scripts blocked by CAPS are still fetched, starting with Fx 4

RESOLVED FIXED in mozilla8

Status

()

Core
DOM
P2
normal
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: al_9x, Assigned: bz)

Tracking

({dev-doc-complete})

Trunk
mozilla8
dev-doc-complete
Points:
---
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
test page: <script src="script.js"></script>
policy: user_pref("capability.policy.default.javascript.enabled", "noAccess");

The above policy prevents script fetching in Fx 3.6 but not in 4 & 5
(Reporter)

Comment 1

6 years ago
Last good nightly: 2010-05-03
First bad nightly: 2010-05-04

Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=83c887dff0da&tochange=d6bb0f9e9519
Sounds like the HTML5 parser prefetch at work.  The script is not executed, of course.  I suppose we can condition it for scripts on whether script is enabled for the document...

In particular, nsScriptLoader::ProcessScriptElement does an enabled check, but nsScriptLoader::PreloadURI does not.

Jonas, any objections to adding it?
Status: UNCONFIRMED → NEW
Component: Security: CAPS → DOM
Ever confirmed: true
QA Contact: caps → general
Created attachment 543332 [details] [diff] [review]
When scripts are disabled, don't bother preloading them.
Attachment #543332 - Flags: review?(jonas)
Assignee: nobody → bzbarsky
Priority: -- → P2
Whiteboard: [needs review]
Attachment #543332 - Flags: review?(jonas) → review+
Whiteboard: [needs review] → [needs landing]
http://hg.mozilla.org/integration/mozilla-inbound/rev/78406c193536
Flags: in-testsuite?
Whiteboard: [needs landing]
Target Milestone: --- → mozilla8
Merged:
http://hg.mozilla.org/mozilla-central/rev/78406c193536
Status: NEW → RESOLVED
Last Resolved: 6 years ago
OS: Windows XP → All
Hardware: x86 → All
Resolution: --- → FIXED
Version: unspecified → Trunk
Keywords: dev-doc-needed
This bug fix is listed on Firefox 8 for developers.
Keywords: dev-doc-needed → dev-doc-complete
You need to log in before you can comment on or make changes to this bug.