Open
Bug 1571346
Opened 5 years ago
Updated 2 years ago
Remove 'unsafe-inline' from style-src within about:addons
Categories
(Toolkit :: Add-ons Manager, task, P3)
Toolkit
Add-ons Manager
Tracking
()
NEW
People
(Reporter: ckerschb, Unassigned)
References
Details
Attachments
(1 obsolete file)
Within Bug 1497189 we are adding a CSP to about:addons. Most importantly is to block any inline script that runs but as a follow up we should also eliminate all usages of inline styles. After the removals of inline styles, e.g:
- https://searchfox.org/mozilla-central/rev/b3fd653bc6078b3be4a8d06db39eddc5714755da/toolkit/mozapps/extensions/content/message-bar.js#62
- https://searchfox.org/mozilla-central/rev/b3fd653bc6078b3be4a8d06db39eddc5714755da/toolkit/mozapps/extensions/content/message-bar.js#103
we should be able to remove 'unsafe-inline' from style-src for about:addons.
|
||
Updated•5 years ago
|
Priority: -- → P3
|
||
Comment 1•3 years ago
|
||
It seems the originally problematic code is no longer existing.
|
||
Updated•3 years ago
|
Assignee: nobody → fbraun
Status: NEW → ASSIGNED
|
|
||
Updated•3 years ago
|
Attachment #9248592 -
Attachment is obsolete: true
|
|
||
Comment 2•3 years ago
|
||
Looks like there are still some files that are a bit harder to nail down. The reporting just says "chrome" without further URL info. Meh.
|
|
||
Updated•3 years ago
|
Assignee: fbraun → nobody
Status: ASSIGNED → NEW
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•