Closed Bug 483170 Opened 15 years ago Closed 15 years ago

Bogus security error when attaching a bindings with userContent.css

Categories

(Core :: XBL, defect, P2)

Product:
Core
Component:
XBL
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dao, Assigned: sicking)

References

Details

(Keywords: fixed1.9.0.9, fixed1.9.1, regression, Whiteboard: required by 481558) 

useContent.css:
a[target="_blank"], a[target="_new"] {
  -moz-binding: url(userBindings.xml#no_blank);
}

The warning on any page that uses target=_blank:
Security Error: Content at https://bugzilla.mozilla.org/show_bug.cgi?id=470250 may not load or link to file:///path/to/Firefox/Profiles/qg976eyf.trunk/chrome/userContent.css.

Bug 481558 comment 44 et seq.:
> userContent.css should probably be considered a UA stylesheet, too. Apparently
> it's not currently:
> http://forums.mozillazine.org/viewtopic.php?p=5981365#p5981365

> It is.  That's an unfortunate side-effect of using CheckLoadURI here: it always
> warns.  That sucks.  :(

> I was worried about that, but didn't see any error-reporting code on a quick
> scan. Apparently I missed it :(
Summary: Bogus security warning when attaching a bindings with userContent.css → Bogus security error when attaching a bindings with userContent.css
Flags: wanted1.9.0.x+
Flags: blocking1.9.1?
Flags: blocking1.9.0.8+
Whiteboard: required by 481558
Assignee: nobody → jonas
Flags: blocking1.9.1? → blocking1.9.1+
Fixed by patch in bug 483170
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Jonas meant bug 416942
Flags: blocking1.9.0.8+
Sorry about the bugspam. Was thinking we didn't need to "block" since the fix is elsewhere and I could save the bogus "fixed" keywords here, but we really do want QA to verify that this regression doesn't happen, so back on the blocking list.
Flags: blocking1.9.0.8+
Keywords: fixed1.9.0.8, fixed1.9.1
You need to log in before you can comment on or make changes to this bug.