BB 43498: Uplifted 43129 + backport the upstream commit

Merge Info

Issues

Resolves

• #43498 (closed)
• mullvad-browser#xxxxx
• tor-browser-build#xxxxx

Related

• #43129 (closed)
• mullvad-browser#xxxxx
• tor-browser-build#xxxxx

Merging

Target Branches

• tor-browser - !fixups to tor-browser-specific commits, new features, security backports
• base-browser and mullvad-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
  • ⚠️ IMPORTANT: Please list the base-browser-specific commits which need to be cherry-picked to the base-browser and mullvad-browser branches here

Target Channels

• Alpha: esr128-14.5
• Stable: esr128-14.0
• Legacy: esr115-13.5

Backporting

Timeline

• No Backport (preferred): patchset for the next major stable
• Immediate: patchset needed as soon as possible (fixes CVEs, 0-days, etc)
• Next Minor Stable Release: patchset that needs to be verified in nightly before backport
• Eventually: patchset that needs to be verified in alpha before backport

(Optional) Justification

• Security update: patchset contains a security fix (be sure to select the correct item in Timeline)
• Censorship event: patchset enables censorship circumvention
• Critical bug-fix: patchset fixes a bug in core-functionality
• Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
• Sponsor required: patchset required for sponsor
• Localization: typos and other localization changes that should be also in the release branch
• Other: please explain

This patch should be safe to backport to stable, but we don't have a compelling reason to.

Uplifting

• Patchset is a candidate for uplift to Firefox
• Patchset is an uplift from Firefox

Issue Tracking

• Link resolved issues with appropriate Release Prep issue for changelog generation

Review

Request Reviewer

• Request review from an applications developer depending on modified system:
  • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since Gitlab only allows 1 reviewer)
  • accessibility : henry
  • android : clairehurst, dan
  • build system : boklm
  • extensions : ma1
  • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
  • fonts : pierov
  • frontend (implementation) : henry
  • frontend (review) : donuts, morgan
  • localization : henry, pierov
  • macOS : clairehurst, dan
  • nightly builds : boklm
  • rebases/release-prep : dan, ma1, pierov, morgan
  • security : jwilde, ma1
  • signing : boklm, morgan
  • updater : pierov
  • windows : jwilde, morgan
  • misc/other : pierov, morgan

Change Description

Uplifted the patch to unblock resource SVGs in safest.

The uplifted patch is different from the origin one created in !1211 (merged), as I moved it to a dedicated function and I got some request upstream.

How Tested

I didn't build this exact branch, but I tested the patch when uplifting it.

If it's okay, we can re-test it in nightly:

1. set the security level to safest
2. visit a non-existing URL (randomly tapping gibberish on the keyboard helps 🙂)
3. notice that the about:neterror page contains an image, rather than its text