Bug 1379464 - Enable context-paint for mozilla-created webextensions. r=heycam, r=kmag, a=lizzard
authorJared Wein <jwein@mozilla.com>
Mon, 10 Jul 2017 13:34:41 -0400
changeset 414294 e537bfdef7c9dfc8a2b4cba1c5aad7227b8a8df6
parent 414293 f37efe938cd4a2228fd018fc59e8d0ba337ef385
child 414295 4cd92600443e631a05436705188df90a0cc2ae70
push id1490
push usermtabara@mozilla.com
push dateMon, 31 Jul 2017 14:08:16 +0000
treeherdermozilla-release@70e32e6bf15e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersheycam, kmag, lizzard
bugs1379464
milestone55.0
Bug 1379464 - Enable context-paint for mozilla-created webextensions. r=heycam, r=kmag, a=lizzard MozReview-Commit-ID: BAuDi4hj1G1
layout/svg/SVGContextPaint.cpp
--- a/layout/svg/SVGContextPaint.cpp
+++ b/layout/svg/SVGContextPaint.cpp
@@ -45,29 +45,32 @@ SVGContextPaint::IsAllowedForImageFromUR
   // instead of trying to figure out what content is "ours" we instead let
   // any content provide image context paint, but only if the image is
   // chrome:// or resource:// do we return true.  This should be sufficient
   // to stop the image context paint feature being useful to (and therefore
   // used by and relied upon by) Web content.  (We don't want Web content to
   // use this feature because we're not sure that image context paint is a
   // good mechanism for wider use, or suitable for specification.)
   //
-  // One case where we may return false here and prevent image context paint
-  // being used by "our" content is in-tree WebExtensions.  These have scheme
-  // 'moz-extension://', but so do other developers' extensions, and we don't
-  // want extension developers coming to rely on image context paint either.
-  // We may be able to provide our in-tree extensions access to context paint
-  // once they are signed. For more information see:
-  // https://bugzilla.mozilla.org/show_bug.cgi?id=1359762#c5
+  // One case that is not covered by chrome:// or resource:// are WebExtensions,
+  // specifically ones that are "ours". WebExtensions are moz-extension://
+  // regardless if the extension is in-tree or not. Since we don't want
+  // extension developers coming to rely on image context paint either, we only
+  // enable context-paint for extensions that are signed by Mozilla.
   //
   nsAutoCString scheme;
   if (NS_SUCCEEDED(aURI->GetScheme(scheme)) &&
       (scheme.EqualsLiteral("chrome") || scheme.EqualsLiteral("resource"))) {
     return true;
   }
+  RefPtr<BasePrincipal> principal = BasePrincipal::CreateCodebasePrincipal(aURI, OriginAttributes());
+  nsString addonId;
+  if (NS_SUCCEEDED(principal->GetAddonId(addonId))) {
+    return StringEndsWith(addonId, NS_LITERAL_STRING("@mozilla.org"));
+  }
   return false;
 }
 
 /**
  * Stores in |aTargetPaint| information on how to reconstruct the current
  * fill or stroke pattern. Will also set the paint opacity to transparent if
  * the paint is set to "none".
  * @param aOuterContextPaint pattern information from the outer text context