Closed Bug 1664156 Opened 8 months ago Closed 8 months ago

CSP-blocked images have `display: none !important` UA style

Categories

(Core :: Layout: Images, Video, and HTML Frames, defect)

defect

Tracking

()

RESOLVED FIXED
82 Branch
Tracking Status
firefox82 --- fixed

People

(Reporter: zcorpan, Assigned: emilio)

References

Details

Attachments

(1 file)

See demo: http://software.hixie.ch/utilities/js/live-dom-viewer/saved/8459

<!DOCTYPE html>
<meta http-equiv=content-security-policy content="img-src 'none'">
<style>img { border: solid; }</style>
It should say PASS below:<br>
<img src=image alt="PASS">

The image is not rendered. Per devtools, it matches :-moz-suppressed UA style in html.css, which sets display: none !important.

Nothing in the HTML spec says to do this. Chromium and WebKit don't hide the image.

Flags: needinfo?(emilio)
Assignee: nobody → emilio
Depends on: 1664432

Per spec we shouldn't behave differently depending on how we blocked the
image/object/etc.

This may have made sense in the past when ad blockers were implemented
via nsIContentPolicy, but I think nowadays it doesn't make sense, and
showing fallback is preferred.

There's a couple extra cleanups we can do after this lands, like
removing HTMLImageElement.imageBlockingStatus and simplifying a bit that
code. But I'll do that in a separate bug.

Flags: needinfo?(emilio)
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/25503 for changes under testing/web-platform/tests
Attachment #9175184 - Attachment description: Bug 1664156 - Remove -moz-suppressed. r=smaug,edgar → Bug 1664156 - Remove -moz-suppressed. r=edgar
Flags: needinfo?(emilio)
Blocks: 1664691
Status: NEW → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
Target Milestone: --- → 82 Branch
Upstream PR merged by moz-wptsync-bot
You need to log in before you can comment on or make changes to this bug.