Backed out changesets f4fa8c49ebc6 and 78e2ba8842d4 (bug 1184387) for browser_parsable_css.js failures.
authorRyan VanderMeulen <ryanvm@gmail.com>
Wed, 05 Aug 2015 14:39:28 -0400
changeset 288094 a7860794b00e186b56dff097c1727c5d0ab3474e
parent 288093 25d448978f89083662611831740bbc7308cfb280
child 288095 fe4520e7fc27fea9b7555efb5befcfa23ea82df0
push id5067
push userraliiev@mozilla.com
push dateMon, 21 Sep 2015 14:04:52 +0000
treeherdermozilla-beta@14221ffe5b2f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1184387
milestone42.0a1
backs outf4fa8c49ebc63dba5d1c89740853cb2af39c98fd
78e2ba8842d481bbae413da71b4870d67741ada7
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changesets f4fa8c49ebc6 and 78e2ba8842d4 (bug 1184387) for browser_parsable_css.js failures. CLOSED TREE
browser/base/content/test/general/browser_parsable_css.js
caps/nsScriptSecurityManager.cpp
--- a/browser/base/content/test/general/browser_parsable_css.js
+++ b/browser/base/content/test/general/browser_parsable_css.js
@@ -50,47 +50,30 @@ function ignoredError(aErrorObject) {
     }
     if (matches) {
       return true;
     }
   }
   return false;
 }
 
-function once(target, name) {
-  return new Promise((resolve, reject) => {
-    target.addEventListener(name, function() {
-      target.removeEventListener(name, f);
-      resolve();
-    });
-  });
-}
-
 add_task(function checkAllTheCSS() {
   let appDir = Services.dirsvc.get("XCurProcD", Ci.nsIFile);
   // This asynchronously produces a list of URLs (sadly, mostly sync on our
   // test infrastructure because it runs against jarfiles there, and
   // our zipreader APIs are all sync)
   let uris = yield generateURIsFromDirTree(appDir, ".css");
 
-  // Create a clean iframe to load all the files into. This needs to live at a
-  // file or jar URI (depending on whether we're using a packaged build or not)
-  // so that it's allowed to load other same-scheme URIs (i.e. the browser css).
-  let resHandler = Services.io.getProtocolHandler("resource")
-                           .QueryInterface(Ci.nsISubstitutingProtocolHandler);
-  let resURI = Services.io.newURI('resource://testing-common/resource_test_file.html', null, null);
-  let testFile = resHandler.resolveURI(resURI);
-  let windowless = Services.appShell.createWindowlessBrowser();
-  let iframe = windowless.document.createElementNS("http://www.w3.org/1999/xhtml", "html:iframe");
-  windowless.document.documentElement.appendChild(iframe);
-  let iframeLoaded = once(iframe, 'load');
-  iframe.contentWindow.location = testFile;
-  yield iframeLoaded;
+  // Create a clean iframe to load all the files into:
+  let hiddenWin = Services.appShell.hiddenDOMWindow;
+  let iframe = hiddenWin.document.createElementNS("http://www.w3.org/1999/xhtml", "html:iframe");
+  hiddenWin.document.documentElement.appendChild(iframe);
   let doc = iframe.contentWindow.document;
 
+
   // Listen for errors caused by the CSS:
   let errorListener = {
     observe: function(aMessage) {
       if (!aMessage || !(aMessage instanceof Ci.nsIScriptError)) {
         return;
       }
       // Only care about CSS errors generated by our iframe:
       if (aMessage.category.includes("CSS") && aMessage.innerWindowID === 0 && aMessage.outerWindowID === 0) {
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -838,22 +838,28 @@ nsScriptSecurityManager::CheckLoadURIWit
         // Allow domains that were whitelisted in the prefs. In 99.9% of cases,
         // this array is empty.
         for (size_t i = 0; i < mFileURIWhitelist.Length(); ++i) {
             if (EqualOrSubdomain(sourceURI, mFileURIWhitelist[i])) {
                 return NS_OK;
             }
         }
 
-        // Allow chrome://
-        if (sourceScheme.EqualsLiteral("chrome")) {
+        // resource: and chrome: are equivalent, securitywise
+        // That's bogus!!  Fix this.  But watch out for
+        // the view-source stylesheet?
+        bool sourceIsChrome;
+        rv = NS_URIChainHasFlags(sourceURI,
+                                 nsIProtocolHandler::URI_IS_UI_RESOURCE,
+                                 &sourceIsChrome);
+        NS_ENSURE_SUCCESS(rv, rv);
+        if (sourceIsChrome) {
             return NS_OK;
         }
 
-        // Nothing else.
         if (reportErrors) {
             ReportError(nullptr, errorTag, sourceURI, aTargetURI);
         }
         return NS_ERROR_DOM_BAD_URI;
     }
 
     // OK, everyone is allowed to load this, since unflagged handlers are
     // deprecated but treated as URI_LOADABLE_BY_ANYONE.  But check whether we