Comment 58 for bug 294712

Revision history for this message
In , Highmind63 (highmind63) wrote :

Created an attachment (id=382357)
patch ver.2

This nixes the changes to nsContentUtils altogether, and allows the image load (if the content policy denies it) only if the REJECT type is TYPE || SERVER.

According to the idl this should be fine, REJECT_REQUEST is for other reasons that we may not want to bypass, but REJECT_{IMAGE|SERVER} are directly connected with permissions granted either to images as a whole or to this particular server.

I tried to write a test for this, but I can't seem to figure out how to detect an image rejection or success on the image itself...

Since bz gave me the r-/sr-, is it ok that I ask you for r/sr or do you want jonas to look at this as well?