Closed Bug 1012656 Opened 7 years ago Closed 7 years ago

[PDF.js] Remove inline style for CSP compliance

Categories

(Firefox OS Graveyard :: Gaia::PDF Viewer, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: gerard-majax, Assigned: vingtetun)

References

Details

Attachments

(1 file)

Confere bug 968907 and bug 858787. We need to remove all CSS inline usage in certified apps.

https://github.com/mozilla-b2g/gaia/blob/master/apps/pdfjs/content/web/viewer.html#L86
Depends on: 817674
Attached patch csp.pdfjs.patchSplinter Review
The app can really just be privileged. It does not need access to mozSettings as it used a web version of l10n.js that does not use mozSettings anyway, and as the new l10n.js file rely on languagechange instead of mozSettings.
Attachment #8437341 - Flags: review?(bdahl)
(In reply to Vivien Nicolas (:vingtetun) (:21) - (NOT reading bugmails, needinfo? please) from comment #1)
> Created attachment 8437341 [details] [diff] [review]
> csp.pdfjs.patch
> 
> The app can really just be privileged. It does not need access to
> mozSettings as it used a web version of l10n.js that does not use
> mozSettings anyway, and as the new l10n.js file rely on languagechange
> instead of mozSettings.

Hi Vivien, bdahl is on leave until September, I recommend you ask Yury Delendik for review here.
Yury, can you review this?
Flags: needinfo?(ydelendik)
Comment on attachment 8437341 [details] [diff] [review]
csp.pdfjs.patch

Hi Vivien, PDF.js only needs XHR access, so I guess the changes in the attachment 8437341 [details] [diff] [review] will be fine (and there is no need to uplift to the pdf.js repo)
Attachment #8437341 - Flags: review?(bdahl) → feedback+
Flags: needinfo?(ydelendik)
Try is green. https://github.com/mozilla-b2g/gaia/commit/b9b5129e0534c4d55d3bcf0444bbb1bc8c16284c
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.