1873474 - Replace or remove NS_CheckContentProcessPolicy call in ImageDocument

Status: RESOLVED FIXED

(Core :: DOM: Security, enhancement, P3)

Description

[Tom Schuster]

ImageListener::OnStartRequest is one of the only two callers of NS_CheckContentProcessPolicy. It was original added in bug 200433, to make content blocking of images inside an iframe. (This is required because in that case the image is loaded as a content type of TYPE_INTERNAL_IFRAME not TYPE_INTERNAL_IMAGE)

We removed most of the code for nsContentBlocker in bug 1357107, but did introduce ImageBlocker. However that regressed image blocking inside iframes again, because ImageBlocker::ShouldProcess doesn't actually do anything.

I am not sure if we can just replace that call with NS_CheckContentProcessPolicy with NS_CheckContentLoadPolicy, because some implementation like CSPService::ShouldProcess just do nothing for images currently, in contrast to ShouldLoad. The other solution would be to just not bother with blocking images here at all.

Comment 1

[Tom Schuster]

Attachment: Bug 1873474 - Use ImageBlocker directly instead of nsIContentPolicy::ShouldProcess in ImageDocument. r?smaug

Comment 2

[Pulsebot]

Pushed by tschuster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b6f095262402
Use ImageBlocker directly instead of nsIContentPolicy::ShouldProcess in ImageDocument. r=smaug

Comment 3

[Norisz Fay [:noriszfay]]

https://hg.mozilla.org/mozilla-central/rev/b6f095262402