188955 - CSS list item images are loaded even if image loading is blocked or disabled

Status: RESOLVED FIXED

(Core :: Graphics: Image Blocking, defect, P2)

Description

[M.Paugh]

User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2b) Gecko/20021016
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2b) Gecko/20021016

Images assigned in CSS using "list-style" (or "list-style-image")
are always loaded even if image loading is disabled in the preferences,
or if the images are blocked via the image manager.

Reproducible: Always

Steps to Reproduce:
1. Disable image loading
2. Visit a site such as http://www.questml.com/syntax/

Another method:

1. Leave image loading enabled
2. Visit http://www.questml.com/syntax/
3. Choose "block images from this site"
4. Reload

Actual Results:  
The icons next to the list items are loaded, but the other images
such as background images (which are also set via CSS on this
particular page) are (correctly) blocked.

Expected Results:  
Disabling image loading (or blocking images) should disable it
all across the board.

I consider this a minor bug; however it could potentially be used by
spammers and others to attempt to circumvent image blocking.

Comment 1

[Chris Casciano]

Confirming -> All/All (off OS X 1.3b)

Comment 2

[Boris Zbarsky [:bzbarsky]]

Taking; this code needs a CheckLoadURI check, as well as a content policy
check....  For reference, nsBulletFrame::Reflow() and nsBulletFrame::Init() are
the places to change.

Comment 3

[Boris Zbarsky [:bzbarsky]]

Tim, you may want to keep track of this bug as your work on this stuff....

Comment 4

[Boris Zbarsky [:bzbarsky]]

*** Bug 242461 has been marked as a duplicate of this bug. ***

Comment 5

[Boris Zbarsky [:bzbarsky]]

Note to self -- pass in the document, not the rule, as the context to the
security checks.

Comment 6

[Boris Zbarsky [:bzbarsky]]

*** Bug 245140 has been marked as a duplicate of this bug. ***

Comment 7

[(not reading, please use seth@sspitzer.org instead)]

Attachment: patch, I've tested mail, now to test browser

Comment 8

[(not reading, please use seth@sspitzer.org instead)]

bz is walking me through this, so I think I'll have a fix for 1.7 and trunk.

I want 1.7, because of the privacy issue in mail (see bug #245140)

Comment 9

[(not reading, please use seth@sspitzer.org instead)]

Attachment: patch for branch, fixes this bug and the mail privacy bug

Comment 10

[(not reading, please use seth@sspitzer.org instead)]

Attachment: patch for trunk, still need to test trunk...

Comment 11

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 149721 [details] [diff] [review]
patch for trunk, still need to test trunk...

r+sr=bzbarsky

Comment 12

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 149720 [details] [diff] [review]
patch for branch, fixes this bug and the mail privacy bug

r+sr=bzbarsky

Comment 13

[(not reading, please use seth@sspitzer.org instead)]

fixed on trunk and 1.7 branch.

note to mscott, if you want this for aviary, take the one that matches your
nsContentUtis.h declaration of CanLoadImage():  returning a bool or a nsresult.

http://lxr.mozilla.org/mozilla/source/content/base/public/nsContentUtils.h#318

Comment 14

[Christian :Biesinger (don't email me, ping me on IRC)]

Comment on attachment 149721 [details] [diff] [review]
patch for trunk, still need to test trunk...

+    if (imgURI && nsContentUtils::CanLoadImage(imgURI, doc, doc)) {

this is _inside_ an if (imgURI) block; the first part of this if is not needed.

Comment 15

[(not reading, please use seth@sspitzer.org instead)]

>(From update of attachment 149721 [details] [diff] [review])
>+    if (imgURI && nsContentUtils::CanLoadImage(imgURI, doc, doc)) {
>
>this is _inside_ an if (imgURI) block; the first part of this if is not needed.

thanks, good catch.  I've removed it from the trunk.