CSS list item images are loaded even if image loading is blocked or disabled

RESOLVED FIXED in mozilla1.7final

Status

()

Core
Image Blocking
P2
minor
RESOLVED FIXED
15 years ago
4 years ago

People

(Reporter: M.Paugh, Assigned: (not reading, please use seth@sspitzer.org instead))

Tracking

(Depends on: 1 bug, {fixed1.7, privacy})

Trunk
mozilla1.7final
fixed1.7, privacy
Points:
---
Dependency tree / graph
Bug Flags:
blocking1.7 +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:fix]fixed-aviary1.0, URL)

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2b) Gecko/20021016
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2b) Gecko/20021016

Images assigned in CSS using "list-style" (or "list-style-image")
are always loaded even if image loading is disabled in the preferences,
or if the images are blocked via the image manager.

Reproducible: Always

Steps to Reproduce:
1. Disable image loading
2. Visit a site such as http://www.questml.com/syntax/

Another method:

1. Leave image loading enabled
2. Visit http://www.questml.com/syntax/
3. Choose "block images from this site"
4. Reload

Actual Results:  
The icons next to the list items are loaded, but the other images
such as background images (which are also set via CSS on this
particular page) are (correctly) blocked.

Expected Results:  
Disabling image loading (or blocking images) should disable it
all across the board.

I consider this a minor bug; however it could potentially be used by
spammers and others to attempt to circumvent image blocking.

Comment 1

15 years ago
Confirming -> All/All (off OS X 1.3b)
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 98 → All
Hardware: PC → All
Taking; this code needs a CheckLoadURI check, as well as a content policy
check....  For reference, nsBulletFrame::Reflow() and nsBulletFrame::Init() are
the places to change.
Assignee: mstoltz → bzbarsky
Priority: -- → P2
Target Milestone: --- → mozilla1.5beta

Updated

15 years ago
QA Contact: tever → nobody
Tim, you may want to keep track of this bug as your work on this stuff....
Depends on: 208867
Depends on: 191839
*** Bug 242461 has been marked as a duplicate of this bug. ***
Depends on: 236889
Note to self -- pass in the document, not the rule, as the context to the
security checks.
*** Bug 245140 has been marked as a duplicate of this bug. ***
Created attachment 149717 [details] [diff] [review]
patch, I've tested mail, now to test browser
bz is walking me through this, so I think I'll have a fix for 1.7 and trunk.

I want 1.7, because of the privacy issue in mail (see bug #245140)
Assignee: bzbarsky → sspitzer
Flags: blocking1.7+
Target Milestone: mozilla1.5beta → mozilla1.7final
Created attachment 149720 [details] [diff] [review]
patch for branch, fixes this bug and the mail privacy bug
Created attachment 149721 [details] [diff] [review]
patch for trunk, still need to test trunk...
Attachment #149717 - Attachment is obsolete: true
Comment on attachment 149721 [details] [diff] [review]
patch for trunk, still need to test trunk...

r+sr=bzbarsky
Attachment #149721 - Flags: superreview+
Attachment #149721 - Flags: review+
Comment on attachment 149720 [details] [diff] [review]
patch for branch, fixes this bug and the mail privacy bug

r+sr=bzbarsky
Attachment #149720 - Flags: superreview+
Attachment #149720 - Flags: review+
fixed on trunk and 1.7 branch.

note to mscott, if you want this for aviary, take the one that matches your
nsContentUtis.h declaration of CanLoadImage():  returning a bool or a nsresult.

http://lxr.mozilla.org/mozilla/source/content/base/public/nsContentUtils.h#318
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED
Comment on attachment 149721 [details] [diff] [review]
patch for trunk, still need to test trunk...

+    if (imgURI && nsContentUtils::CanLoadImage(imgURI, doc, doc)) {

this is _inside_ an if (imgURI) block; the first part of this if is not needed.
>(From update of attachment 149721 [details] [diff] [review])
>+    if (imgURI && nsContentUtils::CanLoadImage(imgURI, doc, doc)) {
>
>this is _inside_ an if (imgURI) block; the first part of this if is not needed.

thanks, good catch.  I've removed it from the trunk.

Updated

14 years ago
Whiteboard: fixed-aviary1.0

Updated

14 years ago
Keywords: fixed1.7
Keywords: privacy
Whiteboard: fixed-aviary1.0 → [sg:fix]fixed-aviary1.0
You need to log in before you can comment on or make changes to this bug.