Thanks veremia for analysing and reporting this! Confirming exactly as described: Message reader hides random message content if it has .main-header class. 91.2.0 (64-bit) & 95.0a1 (2021-10-13) (64-bit), Win10. Regressed by bug 1715726 where the .main-header class was introduced. - Geoff, can you fix this by renaming .main-header class to something less generic (hence less likely to be used in user HTML content) like `.moz-main-header`? That would significantly reduce the likelihood of interference with user content. - OR maybe we should use a custom attribute for this, similar to `<a moz-do-not-send="true" href="...">linktext</a>`? That might reduce the likelihood for leaking (this bug) even more. - How hard would it be to totally encapsulate user content, so that our style sheets can *never* leak into user content? Ideally, we should prepend `moz-` to all of our internal classes (as we used to do: `.moz-attached-image-container`, `.moz-vcard-table` etc. ) to make them more unique, less error-prone and more easy to recognize. `.print-only` looks like another candidate which is generic enough to fail, and I'm not sure if that's working because it's under `@media screen`, and should probably be a plain style (without class name) under `@media print` which was recently removed. Classes which should have `moz-` prepended for consistency: - `.print-only` - `.header-part1/2/3` - `.headerdisplayname` - `.mimeAttachment*`
Bug 1736244 Comment 1 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Thanks veremia for analysing and reporting this! Confirming exactly as described: Message reader hides random message content if it has .main-header class. 91.2.0 (64-bit) & 95.0a1 (2021-10-13) (64-bit), Win10. Regressed by bug 1715726 where the .main-header class was introduced. - Geoff, can you fix this by renaming .main-header class to something less generic (hence less likely to be used in user HTML content) like `.moz-main-header`? That would significantly reduce the likelihood of interference with user content. - OR maybe we should use a custom attribute for this, similar to `<a moz-do-not-send="true" href="...">linktext</a>`? That might reduce the likelihood for leaking (this bug) even more. - How hard would it be to totally encapsulate user content, so that our style sheets can *never* leak into user content? Ideally, we should prepend `moz-` to all of our internal classes (as we used to do: `.moz-attached-image-container`, `.moz-vcard-table` etc.) to make them more unique, less error-prone and more easy to recognize. `.print-only` looks like another candidate which is generic enough to fail, and I'm not sure if that's working because it's under `@media screen`, and should probably be a plain style (without class name) under `@media print` which was recently removed. Classes which should have `moz-` prepended for consistency: - `.print-only` - `.header-part1/2/3` - `.headerdisplayname` - `.mimeAttachment*`
Thanks veremia for analysing and reporting this! Confirming exactly as described: Message reader hides random message content if it has .main-header class. 91.2.0 (64-bit) & 95.0a1 (2021-10-13) (64-bit), Win10. Regressed by bug 1715726 where the .main-header class was introduced. - Geoff, can you fix this by renaming .main-header class to something less generic (hence less likely to be used in user HTML content) like `.moz-main-header`? That would significantly reduce the likelihood of interference with user content. - OR maybe we should use a custom attribute for this, similar to `<a moz-do-not-send="true" href="...">linktext</a>`? That might reduce the likelihood for leaking (this bug) even more. - How hard would it be to totally encapsulate user content, so that our style sheets can *never* leak into user content? Ideally, we should prepend `moz-` to all of our internal classes (as we used to do: `.moz-attached-image-container`, `.moz-vcard-table` etc.) to make them more unique, less error-prone and more easy to recognize. `.print-only` looks like another candidate which is generic enough to fail, and I'm not sure if that's working because it's under `@media screen`, and should probably be a plain style (without class name) under `@media print` which was recently removed. Classes which should have `moz-` prepended for consistency: - `.print-only` - `.header-part1/2/3` - `.headerdisplayname` - `.mimeAttachment*` Remember that every OS has its own messageBody.css, so there's at least 3 files to touch: https://searchfox.org/comm-central/search?q=&path=messageBody.css
Thanks veremia for analysing and reporting this! Confirming exactly as described: Message reader hides random message content if it has .main-header class. 91.2.0 (64-bit) & 95.0a1 (2021-10-13) (64-bit), Win10. Regressed by bug 1715726 where the .main-header class was introduced. - Geoff, can you fix this by renaming .main-header class to something less generic (hence less likely to be used in user HTML content) like `.moz-main-header`? That would significantly reduce the likelihood of interference with user content. - OR maybe we should use a custom attribute for this, similar to `<a moz-do-not-send="true" href="...">linktext</a>`? That might reduce the likelihood for leaking (this bug) even more. - How hard would it be to totally encapsulate user content, so that our style sheets can *never* leak into user content? Ideally, we should prepend `moz-` to all of our internal classes (as we used to do: `.moz-attached-image-container`, `.moz-vcard-table` etc.) to make them more unique, less error-prone and more easy to recognize. `.print-only` looks like another candidate which is generic enough to fail, and I'm not sure if that's working because it's under `@media screen`, and should probably be a plain style (without class name) under `@media print` which was recently removed. Classes which should have `moz-` prepended for consistency: - `.print-only` - `.header-part1/2/3` - `.headerdisplayname` - `.mimeAttachment*` Remember that every OS has its own messageBody.css (is that still needed?), so currently there's at least 3 files to touch: https://searchfox.org/comm-central/search?q=&path=messageBody.css
