Closed Bug 1658244 Opened 4 years ago Closed 4 years ago

"View Background Image" doesn't work for inlined SVG images

Categories

(Core :: DOM: Security, defect, P1)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
81 Branch
Tracking Flags:
Tracking Status
firefox-esr68 --- wontfix
firefox-esr78 --- wontfix
firefox79 --- wontfix
firefox80 --- wontfix
firefox81 --- fixed

People

(Reporter: glob, Assigned: ckerschb)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [domsecurity-active])

Attachments

(2 files)

testcase
661 bytes, text/html
Details
Bug 1658244: Allow view-background-image to open a data: URI by setting a flag on the loadinfo
47 bytes, text/x-phabricator-request
Details | Review
Attached file testcase

STR:

  1. create content that has an inline SVG as a background image (see attached)
  2. right click on background --> "View Background Image"

Expected:

  • Navigated to the background's data: URL

Actual:

  • Nothing, not even an error message

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → SVG
Product: Firefox → Core

More:

  • on BMO you'll see CSP warnings when trying to view the background image, this doesn't happen on the site where I found this issue so they are unrelated
  • command-clicking on "View Background Image" opens the data: url in a new tab, however the content is blank. Interestingly enough the "Refresh" button is disabled on this tab
  • focusing the address bar and hitting Return to navigate to the url results in SVG being correctly shown

Oops, forgot to describe my Firefox version: I see this in the release channel (currently on 79) as well as nightly (81). fission is not enabled in either environment.

mozregression points me to this range:

https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=42151fcd6cfc216d147730d0f2c6a2acd52d22fd&tochange=a0eb21bf55e1c1ae0ba311e6f2273da05c712799

Looks like it's bug 1380959, which disallowed top-level data: URL navigations. We should probably allow it when it was triggered by View Source. Sounds similar to bug 1407891, too. Christian, do you know what we need to do here?

status-firefox79: --- → affected
status-firefox80: --- → affected
status-firefox81: --- → affected
status-firefox-esr68: --- → affected
status-firefox-esr78: --- → affected
Component: SVG → DOM: Security
Flags: needinfo?(ckerschb)
Regressed by: 1380959
Has Regression Range: --- → yes

I really can't tell why we are not logging to either the browser console, or the web console in that particular case.

Good news is, I have a patch which fixes the problem - will upload in a minute.

Assignee: nobody → ckerschb
Severity: -- → S2
Status: NEW → ASSIGNED
Flags: needinfo?(ckerschb)
Priority: -- → P1
Whiteboard: [domsecurity-active]
Pushed by mozilla@christophkerschbaumer.com:
https://hg.mozilla.org/integration/autoland/rev/869d82e5b984
Allow view-background-image to open a data: URI by setting a flag on the loadinfo r=Gijs

https://hg.mozilla.org/mozilla-central/rev/869d82e5b984

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox81: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch
See Also: → 1738190
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: