Bug 1773667 - Add console logging for file:// script loads. r=freddyb

Differential Revision: https://phabricator.services.mozilla.com/D148899

dom/locales/en-US/chrome/security/security.properties

@@ -93,6 +93,9 @@ BlockSubresourceRedirectToData=Redirecting to insecure data: URI not allowed (Bl
 
 BlockSubresourceFTP=Loading FTP subresource within http(s) page not allowed (Blocked loading of: “%1$S”)
 
+# LOCALIZATION NOTE: Do not translate "file: URI". “%1$S” is the whole URI of the loaded file. “%2$S” is the MIME type e.g. "text/plain".
+BlockFileScriptWithWrongMimeType=Loading script from file: URI (“%1$S”) was blocked because its MIME type (“%2$S”) is not a valid JavaScript MIME type.
+
 RestrictBrowserEvalUsage=eval() and eval-like uses are not allowed in the Parent Process or in System Contexts (Blocked usage in “%1$S”)
 
 # LOCALIZATION NOTE (MixedContentAutoUpgrade):

dom/security/nsContentSecurityManager.cpp

@@ -1291,6 +1291,24 @@ static nsresult CheckAllowFileProtocolScriptLoad(nsIChannel* aChannel) {
   if (NS_FAILED(rv) || !nsContentUtils::IsJavascriptMIMEType(
                            NS_ConvertUTF8toUTF16(contentType))) {
     Telemetry::Accumulate(Telemetry::SCRIPT_FILE_PROTOCOL_CORRECT_MIME, false);
+
+    nsCOMPtr<Document> doc;
+    if (nsINode* node = loadInfo->LoadingNode()) {
+      doc = node->OwnerDoc();
+    }
+
+    nsAutoCString spec;
+    uri->GetSpec(spec);
+
+    AutoTArray<nsString, 1> params;
+    CopyUTF8toUTF16(NS_UnescapeURL(spec), *params.AppendElement());
+    CopyUTF8toUTF16(NS_UnescapeURL(contentType), *params.AppendElement());
+
+    nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
+                                    "FILE_SCRIPT_BLOCKED"_ns, doc,
+                                    nsContentUtils::eSECURITY_PROPERTIES,
+                                    "BlockFileScriptWithWrongMimeType", params);
+
     return NS_ERROR_CONTENT_BLOCKED;
   }