Bug 852648 introduced Notification Center support (replacing XUL notifications when available). When the specificied content icon cannot load within 6 seconds, no icon is shown in the notification alert. In the interest of distinguishing content from chrome notifications, a generic icon should be displayed (as content icon) instead of showing no icon at all. (XUL alerts show a stylized megaphone, that icon can be reused for this case). There is the remote chance that a rogue page with notification permissions can display a notification that appears to be a Firefox notification (i.e. not a website notification) to the user but (when clicked on) leads to a spoofed page luring the user into entering sensitive information – the critical issue is that the user thinks he is providing these information for Firefox when instead these information can be sent to the attacker. (Although this is probably sec-low, I defer this decision to the security group. Feel free to remove the flag immediately.)
(In reply to Florian Bender from comment #0) > (Although this is probably sec-low, I defer this decision to the security > group. Feel free to remove the flag immediately.) Whoops. Should've ticked the box. Anyway, it's not such a big issue …
Actually, after filing Bug 948136, I think that the generic icon should be used at all times (not only on timeout), unless the "icon" option (in the dictionary argument) points to a valid resource and fully loads before the timeout.
Summary: [Notification Center] display generic icon when contentIcon does not load in time → [Notification Center] display generic icon when content icon is invalid or does not load in time
Bulk move to Toolkit::Notifications and Alerts Filter on notifications-and-alerts-component.
Component: XUL Widgets → Notifications and Alerts
I think the solution to show the origin in the notification (bug 1202933) is a better solution than a fallback icon (which wouldn't be guaranteed to be web-specific).
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.