Page 1 of 1
<link> referenced icon misconstrued as CSS and blocked
Posted: Tue Jul 27, 2010 3:14 am
by al_9x
Hotmail page references an icon like this:
Code: Select all
<link rel="icon" type="image/x-icon" href="http://gfx2.hotmail.com/mail/w4/m3/ltr/mfav.ico" />
NS blocks it
Re: <link> referenced icon misconstrued as CSS and blocked
Posted: Tue Jul 27, 2010 5:21 am
by Giorgio Maone
That's really weird.
Code: Select all
var ph = PolicyState.extract(channel);
if (ph) {
var ctype = ph.contentType;
var origin = ABE.getOriginalOrigin(channel) || ph.requestOrigin;
if (origin && (ctype === 2 || ctype === 4) && this.getBaseDomain(origin.host) != this.getBaseDomain(channel.URI.host)) {
should be null for favicons, and so origin.
Furthermore, ctype == 2 means script and ctype == 4 means CSS, and this info comes from Gecko...
Re: <link> referenced icon misconstrued as CSS and blocked
Posted: Tue Jul 27, 2010 6:10 am
by al_9x
This is in a new wave4 Hotmail, I take it you can't repro since you don't have it yet? You could wait till you get upgraded or if you want, give me some debug code to patch. It doesn't cause any problems, I only noticed it while investigating something else, but seems worth understanding.
Re: <link> referenced icon misconstrued as CSS and blocked
Posted: Tue Jul 27, 2010 7:45 am
by Giorgio Maone
Can you consistently reproduce it?
Is that LINK element the only reference to that file?
I tried the running following URL on a whitelisted page, and the icon successfully changed (after some seconds, looks like the server is fairly overloaded) with no NoScript interference:
Code: Select all
javascript:var l=document.createElement("link");l.rel="icon";l.type="image/x-icon";l.href="http://gfx2.hotmail.com/mail/w4/m3/ltr/mfav.ico";document.getElementsByTagName("head")[0].appendChild(l);alert("done")
Re: <link> referenced icon misconstrued as CSS and blocked
Posted: Tue Jul 27, 2010 9:40 am
by al_9x
Giorgio Maone wrote:Can you consistently reproduce it?
Yes, new profile, defaults.
Giorgio Maone wrote:Is that LINK element the only reference to that file?
There are (only) two. Both the root page (/default.aspx) and its iframe (/mail/InboxLight.aspx) have identical <link> lines. The one that's blocked is from /default.aspx. The icon still loads and is shown. The console log indicates that it's loaded twice and blocked once (request, response, block, request, response) A sniffer shows two requests.
However I can't repro on a simple test page with an iframe, both with icon <links>. There I get two requests and no block (request, response, request, cached response). The sniffer, due two the second cached response shows only one request. It seems likely to be timing sensitive.
Re: <link> referenced icon misconstrued as CSS and blocked
Posted: Wed Aug 04, 2010 4:35 am
by al_9x
You should have
new Hotmail now.
Re: <link> referenced icon misconstrued as CSS and blocked
Posted: Wed Aug 04, 2010 4:48 am
by therube
("new Hotmail". Yeah, isn't that wonderful. Hotmail seems to think that SeaMonkey is some sort of portable device
.)
Re: <link> referenced icon misconstrued as CSS and blocked
Posted: Wed Aug 04, 2010 5:45 am
by al_9x
therube wrote:("new Hotmail". Yeah, isn't that wonderful. Hotmail seems to think that SeaMonkey is some sort of portable device
.)
Can you repro the issue from this thread in Firefox? Open the inbox (do a shift-reload on the inbox just in case), open the error console, select messages, and see if you have something like:
[NoScript] Blocking cross site CSS served from
http://gfx1.hotmail.com/mail/w4/m3/ltr/mfav.ico with wrong type info image/x-icon