Thanks veremia for analysing and reporting this! Confirming exactly as described: Message reader hides random message content if it has `.main-header` class. 91.2.0 (64-bit) & 95.0a1 (2021-10-13) (64-bit), Win10. Regressed by bug 1715726 where the .main-header class was introduced. - Geoff, can you fix this by renaming .main-header class to something less generic (hence less likely to be used in user HTML content) like `.moz-main-header`? That would significantly reduce the likelihood of interference with user content. - OR maybe we should use a custom attribute for this, similar to `<a moz-do-not-send="true" href="...">linktext</a>`? That might reduce the likelihood for leaking (this bug) even more. - How hard would it be to totally encapsulate user content, so that our style sheets can *never* leak into user content? Ideally, we should prepend `moz-` to all of our internal classes (as we used to do: `.moz-attached-image-container`, `.moz-vcard-table` etc.) to make them more unique, less error-prone and more easy to recognize. `.print-only` looks like another candidate which is generic enough to fail, and I'm not sure if that's working because it's under `@media screen`, and should probably be a plain style (without class name) under `@media print` which was recently removed. Classes which should have `moz-` prepended for consistency: - `.print-only` - `.header-part1/2/3` - `.headerdisplayname` - `.mimeAttachment*` Remember that every OS has its own messageBody.css (is that still needed?), so currently there's at least 3 files to touch: https://searchfox.org/comm-central/search?q=&path=messageBody.css
Thanks veremia for analysing and reporting this! Confirming exactly as described: Message reader hides random message content if it has `.main-header` class. 91.2.0 (64-bit) & 95.0a1 (2021-10-13) (64-bit), Win10. Regressed by bug 1715726 where the `.main-header` class was introduced. - Geoff, can you fix this by renaming .main-header class to something less generic (hence less likely to be used in user HTML content) like `.moz-main-header`? That would significantly reduce the likelihood of interference with user content. - OR maybe we should use a custom attribute for this, similar to `<a moz-do-not-send="true" href="...">linktext</a>`? That might reduce the likelihood for leaking (this bug) even more. - How hard would it be to totally encapsulate user content, so that our style sheets can *never* leak into user content? Ideally, we should prepend `moz-` to all of our internal classes (as we used to do: `.moz-attached-image-container`, `.moz-vcard-table` etc.) to make them more unique, less error-prone and more easy to recognize. `.print-only` looks like another candidate which is generic enough to fail, and I'm not sure if that's working because it's under `@media screen`, and should probably be a plain style (without class name) under `@media print` which was recently removed. Classes which should have `moz-` prepended for consistency: - `.print-only` - `.header-part1/2/3` - `.headerdisplayname` - `.mimeAttachment*` Remember that every OS has its own messageBody.css (is that still needed?), so currently there's at least 3 files to touch: https://searchfox.org/comm-central/search?q=&path=messageBody.css
Thanks veremia for analysing and reporting this! Confirming exactly as described: Message reader hides random message content if it has `.main-header` class. 91.2.0 (64-bit) & 95.0a1 (2021-10-13) (64-bit), Win10. Regressed by bug 1715726 where the `.main-header` class was introduced. - Geoff, can you fix this by renaming .main-header class to something less generic (hence less likely to be used in user HTML content) like `.moz-main-header`? That would significantly reduce the likelihood of interference with user content. - OR maybe we should use a custom attribute for this, similar to `<a moz-do-not-send="true" href="...">linktext</a>`? That might reduce the likelihood for leaking (this bug) even more. - How hard would it be to totally encapsulate user content, so that our style sheets can *never* leak into user content? Ideally, we should prepend `moz-` to all of our internal classes (as we used to do: `.moz-attached-image-container`, `.moz-vcard-table` etc.) to make them more unique, less error-prone and more easy to recognize. `.print-only` looks like another candidate which is generic enough to fail, ~~and I'm not sure if that's working because it's under `@media screen`, and should probably be a plain style (without class name) under `@media print` which was recently removed.~~ Classes which should have `moz-` prepended for consistency: - `.print-only` - `.header-part1/2/3` - `.headerdisplayname` - `.mimeAttachment*` Remember that every OS has its own messageBody.css (is that still needed?), so currently there's at least 3 files to touch: https://searchfox.org/comm-central/search?q=&path=messageBody.css