[debug only] Crash when adding news account ("AccountWizard.xhtml does not have a CSP!")
Categories
(Thunderbird :: Account Manager, defect)
Tracking
(thunderbird_esr128 unaffected, thunderbird139 affected)
| Tracking | Status | |
|---|---|---|
| thunderbird_esr128 | --- | unaffected |
| thunderbird139 | --- | affected |
People
(Reporter: francesco, Assigned: mkmelin)
References
(Regression)
Details
(Keywords: regression)
Attachments
(2 files)
- Run a debug build.
- Try to add a news account in the Account settings.
[14608] Hit MOZ_CRASH(Document (chrome://messenger/content/AccountWizard.xhtml) does not have a CSP!) at /builds/worker/checkouts/gecko/dom/security/nsContentSecurityUtils.cpp:1991
The message seems to be wrong as the page has CSP. However, it also has inline styles.
Inline styles:
https://searchfox.org/comm-central/rev/45f8c5bb09a833038a6d3ff06a3ee552663b45e5/mailnews/base/prefs/content/AccountWizard.xhtml#115,136
|
Assignee | |
Comment 1•4 months ago
|
||
That's a xul <window> doc still, so I guess we'll have to add the XUL version of CSP, like https://searchfox.org/mozilla-central/rev/e703d3fbd6da82cdda1256016a80abb1f245fedd/toolkit/components/prompts/content/commonDialog.xhtml#6, or convert the file to top level html.
|
|
Assignee | |
Comment 2•4 months ago
|
||
|
||
Updated•4 months ago
|
Will that work given the
https://searchfox.org/comm-central/rev/7cf8218b74a7799d6f8e8b322ddccb52afda1b06/mailnews/base/prefs/content/AccountWizard.xhtml#19
and
https://searchfox.org/comm-central/rev/45f8c5bb09a833038a6d3ff06a3ee552663b45e5/mailnews/base/prefs/content/AccountWizard.xhtml#115,136
There are three more that might need inspection:
https://searchfox.org/comm-central/rev/7cf8218b74a7799d6f8e8b322ddccb52afda1b06/mail/base/content/glodaFacetView.xhtml#38
https://searchfox.org/comm-central/rev/7cf8218b74a7799d6f8e8b322ddccb52afda1b06/mail/components/enterprisepolicies/content/aboutPolicies.xhtml#28
https://searchfox.org/comm-central/rev/7cf8218b74a7799d6f8e8b322ddccb52afda1b06/mailnews/base/prefs/content/converterDialog.xhtml#25
|
|
Assignee | |
Comment 4•4 months ago
|
||
(In reply to Francesco from comment #3)
Will that work given the
It should, as that's what the CSP says should be allowed.
I didn't not actually run this in a debug build, but I verified the onload script ran (it wouldn't on release builds, if it was blocked by csp)
Good find on those others, I can add them here.
(In reply to Magnus Melin [:mkmelin] from comment #4)
It should, as that's what the CSP says should be allowed.
The syntax isn't clear to me and it doesn't appear to be documented anywhere. I patched omni.ja in my debug build and your change works. Thanks.
|
|
Assignee | |
Comment 6•4 months ago
|
||
- glodaVacetView.xhtml has a correct csp
- converterDialog.xhtml also has a crorrect csp already
|
|
Assignee | |
Comment 7•4 months ago
|
||
(In reply to Francesco from comment #5)
https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP has some documentation. Since there are mozilla-internal protocols involved it's somewhat more complex, but the documentation still applies
|
|
Assignee | |
Comment 8•4 months ago
|
||
about:policies it seems is currently not easily accessible from within Thunderbird. But you can set it as startpage...
|
|
Assignee | |
Updated•3 months ago
|
|
|
Assignee | |
Updated•3 months ago
|
|
||
Comment 10•3 months ago
|
||
Pushed by brendan@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/29ca4ca99314
add CSP to about:policies. r=john.bieling
Description
•