1947858 - "Save page as, complete" fails if any resource is blocked by ORB

Status: NEW

(Core :: DOM: Core & HTML, defect)

Description

[Daniel Veditz [:dveditz]]

In Firefox 118 (bug 1851143) we enabled Opaque Request Blocking (ORB) which blocks sub-resource loads when the content-type does not match one of the acceptable types for that resource. Among other things this protects against web pages including booby-trapped "image" or other resources that try to download potentially harmful files like executables (see bug 1279126, for exmple).

It appears now that when you "Save Page As, Complete" and any of the resources are blocked by ORB, we cause the entire download to fail. This is pretty user hostile. We have presumably already blocked the resource when displaying the page, so if the user is trying to save the page they're happy with the page not having that resource. A malicious page could hide an ORB-blocked "image" on every page so that users would not be able to easily save the page contents with its resources.

Actual result:
saving the page fails. the user has to switch to "HTML-only" if they want to save it, but the resources won't be available off-line

Expected result:
We should save the HTML and as many sub-resources as loaded correctly. The ORB-blocked resources should be given an empty src/href

Comment 1

[Daniel Veditz [:dveditz]]

Attachment: Try "Save page as, complete"

When the download fails we still get a "foo_files" directory containing the sub-resources that were not blocked by ORB. So cleanup after the failure isn't happening, or "glass half-full" this is very close to working correctly.

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

Set release status flags based on info from the regressing bug 1851143

:sefeng, since you are the author of the regressor, bug 1851143, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.