CSP inline styles bug: Question

General discussion and chat (archived)
User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

CSP inline styles bug: Question

Unread post by Tomaso » 2018-11-03, 12:37

Is this bug fix included in Pale Moon, or is it still affected?:
https://bugzilla.mozilla.org/show_bug.cgi?id=1415352

My reason for asking:
https://github.com/uBlockOrigin/uBlock- ... ssues/298/

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: CSP inline styles bug: Question

Unread post by Moonchild » 2018-11-03, 13:06

gorhill wrote:I have stated many times that legacy version will be updated only for serious bug fixes. Other fixes will have to be contributed. I do not consider this issue to be a serious one, it had existed for years before being fixed in stable.
So, why would this be a priority for us if the one consumer of this affected by the CSP change isn't interested in updating the extension that is compatible with our tree?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Re: CSP inline styles bug: Question

Unread post by Tomaso » 2018-11-03, 13:20

I think that if the Mozilla fix was applied in Pale Moon, it should be easy to convince gorhill into applying the uBO fix too.
After all, both fixes already exist!
Also, since that fix @ Bugzilla seems to be generic, and not specifically targeting uBO, other extensions are probably affected too.
..so why not adopt it?
Last edited by Tomaso on 2018-11-03, 13:20, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: CSP inline styles bug: Question

Unread post by Moonchild » 2018-11-03, 13:24

Tomaso wrote:I think that if the Mozilla fix was applied in Pale Moon, it should be easy to convince gorhill into applying the uBO fix too.
No, he's clear that he won't do it and someone will have to contribute it.
Tomaso wrote:Also, since that fix @ Bugzilla seems to be generic, and not specifically targeting uBO, other extensions are probably affected too.
..so why not adopt it?
It significantly changes behavior of any nodes touched by an extension script because its principal will change, and will change behavior away from the spec for those nodes (so it's not necessarily a "bug" nor a "fix" to implement that change). I'm not comfortable with doing that on a whim as it will break websites that expect to be able to edit nodes they created or that are part of their content. It's not a straight-forward change either and makes this part of node administration in content more complex.
Last edited by Moonchild on 2018-11-03, 13:28, edited 1 time in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Re: CSP inline styles bug: Question

Unread post by Tomaso » 2018-11-03, 14:10

Moonchild wrote:someone will have to contribute it.
Yeah, seems to be what usually happens with the Legacy branch.

--
Moonchild wrote:I'm not comfortable with doing that on a whim as it will break websites that expect to be able to edit nodes they created or that are part of their content.
Fair enough.
I've only encountered this issue once, so it can't be a widespread thing anyway.
Also, I easely found my way around it, by using Pale Moon's dev. tools Inspector instead.
No worries, Moonchild. :)
Thanks for elaborating!
Last edited by Tomaso on 2018-11-03, 14:12, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: CSP inline styles bug: Question

Unread post by Moonchild » 2018-11-03, 14:46

Tomaso wrote:I've only encountered this issue once, so it can't be a widespread thing anyway.
I think most extension authors understand that if you inject something into page content, it will become part of that content and subject to content rules. If you don't want your injected content to be subject to content rules, then you shouldn't inject it (and e.g. only inject an interface, and keep the rest of your scripting in the browser chrome).
The more I think about what Mozilla has done in response to something here (an unknown request not part of the bug description), the more I want to say I never want this in the browser, because it is at most for corner cases, and makes for a much more fragile separation of content from privileged code.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Re: CSP inline styles bug: Question

Unread post by Tomaso » 2018-11-03, 14:51

I trust your judgement!
:)
Last edited by Tomaso on 2018-11-03, 14:51, edited 1 time in total.

Locked