Open Bug 842102 Opened 12 years ago Updated 2 years ago

Allow some level of privileged content to listen for AfterPaint

Categories

(Core :: DOM: Events, defect, P5)

Product:
Core
Component:
DOM: Events
Platform:
x86_64
Linux
Type:
defect

Tracking

()

People

(Reporter: cjones, Unassigned)

References

Details

(Whiteboard: [tech-p3])

In bug 842091, we had to hack around a race condition with a silly timeout. We could have implemented a "real" fix using MozAfterPaint, but of course that's not available to web content. This bug affected the gaia system app, which has godlike powers already. It's a little bit silly to prevent it from listening to MozAfterPaint. What privilege level should we require to listen to MozAfterPaint? Does it make sense to allow unprivileged "apps" to listen to it? If not, how about privileged apps? We should definitely allow it for apps with "embed-apps" permissions, because they can already listen to MozAfterPaint (by way of the mozbrowser nextpaint event), for any web content in the world.
(In reply to Chris Jones [:cjones] [:warhammer] from comment #0) > What privilege level should we require to listen to MozAfterPaint? Does it > make sense to allow unprivileged "apps" to listen to it? If not, how about > privileged apps? I think it's fine to use it for any app that is permitted cross-domain access.
That would essentially mean privileged apps that have system-xhr, tcp-socket or browser-api permission. Though I'm not sure how the cross-origin access plays in here? I'd also like to understand better the problem that MozAfterPaint would have helped in bug 842091.
I'm not sure all the details are worth going into, but we needed to do work X after we were sure our frame had been repainted.
(In reply to Jonas Sicking (:sicking) from comment #2) > That would essentially mean privileged apps that have system-xhr, tcp-socket > or browser-api permission. > > Though I'm not sure how the cross-origin access plays in here? Listening to MozAfterPaint on subframes from a different origin can cause information to leak across origin boundaries.
Needed to remove a hack in gaia and enable that use case more generally.
Whiteboard: [tech-p3]
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.