We've worked around this for now in a pretty safe way; so resolving this is not urgent, but I want to have a bug on file to reference.
As described in https://bugzilla.mozilla.org/show_bug.cgi?id=1727803; about:sync triggers a Debug Assertion because it lacks a sufficiently tight CSP.
It also loads Javascript via a data: url; and it would be ideal if it could somehow load it via a chrome:// or resource:// URI.
Blocks https://bugzilla.mozilla.org/show_bug.cgi?id=1728122
We've worked around this for now in a pretty safe way; so resolving this is not urgent, but I want to have a bug on file to reference.
As described in https://bugzilla.mozilla.org/show_bug.cgi?id=1727803; about:sync triggers a Debug Assertion because it lacks a sufficiently tight CSP.
It also loads Javascript via a data: url; and it would be ideal if it could somehow load it via a chrome:// or resource:// URI.
Blocks https://bugzilla.mozilla.org/show_bug.cgi?id=1728122