[ tor-browser ].git.dasho

commit d28dc3d6d1d18188202e64444e2d168c345abb1b
parent b3ee1bd4b9ad77fdc1e11033d151b8effca19214
Author: Tom Schuster <tschuster@mozilla.com>
Date:   Wed, 29 Oct 2025 15:17:48 +0000

Bug 1980376 - Restrict pageInfo.xhtml CSP. r=florian

Differential Revision: https://phabricator.services.mozilla.com/D259570

Diffstat:
M browser/base/content/pageinfo/pageInfo.xhtml  | 2 +-
M dom/security/nsContentSecurityUtils.cpp  | 23 ++---------------------

2 files changed, 3 insertions(+), 22 deletions(-)
diff --git a/browser/base/content/pageinfo/pageInfo.xhtml b/browser/base/content/pageinfo/pageInfo.xhtml
@@ -2,7 +2,7 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-<?csp default-src chrome:; img-src data: *; media-src data: *; style-src chrome: 'unsafe-inline'; ?>
+<?csp default-src chrome:; style-src chrome: 'unsafe-inline'; ?>
 
 <window id="main-window"
   xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
diff --git a/dom/security/nsContentSecurityUtils.cpp b/dom/security/nsContentSecurityUtils.cpp
@@ -1347,7 +1347,6 @@ static nsLiteralCString sImgSrcDataBlobAllowList[] = {
     "chrome://browser/content/aboutDialog.xhtml"_ns,
     "chrome://browser/content/aboutlogins/aboutLogins.html"_ns,
     "chrome://browser/content/genai/chat.html"_ns,
-    "chrome://browser/content/pageinfo/pageInfo.xhtml"_ns,
     "chrome://browser/content/places/bookmarksSidebar.xhtml"_ns,
     "chrome://browser/content/places/places.xhtml"_ns,
     "chrome://browser/content/preferences/dialogs/permissions.xhtml"_ns,
@@ -1408,7 +1407,7 @@ static nsLiteralCString sImgSrcAddonsAllowList[] = {
 // img-src *
 //  UNSAFE! Allows loading everything.
 static nsLiteralCString sImgSrcWildcardAllowList[] = {
-    "about:reader"_ns, "chrome://browser/content/pageinfo/pageInfo.xhtml"_ns,
+    "about:reader"_ns,
     "chrome://browser/content/syncedtabs/sidebar.xhtml"_ns,
     // STOP! Do not add anything to this list.
 };
@@ -1419,14 +1418,10 @@ static nsLiteralCString sImgSrcHttpsHostAllowList[] = {
     "chrome://browser/content/aboutlogins/aboutLogins.html"_ns,
     "chrome://browser/content/spotlight.html"_ns,
 };
-// media-src data: blob:
-static nsLiteralCString sMediaSrcDataBlobAllowList[] = {
-    "chrome://browser/content/pageinfo/pageInfo.xhtml"_ns,
-};
 // media-src *
 //  UNSAFE! Allows loading everything.
 static nsLiteralCString sMediaSrcWildcardAllowList[] = {
-    "about:reader"_ns, "chrome://browser/content/pageinfo/pageInfo.xhtml"_ns,
+    "about:reader"_ns,
     // STOP! Do not add anything to this list.
 };
 // media-src https://example.org
@@ -1647,20 +1642,6 @@ class MediaSrcVisitor : public AllowBuiltinSrcVisitor {
     MOZ_ASSERT(aDirective == CSPDirective::MEDIA_SRC_DIRECTIVE);
   }
 
-  bool visitSchemeSrc(const nsCSPSchemeSrc& src) override {
-    nsAutoString scheme;
-    src.getScheme(scheme);
-
-    // data: and blob: can be used to decode arbitrary media.
-    if (scheme == u"data"_ns || scheme == u"blob") {
-      if (CheckAllowList(sMediaSrcDataBlobAllowList)) {
-        return true;
-      }
-    }
-
-    return AllowBuiltinSrcVisitor::visitSchemeSrc(src);
-  }
-
   bool visitHostSrc(const nsCSPHostSrc& src) override {
     return VisitHostSrcWithWildcardAndHttpsHostAllowLists(
         src, sMediaSrcWildcardAllowList, sMediaSrcHttpsHostAllowList);

	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE

M	browser/base/content/pageinfo/pageInfo.xhtml	\|	2	+-
M	dom/security/nsContentSecurityUtils.cpp	\|	23	++---------------------