Hi,
We are porting a Cordova app to FirefoxOS.
The app’s index.html contains inline script like this:
<script>
var dummyItems = items;
</script>
Because the app is privileged this is banned by the CSP. Why is this?
When I remove the “type: privileged” from the manifest then B2G is not
complaining.
https://developer.mozilla.org/en-US/Apps/Build/installable_apps_for_Firefox_OS/CSP
The logcat output is:
W/WalletExperience( 1322): [JavaScript Error: "Content Security Policy: The
page's settings blocked the loading of a resource at self ("script-src
app://twe.gaiamobile.org<http://twe.gaiamobile.org>")." {file:
"app://twe.gaiamobile.org/index.html<http://twe.gaiamobile.org/index.html>"
line: 54 column: 0 source: "
W/WalletExperience( 1322): var dummyItems = items;
W/WalletExperience( 1322):
W/WalletExperience( 1322): ..."}]
Could someone please explain to me why privileged app can do less than hosted
apps?
Why is inline script banned if it is inlined in a file that is part of my app?
Do you agree that this is a bug?
https://bugzilla.mozilla.org/show_bug.cgi?id=1096854
Cheers
Axel
Ps: when I move all the inline script into js-files I seems that the global
variables defined in that scripts are not global and therefore not visible to
other scripts…
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
