Closed Bug 337260 Opened 19 years ago Closed 18 years ago

[FIX]img in data URL stops working on reload

Categories

(Core :: Networking, defect, P1)

Product:
Core
Component:
Networking
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9alpha1

People

(Reporter: dbaron, Assigned: bzbarsky)

References

(
URL
)

Details

Attachments

(1 file)

Proposed fix
(deleted), patch
dveditz
: review+
jst
: superreview+
Details | Diff | Splinter Review
Images in data URLs don't seem to work correctly on reload; this seems to be a recent regression, although I haven't tested carefully. Steps to reproduce: 1. load data:text/html;charset=utf-8,%3C!DOCTYPE%20HTML%3E%0D%0A%3Cstyle%3E%20img%20%7B%20text-decoration%3A%20underline%3B%20%7D%20%3C%2Fstyle%3E%0D%0A%3Cp%3E%3Cspan%3E%20Text%20%3Cimg%20src%3D%22http%3A%2F%2Fhixie.ch%2Fresources%2Fimages%2Fsmallcats%22%20alt%3D%22%22%3E%20%3C%2Fspan%3E%3C%2Fp%3E 2. hit reload Actual results: 1. shows image 2. doesn't show image Expected results: 1. shows image 2. shows image
Seems similar to bug 336969.
Depends on: 336969
Yep, I see a bunch of Security Error: Content at moz-nullprincipal:{a26314cf-53e2-4db3-908b-514e119c7970} may not load or link to http://hixie.ch/resources/images/smallcats. on the JS console.
Also note that you end up with the same case when the URL is loaded from a redirect; it seems the real problem here is also that we're preventing the null principal from loading HTTP images, on which there were previously (I thought) no restrictions. But we might want to make sure data URLs have the right principal when they're redirected to as well; probably this should be split into 3 bugs...
So there are three sorta-separate issues here: 1) Redirected data: URLs have the null principal on purpose; otherwise you get XSS attack vectors. 2) data: URLs should be able to load HTTP images, probably. Need to decide whether this is true for all null principals, but I suspect that it is. 3) Reloading a data: URL should not change its principal (it seems to right now). I'll probably focus on #3 in this bug, and #2 in bug 336969.
So there are two issues here: 1) Null principal can't load http:. I'm probably going to change this. 2) Reload loses the subject principal. That's bad. That looks like a regression from bug 292691.
Note to self: test the fix against bug 291745 and bug 292691
Blocks: 336969
No longer depends on: 336969
Blocks: 334407
Attached patch Proposed fix (deleted) — Splinter Review
This fix has two parts to it: 1) Allow null principals to load random things that anyone can load. Fixes the visual symptoms and bug 336969. 2) Make sure to not lose the principal when doing a reload of something that inherits its principal by storing said principal in the SHEntry.
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Attachment #221851 - Flags: superreview?(jst)
Attachment #221851 - Flags: review?(dveditz)
Priority: -- → P1
Summary: img in data URL stops working on reload → [FIX]img in data URL stops working on reload
Target Milestone: --- → mozilla1.9alpha
Comment on attachment 221851 [details] [diff] [review] Proposed fix sr=jst
Attachment #221851 - Flags: superreview?(jst) → superreview+
Comment on attachment 221851 [details] [diff] [review] Proposed fix r=dveditz
Attachment #221851 - Flags: review?(dveditz) → review+
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
No longer depends on: 342108
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: