Closed Bug 190653 Opened 22 years ago Closed 21 years ago

[FIX]Style system should ask nsIContentPolicy before loading external sheets

Categories

(Core :: CSS Parsing and Computation, enhancement, P1)

Product:
Core
Component:
CSS Parsing and Computation
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.4beta

People

(Reporter: timwatt, Assigned: bzbarsky)

Details

(Whiteboard: [whitebox])

Attachments

(1 file)

Something like this?
8.56 KB, patch
mvl
: review+
peterv
: superreview+
Details | Diff | Splinter Review 
Currently, css loader does not prompt content policy before loading external
sheets.  Content policy has the capacity to handle it (at least, it has a
constant dedicated to it). Hooking up css loader would be helpful to get over
with even though no code content policy implementations currently exist that
looks for stylesheet types (so that if anything wanted to do so in the future,
it wouldn't be held up by this).

If you're thinking, "why would you want to manage stylesheet loading like
that?", think less of the stylesheet-specific case and more of the
any-external-content case ("don't waste time loading external resources from a
google cache page").

Oh, this is true for trunk at this time (see bug filing timestamp).
Oh, and this can be thought of as tangentially related to bug 147866

    
    

    
  
Comment on attachment 119265 [details] [diff] [review]
Something like this?

Let's hope this does not slow down things like startup.... ;)

        Attachment #119265 -
        Flags: superreview?(peterv)

        Attachment #119265 -
        Flags: review?(mvl)

    
  
Priority: -- → P1
Target Milestone: --- → mozilla1.4beta

    
  
Summary: Style system should ask nsIContentPolicy before loading external sheets → [FIX]Style system should ask nsIContentPolicy before loading external sheets

    
    

    
  
Comment on attachment 119265 [details] [diff] [review]
Something like this?

>Index: content/html/style/src/nsCSSLoader.h
>===================================================================

> /**
>+ * CheckLoadAllowed will return success if the load is allowed, failure otherwise.

> 80 chars

>+  nsCOMPtr<nsIScriptSecurityManager> secMan = 

Remove trailing space.

>+           do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
>+  if (NS_FAILED(rv)) return rv;

Please make this two lines and add braces.

>+  rv = secMan->CheckLoadURI(aSourceURI, aTargetURI,
>+                            nsIScriptSecurityManager::ALLOW_CHROME);
>+  if (NS_FAILED(rv)) return rv;

Ditto.

        Attachment #119265 -
        Flags: superreview?(peterv) → superreview+

        Attachment #119265 -
        Flags: review?(mvl) → review+

    
    

    
  
Checked in, and no perf issues.  ;)
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED

    
  
Whiteboard: [whitebox]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: