Bug 628747: Disallow SVG-as-an-image from loading external resources. r=bz a=roc

2011-01-26 22:20:27 -08:00 · 2011-01-26 22:20:27 -08:00 · 32442b2f13
--- a/content/base/src/nsDataDocumentContentPolicy.cpp
+++ b/content/base/src/nsDataDocumentContentPolicy.cpp
@ -78,8 +78,8 @@ nsDataDocumentContentPolicy::ShouldLoad(PRUint32 aContentType,
    return NS_OK;
  }

-  // Nothing else is OK to load for data documents
-  if (doc->IsLoadedAsData()) {
+  // Nothing else is OK to load for data documents or SVG-as-an-image documents
+  if (doc->IsLoadedAsData() || doc->IsBeingUsedAsImage()) {
    *aDecision = nsIContentPolicy::REJECT_TYPE;
    return NS_OK;
  }
--- a/layout/reftests/svg/as-image/img-and-image-1-ref.svg
+++ b/layout/reftests/svg/as-image/img-and-image-1-ref.svg
@ -29,10 +29,18 @@
    <!-- Single column from the testcase -->
    <g id="column">
      <use y="0"   xlink:href="#pAR_xMaxYMax_slice" width="60"  height="20"/>
+<!--
+      XXXdholbert As of bug 628747, the svg:image elements *within* an SVG
+      image are no longer honored, so I'm commenting out the chunk of this
+      reference case that was expected to match those parts of the testcase.
+      We might eventually want to just remove this chunk, but I'm leaving it
+      for now in case we refine this behavior later on.
+
      <use y="50"  xlink:href="#pAR_xMinYMin_slice" width="100" height="40"/>
      <use y="100" xlink:href="#pAR_none"           width="100" height="40"/>
      <use y="150" xlink:href="#pAR_xMaxYMax_meet"  width="80"  height="40"/>
      <use y="200" xlink:href="#pAR_xMaxYMax_slice" width="80"  height="40"/>
+-->
      <use y="250" xlink:href="#pAR_xMaxYMax_slice" width="30"  height="50"/>
    </g>
  </defs>
--- a/layout/reftests/svg/as-image/reftest.list
+++ b/layout/reftests/svg/as-image/reftest.list
@ -52,8 +52,8 @@ fails == canvas-drawImage-slice-1b.html lime100x100-ref.html # XXX all edges fuz

 # Test with mix of <html:img> and <svg:image> referring to the same images,
 # with a variety of preserveAspectRatio values in play.
-# NOTE: The reference cases in this test triggers 72 assertions (bug 563481)
-asserts(72) == img-and-image-1.html img-and-image-1-ref.svg
+# NOTE: The reference cases in this test triggers 30 assertions (bug 563481)
+asserts(30) == img-and-image-1.html img-and-image-1-ref.svg
 
 # More complex <img> tests
 random-if(gtk2Widget) == img-anim-1.html  lime100x100-ref.html # bug 612214