tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 8b39e2f000103df4f00897d660291d019993b423
parent f37b7dac5c5d95a9d18da4e0c30630cd0c8ecbdf
Author: Tom Schuster <tschuster@mozilla.com>
Date:   Fri, 21 Nov 2025 08:25:18 +0000

Bug 1844792 - Use moz-remote-image: for appChooser.xhtml. r=Gijs

Differential Revision: https://phabricator.services.mozilla.com/D273194

Diffstat:

Mdom/security/nsContentSecurityUtils.cpp | 3+--


Mtoolkit/mozapps/handling/content/appChooser.js | 7++++++-


Mtoolkit/mozapps/handling/content/appChooser.xhtml | 4++--


3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/dom/security/nsContentSecurityUtils.cpp b/dom/security/nsContentSecurityUtils.cpp
@@ -1330,6 +1330,7 @@ static nsLiteralCString sImgSrcMozRemoteImageAllowList[] = {
     "about:preferences"_ns,
     "about:settings"_ns,
     "chrome://browser/content/preferences/dialogs/applicationManager.xhtml"_ns,
+    "chrome://mozapps/content/handling/appChooser.xhtml"_ns,
 };
 // img-src data: blob:
 static nsLiteralCString sImgSrcDataBlobAllowList[] = {
@@ -1393,7 +1394,6 @@ static nsLiteralCString sImgSrcHttpsAllowList[] = {
     "chrome://devtools/content/framework/browser-toolbox/window.html"_ns,
     "chrome://devtools/content/framework/toolbox-window.xhtml"_ns,
     "chrome://global/content/alerts/alert.xhtml"_ns,
-    "chrome://mozapps/content/handling/appChooser.xhtml"_ns,
 };
 // img-src http:
 //  UNSAFE! Do not use.
@@ -1403,7 +1403,6 @@ static nsLiteralCString sImgSrcHttpAllowList[] = {
     "chrome://devtools/content/framework/browser-toolbox/window.html"_ns,
     "chrome://devtools/content/framework/toolbox-window.xhtml"_ns,
     "chrome://global/content/alerts/alert.xhtml"_ns,
-    "chrome://mozapps/content/handling/appChooser.xhtml"_ns,
     // STOP! Do not add anything to this list.
 };
 // img-src jar: file:
diff --git a/toolkit/mozapps/handling/content/appChooser.js b/toolkit/mozapps/handling/content/appChooser.js
@@ -146,7 +146,12 @@ let dialog = {
           // and users won't visit the handler's URL template, they'll only
           // visit URLs derived from that template (i.e. with %s in the template
           // replaced by the URL of the content being handled).
-          elm.setAttribute("image", uri.prePath + "/favicon.ico");
+          let params = new URLSearchParams({
+            url: uri.prePath + "/favicon.ico",
+            width: 32,
+            height: 32,
+          });
+          elm.setAttribute("image", "moz-remote-image://?" + params);
         }
         elm.setAttribute("description", uri.prePath);
 
diff --git a/toolkit/mozapps/handling/content/appChooser.xhtml b/toolkit/mozapps/handling/content/appChooser.xhtml
@@ -5,8 +5,8 @@
 
 <!DOCTYPE window>
 
-<?csp default-src chrome:; style-src chrome: 'unsafe-inline'; img-src http:
-https: moz-icon:; ?>
+<?csp default-src chrome:; style-src chrome: 'unsafe-inline'; img-src moz-icon:
+moz-remote-image:; ?>
 
 <window
   persist="width height screenX screenY"