[FIX]Style system should ask nsIContentPolicy before loading external sheets

RESOLVED FIXED in mozilla1.4beta

Status

()

Core
CSS Parsing and Computation
P1
enhancement
RESOLVED FIXED
16 years ago
16 years ago

People

(Reporter: Tim, Assigned: bz)

Tracking

Trunk
mozilla1.4beta
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [whitebox])

Attachments

(1 attachment)

(Reporter)

Description

16 years ago
Currently, css loader does not prompt content policy before loading external
sheets.  Content policy has the capacity to handle it (at least, it has a
constant dedicated to it). Hooking up css loader would be helpful to get over
with even though no code content policy implementations currently exist that
looks for stylesheet types (so that if anything wanted to do so in the future,
it wouldn't be held up by this).

If you're thinking, "why would you want to manage stylesheet loading like
that?", think less of the stylesheet-specific case and more of the
any-external-content case ("don't waste time loading external resources from a
google cache page").

Oh, this is true for trunk at this time (see bug filing timestamp).
(Reporter)

Comment 1

16 years ago
Oh, and this can be thought of as tangentially related to bug 147866
Comment on attachment 119265 [details] [diff] [review]
Something like this?

Let's hope this does not slow down things like startup.... ;)
Attachment #119265 - Flags: superreview?(peterv)
Attachment #119265 - Flags: review?(mvl)
Priority: -- → P1
Target Milestone: --- → mozilla1.4beta
Summary: Style system should ask nsIContentPolicy before loading external sheets → [FIX]Style system should ask nsIContentPolicy before loading external sheets
Comment on attachment 119265 [details] [diff] [review]
Something like this?

>Index: content/html/style/src/nsCSSLoader.h
>===================================================================

> /**
>+ * CheckLoadAllowed will return success if the load is allowed, failure otherwise.

> 80 chars

>+  nsCOMPtr<nsIScriptSecurityManager> secMan = 

Remove trailing space.

>+           do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
>+  if (NS_FAILED(rv)) return rv;

Please make this two lines and add braces.

>+  rv = secMan->CheckLoadURI(aSourceURI, aTargetURI,
>+                            nsIScriptSecurityManager::ALLOW_CHROME);
>+  if (NS_FAILED(rv)) return rv;

Ditto.
Attachment #119265 - Flags: superreview?(peterv) → superreview+
Attachment #119265 - Flags: review?(mvl) → review+
Checked in, and no perf issues.  ;)
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED

Updated

16 years ago
Whiteboard: [whitebox]
You need to log in before you can comment on or make changes to this bug.