Bug 1514680 - Strictly enforce the MIME type of scripts loaded by importScripts(). r=dveditz
authorTom Schuster <evilpies@gmail.com>
Wed, 30 Jan 2019 22:21:26 +0000
changeset 11070 8c3fc581c072
parent 11069 c8da07e3a562
child 11071 25356a9ed21f
push id116
push userfrancesco.lodolo@mozillaitalia.org
push dateThu, 07 Feb 2019 11:55:15 +0000
reviewersdveditz
bugs1514680
Bug 1514680 - Strictly enforce the MIME type of scripts loaded by importScripts(). r=dveditz Differential Revision: https://phabricator.services.mozilla.com/D16730 X-Channel-Repo: mozilla-central X-Channel-Converted-Revision: 0791e1a5bdaaaa3d700fb21e749b160bfb013542 X-Channel-Repo: releases/mozilla-beta X-Channel-Revision: 69a3d7c8d04bb6959e105b0c46d0aed4dda85ad9 X-Channel-Repo: releases/mozilla-release X-Channel-Revision: c2fca1944d8c54d01a5e2d7e13d965e4a6597307
dom/chrome/security/security.properties
--- a/dom/chrome/security/security.properties
+++ b/dom/chrome/security/security.properties
@@ -88,16 +88,19 @@ MimeTypeMismatch2=The resource from “%1$S” was blocked due to MIME type (“%2$S”) mismatch (X-Content-Type-Options: nosniff).
 # LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not trasnlate "nosniff".
 XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”?
 
 BlockScriptWithWrongMimeType=Script from “%1$S” was blocked because of a disallowed MIME type.
 
 BlockScriptWithWrongMimeType2=Script from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
 WarnScriptWithWrongMimeType=The script from “%1$S” was loaded even though its MIME type (“%2$S”) is not a valid JavaScript MIME type.
 
+# LOCALIZATION NOTE: Do not translate "importScripts()"
+BlockImportScriptsWithWrongMimeType=Loading script from “%1$S” with importScripts() was blocked because of a disallowed MIME type (“%2$S”).
+
 # LOCALIZATION NOTE: Do not translate "data: URI".
 BlockTopLevelDataURINavigation=Navigation to toplevel data: URI not allowed (Blocked loading of: “%1$S”)
 BlockSubresourceRedirectToData=Redirecting to insecure data: URI not allowed (Blocked loading of: “%1$S”)
 
 BlockSubresourceFTP=Loading FTP subresource within http(s) page not allowed (Blocked loading of: “%1$S”)
 
 # LOCALIZATION NOTE (BrowserUpgradeInsecureDisplayRequest):
 # %1$S is the browser name "brandShortName"; %2$S is the URL of the upgraded request; %1$S is the upgraded scheme.