Closed
Bug 188955
Opened 22 years ago
Closed 20 years ago
CSS list item images are loaded even if image loading is blocked or disabled
Categories
(Core :: Graphics: Image Blocking, defect, P2)
Core
Graphics: Image Blocking
Tracking
()
RESOLVED
FIXED
mozilla1.7final
People
(Reporter: mpaugh, Assigned: sspitzer)
References
(Depends on 1 open bug, )
Details
(Keywords: fixed1.7, privacy, Whiteboard: [sg:fix]fixed-aviary1.0)
Attachments
(2 files, 1 obsolete file)
945 bytes,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
965 bytes,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2b) Gecko/20021016 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2b) Gecko/20021016 Images assigned in CSS using "list-style" (or "list-style-image") are always loaded even if image loading is disabled in the preferences, or if the images are blocked via the image manager. Reproducible: Always Steps to Reproduce: 1. Disable image loading 2. Visit a site such as http://www.questml.com/syntax/ Another method: 1. Leave image loading enabled 2. Visit http://www.questml.com/syntax/ 3. Choose "block images from this site" 4. Reload Actual Results: The icons next to the list items are loaded, but the other images such as background images (which are also set via CSS on this particular page) are (correctly) blocked. Expected Results: Disabling image loading (or blocking images) should disable it all across the board. I consider this a minor bug; however it could potentially be used by spammers and others to attempt to circumvent image blocking.
Comment 1•21 years ago
|
||
Confirming -> All/All (off OS X 1.3b)
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 98 → All
Hardware: PC → All
Comment 2•21 years ago
|
||
Taking; this code needs a CheckLoadURI check, as well as a content policy check.... For reference, nsBulletFrame::Reflow() and nsBulletFrame::Init() are the places to change.
Assignee: mstoltz → bzbarsky
Priority: -- → P2
Target Milestone: --- → mozilla1.5beta
Comment 3•21 years ago
|
||
Tim, you may want to keep track of this bug as your work on this stuff....
Depends on: 208867
Comment 4•20 years ago
|
||
*** Bug 242461 has been marked as a duplicate of this bug. ***
Comment 5•20 years ago
|
||
Note to self -- pass in the document, not the rule, as the context to the security checks.
Comment 6•20 years ago
|
||
*** Bug 245140 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 7•20 years ago
|
||
Assignee | ||
Comment 8•20 years ago
|
||
bz is walking me through this, so I think I'll have a fix for 1.7 and trunk. I want 1.7, because of the privacy issue in mail (see bug #245140)
Assignee: bzbarsky → sspitzer
Flags: blocking1.7+
Target Milestone: mozilla1.5beta → mozilla1.7final
Assignee | ||
Comment 9•20 years ago
|
||
Assignee | ||
Comment 10•20 years ago
|
||
Attachment #149717 -
Attachment is obsolete: true
Comment 11•20 years ago
|
||
Comment on attachment 149721 [details] [diff] [review] patch for trunk, still need to test trunk... r+sr=bzbarsky
Attachment #149721 -
Flags: superreview+
Attachment #149721 -
Flags: review+
Comment 12•20 years ago
|
||
Comment on attachment 149720 [details] [diff] [review] patch for branch, fixes this bug and the mail privacy bug r+sr=bzbarsky
Attachment #149720 -
Flags: superreview+
Attachment #149720 -
Flags: review+
Assignee | ||
Comment 13•20 years ago
|
||
fixed on trunk and 1.7 branch. note to mscott, if you want this for aviary, take the one that matches your nsContentUtis.h declaration of CanLoadImage(): returning a bool or a nsresult. http://lxr.mozilla.org/mozilla/source/content/base/public/nsContentUtils.h#318
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Comment 14•20 years ago
|
||
Comment on attachment 149721 [details] [diff] [review] patch for trunk, still need to test trunk... + if (imgURI && nsContentUtils::CanLoadImage(imgURI, doc, doc)) { this is _inside_ an if (imgURI) block; the first part of this if is not needed.
Assignee | ||
Comment 15•20 years ago
|
||
>(From update of attachment 149721 [details] [diff] [review]) >+ if (imgURI && nsContentUtils::CanLoadImage(imgURI, doc, doc)) { > >this is _inside_ an if (imgURI) block; the first part of this if is not needed. thanks, good catch. I've removed it from the trunk.
Updated•20 years ago
|
Whiteboard: fixed-aviary1.0
You need to log in
before you can comment on or make changes to this bug.
Description
•