1012656 - [PDF.js] Remove inline style for CSP compliance

Status: RESOLVED FIXED

(Firefox OS Graveyard :: Gaia::PDF Viewer, defect)

Description

[:gerard-majax]

Confere bug 968907 and bug 858787. We need to remove all CSS inline usage in certified apps.

https://github.com/mozilla-b2g/gaia/blob/master/apps/pdfjs/content/web/viewer.html#L86

Comment 1

[Vivien Nicolas (:vingtetun) (:21) - (NOT reading bugmails, needinfo? please)]

Attachment: csp.pdfjs.patch

The app can really just be privileged. It does not need access to mozSettings as it used a web version of l10n.js that does not use mozSettings anyway, and as the new l10n.js file rely on languagechange instead of mozSettings.

Comment 3

[Bill Walker [:bwalker] [@wfwalker]]

(In reply to Vivien Nicolas (:vingtetun) (:21) - (NOT reading bugmails, needinfo? please) from comment #1)
> Created attachment 8437341 [details] [diff] [review]
> csp.pdfjs.patch
> 
> The app can really just be privileged. It does not need access to
> mozSettings as it used a web version of l10n.js that does not use
> mozSettings anyway, and as the new l10n.js file rely on languagechange
> instead of mozSettings.

Hi Vivien, bdahl is on leave until September, I recommend you ask Yury Delendik for review here.

Comment 4

[Bill Walker [:bwalker] [@wfwalker]]

Yury, can you review this?

Comment 5

[Yury Delendik (:yury)]

Comment on attachment 8437341 [details] [diff] [review]
csp.pdfjs.patch

Hi Vivien, PDF.js only needs XHR access, so I guess the changes in the attachment 8437341 [details] [diff] [review] will be fine (and there is no need to uplift to the pdf.js repo)

Comment 6

[Vivien Nicolas (:vingtetun) (:21) - (NOT reading bugmails, needinfo? please)]

https://tbpl.mozilla.org/?tree=Gaia-Try&rev=6261185878bc5af777170dda6650d721e06e43b7

Comment 7

[Vivien Nicolas (:vingtetun) (:21) - (NOT reading bugmails, needinfo? please)]

Try is green. https://github.com/mozilla-b2g/gaia/commit/b9b5129e0534c4d55d3bcf0444bbb1bc8c16284c