[tbb-commits] [torbutton/master] Bug 31395: Remove inline script in aboutTor.xhtml
sysrqb at torproject.org
sysrqb at torproject.org
Thu Feb 6 03:53:04 UTC 2020
commit f87cd0af7462faab1d349e28e7b17c76274624b0
Author: Alex Catarineu <acat at torproject.org>
Date: Tue Jan 14 13:14:06 2020 +0100
Bug 31395: Remove inline script in aboutTor.xhtml
---
chrome.manifest | 1 +
chrome/content/aboutTor/aboutTor.xhtml | 11 ++---------
chrome/content/aboutTor/resources/aboutTor.js | 11 +++++++++++
jar.mn | 1 +
4 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/chrome.manifest b/chrome.manifest
index d1ffe6d6..6d9d12d4 100644
--- a/chrome.manifest
+++ b/chrome.manifest
@@ -1,5 +1,6 @@
content torbutton chrome/content/
resource torbutton ./
+resource torbutton-abouttor resource://torbutton/content/aboutTor/resources/ contentaccessible=yes
resource torbutton-assets resource://torbutton/chrome/skin/ contentaccessible=yes
# browser branding
diff --git a/chrome/content/aboutTor/aboutTor.xhtml b/chrome/content/aboutTor/aboutTor.xhtml
index 56777ba3..db313c3d 100644
--- a/chrome/content/aboutTor/aboutTor.xhtml
+++ b/chrome/content/aboutTor/aboutTor.xhtml
@@ -20,19 +20,12 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
- <meta http-equiv="Content-Security-Policy" content="default-src chrome: resource:; script-src chrome: resource: 'unsafe-inline';" />
+ <meta http-equiv="Content-Security-Policy" content="default-src resource:;" />
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>&aboutTor.title;</title>
<link rel="stylesheet" type="text/css" media="all"
href="resource://torbutton-assets/aboutTor.css"/>
-<script type="text/javascript">
- <![CDATA[
-window.addEventListener("pageshow", function() {
- let evt = new CustomEvent("AboutTorLoad", { bubbles: true });
- document.dispatchEvent(evt);
-});
-]]>
-</script>
+ <script type="text/javascript" src="resource://torbutton-abouttor/aboutTor.js"></script>
</head>
<body dir="&locale.dir;">
<div class="torcontent-container">
diff --git a/chrome/content/aboutTor/resources/aboutTor.js b/chrome/content/aboutTor/resources/aboutTor.js
new file mode 100644
index 00000000..6687390b
--- /dev/null
+++ b/chrome/content/aboutTor/resources/aboutTor.js
@@ -0,0 +1,11 @@
+/*************************************************************************
+ * Copyright (c) 2020, The Tor Project, Inc.
+ * See LICENSE for licensing information.
+ *
+ * vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+ *************************************************************************/
+
+window.addEventListener("pageshow", function() {
+ let evt = new CustomEvent("AboutTorLoad", { bubbles: true });
+ document.dispatchEvent(evt);
+});
diff --git a/jar.mn b/jar.mn
index 45c8c9b8..3838bc9b 100644
--- a/jar.mn
+++ b/jar.mn
@@ -10,6 +10,7 @@ torbutton.jar:
skin/ (chrome/skin/*)
% resource torbutton %
+% resource torbutton-abouttor resource://torbutton/content/aboutTor/resources/ contentaccessible=yes
% resource torbutton-assets resource://torbutton/skin/ contentaccessible=yes
# browser branding
More information about the tbb-commits
mailing list