun 2 09:26:00 UTC 2017


commit 46947ad2a818a89643d75ca2397feb39fc6ef8c3
Author: Kathy Brade <brade at pearlcrescent.com>
Date:   Thu Jun 1 12:28:50 2017 -0400

    Bug 22104: Adjust our content policy whitelist for ff52-esr.
    
    Fix problems with missing video playback controls and missing scrollbars.
    Use a regex solution to allow access to all png images, svg images,
    and css files under chrome://global/skin/media.
---
 src/components/content-policy.js | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/components/content-policy.js b/src/components/content-policy.js
index b2fdff7..db72efe 100644
--- a/src/components/content-policy.js
+++ b/src/components/content-policy.js
@@ -43,23 +43,36 @@ ContentPolicy.prototype = {
     // Video playback.
     "chrome://global/content/TopLevelVideoDocument.js": Ci.nsIContentPolicy.TYPE_SCRIPT,
     "resource://gre/res/TopLevelVideoDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
-    "chrome://global/skin/media/TopLevelVideoDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
     "chrome://global/content/bindings/videocontrols.xml": Ci.nsIContentPolicy.TYPE_XBL,
     "chrome://global/content/bindings/scale.xml": Ci.nsIContentPolicy.TYPE_XBL,
     "chrome://global/content/bindings/progressmeter.xml": Ci.nsIContentPolicy.TYPE_XBL,
+    "chrome://global/content/bindings/button.xml": Ci.nsIContentPolicy.TYPE_XBL,
+    "chrome://global/content/bindings/general.xml": Ci.nsIContentPolicy.TYPE_XBL,
+    "chrome://global/content/bindings/text.xml": Ci.nsIContentPolicy.TYPE_XBL,
 
     // Image display.
     "resource://gre/res/ImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
     "resource://gre/res/TopLevelImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
-    "chrome://global/skin/media/TopLevelImageDocument.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
 
-    // Resizing text boxes.
+    // Scrollbars, text box resizer, and content keyboard shortcuts.
+    "chrome://global/content/bindings/scrollbar.xml": Ci.nsIContentPolicy.TYPE_XBL,
     "chrome://global/content/bindings/resizer.xml": Ci.nsIContentPolicy.TYPE_XBL,
+    "chrome://global/content/platformHTMLBindings.xml": Ci.nsIContentPolicy.TYPE_XBL,
 
     // Directory listing.
     "chrome://global/skin/dirListing/dirListing.css": Ci.nsIContentPolicy.TYPE_STYLESHEET,
   },
 
+  uriRegexWhitelist: [
+    // Video playback: whitelist png and svg images under chrome://global/skin/media
+    { regex: /^chrome:\/\/global\/skin\/media\/.+\.(png|svg)$/,
+      type: Ci.nsIContentPolicy.TYPE_IMAGE },
+
+    // Video playback and image display: whitelist css files under chrome://global/skin/media
+    { regex: /^chrome:\/\/global\/skin\/media\/.+\.css$/,
+      type: Ci.nsIContentPolicy.TYPE_STYLESHEET },
+  ],
+
   // nsISupports
   QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy, Ci.nsIFactory,
                                          Ci.nsISupportsWeakReference]),
@@ -105,6 +118,11 @@ ContentPolicy.prototype = {
       if (this.uriWhitelist[aContentLocation.spec] == aContentType)
         return Ci.nsIContentPolicy.ACCEPT;
 
+    for (let wlObj of this.uriRegexWhitelist) {
+      if ((wlObj.type == aContentType) && wlObj.regex.test(aContentLocation.spec))
+        return Ci.nsIContentPolicy.ACCEPT;
+    }
+
     return Ci.nsIContentPolicy.REJECT_REQUEST;
   },
 



More information about the tbb-commits mailing list