Currently, the implementation of WebsiteFilter uses an http-on-modify-request observer. That has the following disadvantages: - it's only able to filter http/https accesses - it uses an observer - it's in JS At a minimum, we should try to replace it with a nsIContentPolicy filter. The problem is that we want to return the error code Cr.NS_ERROR_BLOCKED_BY_POLICY, in order to display the proper error message, but that will require some changes to the code that calls the contentpolicy filters. Ideally we would re-implement this filter in C++, maybe as a C++ impl of an nsIContentPolicy, or even better, directly called from nsChannelClassifier::StartInternal() Hopefully we can re-use the MatchPattern matcher so we can keep supporting the policy with the same parameter type. One note is that MatchPattern has a whitelist of protocols that it accepts, which doesn't include data:*, so we should probably add that as a special case
nsIContentPolicy has been rewritten. We might be able to do the error code now.
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.