From 6a727b70a9f7d3deb690dffd818d7bb5e9eb7bf5 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 25 Jan 2017 15:04:07 -0500
Subject: Bug 1286290 - CSP compliant bug modal

---
 show_bug.cgi | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'show_bug.cgi')

diff --git a/show_bug.cgi b/show_bug.cgi
index 517017688..d4e6ea771 100755
--- a/show_bug.cgi
+++ b/show_bug.cgi
@@ -19,6 +19,7 @@ use Bugzilla::User;
 use Bugzilla::Keyword;
 use Bugzilla::Bug;
 use Bugzilla::Hook;
+use Bugzilla::CGI;
 
 my $cgi = Bugzilla->cgi;
 my $template = Bugzilla->template;
@@ -36,6 +37,10 @@ my $format = $template->get_format("bug/show",
                                    $format_params->{format},
                                    $format_params->{ctype});
 
+if ($format_params->{format} eq 'modal') {
+    $cgi->content_security_policy(Bugzilla::CGI::SHOW_BUG_MODAL_CSP());
+}
+
 # Editable, 'single' HTML bugs are treated slightly specially in a few places
 my $single = (!$format->{format} || $format->{format} ne 'multiple')
              && $format->{extension} eq 'html';
-- 
cgit v1.2.3-24-g4f1b