CSS features that are for internal theming should not be exposed to content




4 years ago
3 years ago


(Reporter: kairo, Unassigned)


({dev-doc-needed, site-compat})

33 Branch
dev-doc-needed, site-compat

Firefox Tracking Flags

(Not tracked)




4 years ago
We have a lot of media queries and some other CSS properties that we invented for XUL and our internal themes only, those should not be exposed to content as they are not web standards and not even intended to get standardized.
Sounds reasonable.  David, does it make sense to repurpose the "unsafe rules allowed" mode of the CSS parser into a general "chrome-only rules allowed"?  Or do you think we should ensure the unsafe rules (the MathML stuff) are also unavailable to addons?
Flags: needinfo?(dbaron)
We might want more than one level of distinction.  The "unsafe" stuff should (I think) be UA sheets only, whereas the XUL-specific stuff should be allowed in UA and user sheets, and in chrome sheets, but not in author-level non-chrome sheets.  Or something like that.

(See also the mIsChromeOrCertifiedApp, and see also bug 944836 and the work being done there, which is probably a subpart of this bug.)
Flags: needinfo?(dbaron)
Depends on: 1069192
We not only have CSS properties, but also a lot of internal-only value keywords of some standard CSS properties are exposed to the content.


3 years ago
Keywords: dev-doc-needed, site-compat
Doh, my comment was for Bug 1211040.
You need to log in before you can comment on or make changes to this bug.