Currently, css loader does not prompt content policy before loading external sheets. Content policy has the capacity to handle it (at least, it has a constant dedicated to it). Hooking up css loader would be helpful to get over with even though no code content policy implementations currently exist that looks for stylesheet types (so that if anything wanted to do so in the future, it wouldn't be held up by this). If you're thinking, "why would you want to manage stylesheet loading like that?", think less of the stylesheet-specific case and more of the any-external-content case ("don't waste time loading external resources from a google cache page"). Oh, this is true for trunk at this time (see bug filing timestamp).
Oh, and this can be thought of as tangentially related to bug 147866
Comment on attachment 119265 [details] [diff] [review] Something like this? Let's hope this does not slow down things like startup.... ;)
16 years ago
Priority: -- → P1
Target Milestone: --- → mozilla1.4beta
16 years ago
Summary: Style system should ask nsIContentPolicy before loading external sheets → [FIX]Style system should ask nsIContentPolicy before loading external sheets
Comment on attachment 119265 [details] [diff] [review] Something like this? >Index: content/html/style/src/nsCSSLoader.h >=================================================================== > /** >+ * CheckLoadAllowed will return success if the load is allowed, failure otherwise. > 80 chars >+ nsCOMPtr<nsIScriptSecurityManager> secMan = Remove trailing space. >+ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); >+ if (NS_FAILED(rv)) return rv; Please make this two lines and add braces. >+ rv = secMan->CheckLoadURI(aSourceURI, aTargetURI, >+ nsIScriptSecurityManager::ALLOW_CHROME); >+ if (NS_FAILED(rv)) return rv; Ditto.
Attachment #119265 - Flags: superreview?(peterv) → superreview+
Attachment #119265 - Flags: review?(mvl) → review+
Checked in, and no perf issues. ;)
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.