Backed out changesets 19903924c38f and 5877058bc14d (bug 1184387) for browser_parsable_css.js failures.
authorRyan VanderMeulen <ryanvm@gmail.com>
Tue, 25 Aug 2015 23:07:33 -0400
changeset 282038 822a3a2056cd086b0d4b64d3d125aa89c1318ffa
parent 282037 8f20947224b7947578c14ccd1e16f09608ccab4b
child 282039 55dde780cef5de94dde5b35659e62ee0db12e707
child 282060 602b3cd4e254803f808b7fe37e181eb0c2aa0865
push id4993
push userryanvm@gmail.com
push dateWed, 26 Aug 2015 03:07:41 +0000
treeherdermozilla-beta@822a3a2056cd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1184387
milestone41.0
backs out19903924c38f2fd26b295d501e1554cdd4e7d47a
5877058bc14db2b66031d524abe7088b66876f9b
Backed out changesets 19903924c38f and 5877058bc14d (bug 1184387) for browser_parsable_css.js failures.
browser/base/content/test/general/browser_parsable_css.js
caps/nsScriptSecurityManager.cpp
--- a/browser/base/content/test/general/browser_parsable_css.js
+++ b/browser/base/content/test/general/browser_parsable_css.js
@@ -50,48 +50,30 @@ function ignoredError(aErrorObject) {
     }
     if (matches) {
       return true;
     }
   }
   return false;
 }
 
-function once(target, name) {
-  return new Promise((resolve, reject) => {
-    let cb = () => {
-      target.removeEventListener(name, cb);
-      resolve();
-    };
-    target.addEventListener(name, cb);
-  });
-}
-
 add_task(function checkAllTheCSS() {
   let appDir = Services.dirsvc.get("XCurProcD", Ci.nsIFile);
   // This asynchronously produces a list of URLs (sadly, mostly sync on our
   // test infrastructure because it runs against jarfiles there, and
   // our zipreader APIs are all sync)
   let uris = yield generateURIsFromDirTree(appDir, ".css");
 
-  // Create a clean iframe to load all the files into. This needs to live at a
-  // file or jar URI (depending on whether we're using a packaged build or not)
-  // so that it's allowed to load other same-scheme URIs (i.e. the browser css).
-  let resHandler = Services.io.getProtocolHandler("resource")
-                           .QueryInterface(Ci.nsISubstitutingProtocolHandler);
-  let resURI = Services.io.newURI('resource://testing-common/resource_test_file.html', null, null);
-  let testFile = resHandler.resolveURI(resURI);
-  let windowless = Services.appShell.createWindowlessBrowser();
-  let iframe = windowless.document.createElementNS("http://www.w3.org/1999/xhtml", "html:iframe");
-  windowless.document.documentElement.appendChild(iframe);
-  let iframeLoaded = once(iframe, 'load');
-  iframe.contentWindow.location = testFile;
-  yield iframeLoaded;
+  // Create a clean iframe to load all the files into:
+  let hiddenWin = Services.appShell.hiddenDOMWindow;
+  let iframe = hiddenWin.document.createElementNS("http://www.w3.org/1999/xhtml", "html:iframe");
+  hiddenWin.document.documentElement.appendChild(iframe);
   let doc = iframe.contentWindow.document;
 
+
   // Listen for errors caused by the CSS:
   let errorListener = {
     observe: function(aMessage) {
       if (!aMessage || !(aMessage instanceof Ci.nsIScriptError)) {
         return;
       }
       // Only care about CSS errors generated by our iframe:
       if (aMessage.category.includes("CSS") && aMessage.innerWindowID === 0 && aMessage.outerWindowID === 0) {
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -802,22 +802,28 @@ nsScriptSecurityManager::CheckLoadURIWit
         // Allow domains that were whitelisted in the prefs. In 99.9% of cases,
         // this array is empty.
         for (size_t i = 0; i < mFileURIWhitelist.Length(); ++i) {
             if (EqualOrSubdomain(sourceURI, mFileURIWhitelist[i])) {
                 return NS_OK;
             }
         }
 
-        // Allow chrome://
-        if (sourceScheme.EqualsLiteral("chrome")) {
+        // resource: and chrome: are equivalent, securitywise
+        // That's bogus!!  Fix this.  But watch out for
+        // the view-source stylesheet?
+        bool sourceIsChrome;
+        rv = NS_URIChainHasFlags(sourceURI,
+                                 nsIProtocolHandler::URI_IS_UI_RESOURCE,
+                                 &sourceIsChrome);
+        NS_ENSURE_SUCCESS(rv, rv);
+        if (sourceIsChrome) {
             return NS_OK;
         }
 
-        // Nothing else.
         if (reportErrors) {
             ReportError(nullptr, errorTag, sourceURI, aTargetURI);
         }
         return NS_ERROR_DOM_BAD_URI;
     }
 
     // OK, everyone is allowed to load this, since unflagged handlers are
     // deprecated but treated as URI_LOADABLE_BY_ANYONE.  But check whether we