CSS features that are for internal theming should not be exposed to content

NEW
Unassigned

Status

()

4 years ago
3 years ago

People

(Reporter: kairo, Unassigned)

Tracking

({dev-doc-needed, site-compat})

33 Branch
dev-doc-needed, site-compat
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
We have a lot of media queries and some other CSS properties that we invented for XUL and our internal themes only, those should not be exposed to content as they are not web standards and not even intended to get standardized.
Sounds reasonable.  David, does it make sense to repurpose the "unsafe rules allowed" mode of the CSS parser into a general "chrome-only rules allowed"?  Or do you think we should ensure the unsafe rules (the MathML stuff) are also unavailable to addons?
Flags: needinfo?(dbaron)
We might want more than one level of distinction.  The "unsafe" stuff should (I think) be UA sheets only, whereas the XUL-specific stuff should be allowed in UA and user sheets, and in chrome sheets, but not in author-level non-chrome sheets.  Or something like that.

(See also the mIsChromeOrCertifiedApp, and see also bug 944836 and the work being done there, which is probably a subpart of this bug.)
Flags: needinfo?(dbaron)
Depends on: 1069192
We not only have CSS properties, but also a lot of internal-only value keywords of some standard CSS properties are exposed to the content.

Updated

3 years ago
Keywords: dev-doc-needed, site-compat
Doh, my comment was for Bug 1211040.
You need to log in before you can comment on or make changes to this bug.