Consider moving view-source into a distinct process
Categories
(Core :: DOM: Content Processes, enhancement, P3)
Tracking
()
| Fission Milestone | Future |
People
(Reporter: nika, Unassigned)
References
(Blocks 1 open bug)
Details
Currently, we load view-source URIs in web processes alongside the document which they were loaded for. It may make sense to load them in a separate view-source URI process, or potentially within the privileged content process. This should probably happen alongside changing the principal for view-source documents to be a null principal rather than the principal of the requested document.
|
Reporter | |
Comment 1•5 years ago
|
||
Marking as blocking fission as a thing which we should probably look into. We may not want to do it for fission, however.
Also ni? :bz - how tricky would it be to change the principal of view-source URIs to be either opaque or a singleton known origin (e.g. say just "[view-source]")
|
||
Comment 2•5 years ago
|
||
The main issue with changing the principal of view-source is the CheckLoadURI handling. We allow clicking on URLs in the viewed source to load the source of those things, and that does CheckLoadURI using the view-source principal.
For web things it's not too bad, because even a nullprincipal can link to http:// via CheckLoadURI. But even just for file:// there's a problem, because nullprincipals can't link to file://, right? We'd need to figure out a plan for this bit.
|
|
||
Comment 3•5 years ago
|
||
Also, pretty sure there's existing discussion about view-source principals somewhere...
|
||
Comment 4•5 years ago
|
||
(In reply to Boris Zbarsky [:bzbarsky, bz on IRC] from comment #3)
Also, pretty sure there's existing discussion about view-source principals somewhere...
https://bugzilla.mozilla.org/show_bug.cgi?id=1171853#c35 and bug 1430257.
|
||
Comment 5•4 years ago
|
||
This bug is not a Fission MVP blocker.
depends on DocumentChannel view-source bug 1598523
|
||
Updated•2 years ago
|
Description
•