440422 - Accessing an image from content policy makes it inaccessible for content

Status: RESOLVED WORKSFORME

(Core :: XPConnect, defect)

Description

[Wladimir Palant]

Attachment: Testcase

I am forwarding a bug report from Backbase Framework developers here. See attached testcase - they are creating an XML document with an image and inserting its contents inside another XML document. After that they try to access some property of that image - like namespaceURI or parentNode. Usually this works fine, however it throws an exception in Firefox 3 with Adblock Plus installed: "Permission denied to get property".

Investigation on my part shows that this is caused by Adblock Plus accessing node.ownerDocument for this image from nsIContentPolicy.shouldLoad (same thing for scripts and stylesheets doesn't cause any problems). I couldn't reproduce with my minimal content policy however, apparently that doesn't work if the policy is an XPCOM component - it has to be a script loaded from chrome://. This makes bug 344494 my prime suspect for this regression (I cannot access it of course).

Note that bug 422120 is probably caused by the same issue.

Comment 1

[Wladimir Palant]

Forgot to mention that there is no issue immediately after Adblock Plus was installed - only when you restart again. This is probably because chrome://adblockplus/content/policy.js is loaded earlier on first start due to XPCOM component being registered.

Comment 2

[Sjoerd Mulder]

Any possibility this bugs gets more priority? It currently breaks Backbase enabled websites in combination with Fx3 and Ad-block extension.

Comment 3

[Blake Kaplan (:mrbkap) (inactive)]

This reminds me of bug 440275. Wladimir, can you test with a build that has that fix to see if that patch fixed this as well?

Comment 4

[Wladimir Palant]

Yes, this bug seems to be fixed in Gecko/2008080303 Minefield/3.1a2pre, resolving WORKSFORME. I hope, bug 440275 will land on 1.9.0 branch soon, this issue is pretty serious.