Closed Bug 1632765 Opened 5 years ago Closed 5 years ago

Turn on the visited link mitigations.

Categories

(Core :: CSS Parsing and Computation, task, P3)

Product:
Core
Component:
CSS Parsing and Computation
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla77
Tracking Flags:
Tracking Status
firefox77 --- fixed

People

(Reporter: emilio, Assigned: emilio)

References

Details

Attachments

(2 files)

Bug 1632765 - Turn on some more :visited privacy mitigations. r=mak
47 bytes, text/x-phabricator-request
Details | Review
Bug 1632765 - Bypass a restyling assertion in a replicated fixed-pos subtree. r=TYLin
47 bytes, text/x-phabricator-request
Details | Review
No description provided.

We couldn't turn these on before because of perf regressions, but after bug
1626586 perf looks pretty neutral.

Blocks: 884270, 1455898, 1506842, 1239897
See Also: → 1398414
Type: defect → task
Priority: -- → P3
Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/29e132824d37 Turn on some more :visited privacy mitigations. r=mak

The pref flip in this bug causes an assertion to fail in
layout/generic/crashtests/1137723-1.html.

Our behavior in that crashtest is so messed up that I can't even begin
to describe it.

That test-case has three-pages, and a link inside a fixed-pos subtree,
which has a ::after pseudo-element.

Via the magic of nsCSSFrameConstructor::ReplicateFixedFrames, we end up
constructing multiple frames, one per page, for the fixed subtree.

We end up with a link with three different ::after pseudo-elements (one
on each page), of which the link only knows about the latest one.

This means that when restyling the link (which was already broken, it
just didn't happen before the prefs), we'd visit the pseudo-element in
some other place of the frame tree we can get a hand on.

Restyling these frames is generally not supported and will do ~nothing,
given the current setup. There's no way to get a hand from the DOM node
to all its replicated frames.

But that's not something I plan to fix for this bug, and this assertion
is blocking me.

Flags: needinfo?(emilio)
Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4a20db95098d Bypass a restyling assertion in a replicated fixed-pos subtree. r=TYLin
Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8d7864d6d8da Turn on some more :visited privacy mitigations. r=mak

https://hg.mozilla.org/mozilla-central/rev/4a20db95098d
https://hg.mozilla.org/mozilla-central/rev/8d7864d6d8da

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox77: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
Regressions: 1633732
See Also: → 1293420
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: