CSP inline styles bug: Question

For the more technical/geeky chat subjects!

Moderator: satrow

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1024
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

CSP inline styles bug: Question

Unread postby Tomaso » Sat, 03 Nov 2018, 12:37

Is this bug fix included in Pale Moon, or is it still affected?:
https://bugzilla.mozilla.org/show_bug.cgi?id=1415352

My reason for asking:
https://github.com/uBlockOrigin/uBlock- ... ssues/298/

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22326
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: CSP inline styles bug: Question

Unread postby Moonchild » Sat, 03 Nov 2018, 13:06

gorhill wrote:I have stated many times that legacy version will be updated only for serious bug fixes. Other fixes will have to be contributed. I do not consider this issue to be a serious one, it had existed for years before being fixed in stable.


So, why would this be a priority for us if the one consumer of this affected by the CSP change isn't interested in updating the extension that is compatible with our tree?
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Take note: 23 November is Wolfenoot! Eat roast meat and/or cake decorated like the full moon. #wolfenoot

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1024
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: CSP inline styles bug: Question

Unread postby Tomaso » Sat, 03 Nov 2018, 13:20

I think that if the Mozilla fix was applied in Pale Moon, it should be easy to convince gorhill into applying the uBO fix too.
After all, both fixes already exist!
Also, since that fix @ Bugzilla seems to be generic, and not specifically targeting uBO, other extensions are probably affected too.
..so why not adopt it?
Last edited by Tomaso on Sat, 03 Nov 2018, 13:20, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22326
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: CSP inline styles bug: Question

Unread postby Moonchild » Sat, 03 Nov 2018, 13:24

Tomaso wrote:I think that if the Mozilla fix was applied in Pale Moon, it should be easy to convince gorhill into applying the uBO fix too.

No, he's clear that he won't do it and someone will have to contribute it.

Tomaso wrote:Also, since that fix @ Bugzilla seems to be generic, and not specifically targeting uBO, other extensions are probably affected too.
..so why not adopt it?

It significantly changes behavior of any nodes touched by an extension script because its principal will change, and will change behavior away from the spec for those nodes (so it's not necessarily a "bug" nor a "fix" to implement that change). I'm not comfortable with doing that on a whim as it will break websites that expect to be able to edit nodes they created or that are part of their content. It's not a straight-forward change either and makes this part of node administration in content more complex.
Last edited by Moonchild on Sat, 03 Nov 2018, 13:28, edited 1 time in total.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Take note: 23 November is Wolfenoot! Eat roast meat and/or cake decorated like the full moon. #wolfenoot

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1024
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: CSP inline styles bug: Question

Unread postby Tomaso » Sat, 03 Nov 2018, 14:10

Moonchild wrote:someone will have to contribute it.

Yeah, seems to be what usually happens with the Legacy branch.

--

Moonchild wrote:I'm not comfortable with doing that on a whim as it will break websites that expect to be able to edit nodes they created or that are part of their content.

Fair enough.
I've only encountered this issue once, so it can't be a widespread thing anyway.
Also, I easely found my way around it, by using Pale Moon's dev. tools Inspector instead.
No worries, Moonchild. :)
Thanks for elaborating!
Last edited by Tomaso on Sat, 03 Nov 2018, 14:12, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22326
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: CSP inline styles bug: Question

Unread postby Moonchild » Sat, 03 Nov 2018, 14:46

Tomaso wrote:I've only encountered this issue once, so it can't be a widespread thing anyway.

I think most extension authors understand that if you inject something into page content, it will become part of that content and subject to content rules. If you don't want your injected content to be subject to content rules, then you shouldn't inject it (and e.g. only inject an interface, and keep the rest of your scripting in the browser chrome).
The more I think about what Mozilla has done in response to something here (an unknown request not part of the bug description), the more I want to say I never want this in the browser, because it is at most for corner cases, and makes for a much more fragile separation of content from privileged code.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Take note: 23 November is Wolfenoot! Eat roast meat and/or cake decorated like the full moon. #wolfenoot

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1024
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: CSP inline styles bug: Question

Unread postby Tomaso » Sat, 03 Nov 2018, 14:51

I trust your judgement!
:)
Last edited by Tomaso on Sat, 03 Nov 2018, 14:51, edited 1 time in total.


Return to “Technical chat”

Who is online

Users browsing this forum: No registered users and 3 guests