Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-01 00:32:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1773976 - Treat SVG <use> and CSS filter as img-src in CSP. r=freddyb

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D216790
This commit is contained in:
Tom Schuster 2024-09-09 12:16:12 +00:00
parent 560e11db8a
commit 52749eba50
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dom/security/nsCSPUtils.cpp
View File

@ -291,6 +291,7 @@ CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType) {
case nsIContentPolicy::TYPE_INTERNAL_IMAGE:
case nsIContentPolicy::TYPE_INTERNAL_IMAGE_PRELOAD:
case nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON:
case nsIContentPolicy::TYPE_INTERNAL_EXTERNAL_RESOURCE:
return nsIContentSecurityPolicy::IMG_SRC_DIRECTIVE;
// BLock XSLT as script, see bug 910139
@ -364,7 +365,6 @@ CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType) {
case nsIContentPolicy::TYPE_SPECULATIVE:
case nsIContentPolicy::TYPE_INTERNAL_DTD:
case nsIContentPolicy::TYPE_INTERNAL_FORCE_ALLOWED_DTD:
case nsIContentPolicy::TYPE_INTERNAL_EXTERNAL_RESOURCE:
return nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE;
// CSP does not apply to webrtc connections