1664156 - CSP-blocked images have `display: none !important` UA style

Status: RESOLVED FIXED

(Core :: Layout: Images, Video, and HTML Frames, defect)

Description

[Simon Pieters [:zcorpan]]

See demo: http://software.hixie.ch/utilities/js/live-dom-viewer/saved/8459

<!DOCTYPE html>
<meta http-equiv=content-security-policy content="img-src 'none'">
<style>img { border: solid; }</style>
It should say PASS below:<br>
<img src=image alt="PASS">

The image is not rendered. Per devtools, it matches :-moz-suppressed UA style in html.css, which sets display: none !important.

Nothing in the HTML spec says to do this. Chromium and WebKit don't hide the image.

Comment 1

[Emilio Cobos Álvarez (:emilio)]

Attachment: Bug 1664156 - Remove -moz-suppressed. r=edgar

Per spec we shouldn't behave differently depending on how we blocked the
image/object/etc.

This may have made sense in the past when ad blockers were implemented
via nsIContentPolicy, but I think nowadays it doesn't make sense, and
showing fallback is preferred.

There's a couple extra cleanups we can do after this lands, like
removing HTMLImageElement.imageBlockingStatus and simplifying a bit that
code. But I'll do that in a separate bug.

Comment 2

[Pulsebot]

Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/64eb902728bc
Remove -moz-suppressed. r=edgar

Comment 3

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/25503 for changes under testing/web-platform/tests

Comment 4

[Noemi Erli[:noemi_erli]]

Backed out changeset 64eb902728bc (Bug 1664156) for causing mochitest failures in test_meta_csp_self.html CLOSED TREE

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&group_state=expanded&selectedTaskRun=aTGaee7nQCqqLH08_9EUxg.0&resultStatus=testfailed%2Cbusted%2Cexception&revision=64eb902728bc7b1c2f8efbcf9c1004a48c1541bd

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=315540807&repo=autoland&lineNumber=4251

Backout: https://hg.mozilla.org/integration/autoland/rev/cdc242832bf4bf19927f18751353bda8a961021e

Comment 5

[Pulsebot]

Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/742280c4731b
Remove -moz-suppressed. r=edgar

Comment 6

[Bogdan Tara[:bogdan_tara | bogdant]]

https://hg.mozilla.org/mozilla-central/rev/742280c4731b

Comment 7

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

Upstream PR merged by moz-wptsync-bot