Open Bug 1322618 Opened 8 years ago Updated 2 years ago

Provide a CSP or sandbox flags to disable script, instead of using content policy hacks

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: bzbarsky, Unassigned)

References

(Depends on 1 open bug)

Details

Boris Zbarsky [:bzbarsky]

Reporter

Description

•

8 years ago

Right now nsMsgContentPolicy::ShouldLoad does some script-disabling that is pretty fragile. What we should do instead is have the relevant channels produce a CSP (possibly one that sets a sandbox, if we want it to apply to subframes?) using the API added in bug 1322617. And then we should be able to remove the nsMsgContentPolicy::ShouldLoad hackery.

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Provide a CSP or sandbox flags to disable script, instead of using content policy hacks

Categories

(Thunderbird :: Message Reader UI, defect)

Tracking

(Not tracked)

People

(Reporter: bzbarsky, Unassigned)

References

(Depends on 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated