Empty url()s should not load anything
Categories
(Core :: CSS Parsing and Computation, defect)
Tracking
()
People
(Reporter: sebo, Assigned: emilio)
References
Details
Attachments
(4 files)
CSS Values 3 says[1] this: > If the value of the url() is the empty string (like url("") or url()), the url > must resolve to an invalid resource (similar to what the url about:invalid does). Though Gecko currently causes a request for them, as shown in the attached test case. Sebastian [1] https://drafts.csswg.org/css-values-3/#url-empty
Comment 1•8 years ago
|
||
The right fix here is probably to make css::URLValueData::GetURI() skip the NS_NewURI call if the string is null and hence treat the situation just like we treat NS_NewURI failing (i.e. invalid URL).
Comment hidden (mozreview-request) |
Comment 3•8 years ago
|
||
@Boris: It seems that I couldn't assign you as a reviewer because you aren't accepting any requests; please feel free to review it whenever you can. :) Also, since I am not at all familiar with this part of the codebase, I am not entirely sure if the one check that I inserted will handle all the empty/null string cases. It does work for the attached testcase though (which is url() and not url("") or something else). We should probably lock this down using a test as well.
Updated•7 years ago
|
Reporter | ||
Comment 4•7 years ago
|
||
Comment on attachment 8805310 [details] Bug 1302991 - Empty url()s should not load or request anything David, as Boris currently doesn't accept review requests, could you please do a review for this? Or forward the request to someone else, so this code doesn't bitrot?
Reporter | ||
Updated•7 years ago
|
Comment 5•7 years ago
|
||
mozreview-review |
Comment on attachment 8805310 [details] Bug 1302991 - Empty url()s should not load or request anything https://reviewboard.mozilla.org/r/89054/#review177634 Two surface concerns are: * it's better not to call NS_ConvertUTF16toUTF8(nsCSSValue::GetBufferValue(mString)) twice; it should instead be put in a variable. * mURIResolved should be set to true even if it's the empty string, so we don't keep executing the code However, the bigger concern is what happens with stylo. I'm not sure whether this code will still be used for this once we enable stylo (layout.css.servo.enabled). There probably are also a few other cases that would need to be handled, since this code doesn't handle url() for @import rules or @namespace rules and maybe for some other case.
Given how long this has sat already, I think it's best to come back to this in a month or two once stylo settles down.
Comment 7•7 years ago
|
||
Makes sense - thanks for the review David. Let's revisit this after the dust from Stylo has settled down.
Comment 8•6 years ago
|
||
Stylo has settled down. Probably worth looking at this again. Sumit, are you still in a position to work on this?
Reporter | ||
Comment 9•5 years ago
|
||
Sumit obviously wasn't active on Bugzilla for more than a year and didn't answer to Boris' request, therefore I reset the assignee now.
Sebastian
Updated•4 years ago
|
Reporter | ||
Comment 10•3 years ago
|
||
Stylo has settled for quite some time now, so maybe this could be reprioritized now.
For what it's worth, there was an issue mentioned on Stack Overflow lately, which was caused by this.
Furthermore, Chromium has the same issue and also has a bug filed for it.
Sebastian
Reporter | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 11•3 years ago
|
||
No behavior change, but the new place seems more appropriate.
Updated•3 years ago
|
Assignee | ||
Comment 12•3 years ago
|
||
So as to not try to load the same document as a subresource.
Depends on D103716
Comment 13•3 years ago
|
||
Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/fd4ba1eeec00 Move the check to prevent loading internal resources as images. r=dholbert https://hg.mozilla.org/integration/autoland/rev/e4734e2b38b6 Do not try to resolve empty CSS url values. r=dholbert
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/27472 for changes under testing/web-platform/tests
Comment 15•3 years ago
•
|
||
Backed out for causing failures on empty.html.
Backout link: https://hg.mozilla.org/integration/autoland/rev/45de327a70b9ffd1beb3c0cde2a551ffee58b0c7
Failure log: https://treeherder.mozilla.org/logviewer?job_id=328802766&repo=autoland&lineNumber=3814
Upstream PR was closed without merging
Comment 18•3 years ago
|
||
Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5785ba1a0aba Move the check to prevent loading internal resources as images. r=dholbert https://hg.mozilla.org/integration/autoland/rev/a2e7db8b9e98 Do not try to resolve empty CSS url values. r=dholbert
Comment 19•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/5785ba1a0aba
https://hg.mozilla.org/mozilla-central/rev/a2e7db8b9e98
Upstream PR merged by moz-wptsync-bot
Updated•3 years ago
|
Description
•