Bug 1533424 - Don't allow InspectorUtils to mess up with our UA sheets. r=heycam
☠☠ backed out by def4c8434246 ☠ ☠
authorEmilio Cobos Álvarez <emilio@crisal.io>
Fri, 08 Mar 2019 13:54:11 +0000
changeset 463157 b56791a96f96525d2d4fbec907f6c7c58a9e3dcc
parent 463156 f001c13667acf1ffe2728d95ade809e8b8819bf4
child 463158 c8a4f2586fc01b1e13303f55eaa096c306674416
push id35668
push userbtara@mozilla.com
push dateFri, 08 Mar 2019 21:50:53 +0000
treeherdermozilla-central@14778fd00dc5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersheycam
bugs1533424
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1533424 - Don't allow InspectorUtils to mess up with our UA sheets. r=heycam You can mess up stuff pretty badly if that happens, and we want to do this anyway for the shared UA sheet stuff, so... Differential Revision: https://phabricator.services.mozilla.com/D22554
layout/style/StyleSheet.cpp
--- a/layout/style/StyleSheet.cpp
+++ b/layout/style/StyleSheet.cpp
@@ -962,16 +962,23 @@ void StyleSheet::FinishParse() {
   SetSourceURL(sourceURL);
 }
 
 nsresult StyleSheet::ReparseSheet(const nsAString& aInput) {
   if (!IsComplete()) {
     return NS_ERROR_DOM_INVALID_ACCESS_ERR;
   }
 
+  // Allowing to modify UA sheets is dangerous (in the sense that C++ code
+  // relies on rules in those sheets), plus they're probably going to be shared
+  // across processes in which case this is directly a no-go.
+  if (GetOrigin() == OriginFlags::UserAgent) {
+    return NS_ERROR_DOM_NO_MODIFICATION_ALLOWED_ERR;
+  }
+
   // Hold strong ref to the CSSLoader in case the document update
   // kills the document
   RefPtr<css::Loader> loader;
   if (Document* doc = GetAssociatedDocument()) {
     loader = doc->CSSLoader();
     NS_ASSERTION(loader, "Document with no CSS loader!");
   } else {
     loader = new css::Loader;