New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 648021 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Nov 2016
Cc:
mkwst@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

Resources in MHTML saved from local files are not shown

Reported by haiku...@gmail.com, Sep 18 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36

Example URL:
https://www.wikipedia.org/

Steps to reproduce the problem:
1. Open https://www.wikipedia.org/
2. Save it to local file - Complete Web Page (html + folder with images, css etc).
3. Open locally saved file in Chrome. All images and resources are displayed fine.
4. Save locally opened file to Single MHTML file.
5. Open MHTML file in Chrome - images and css resources, described in file, are not shown.
6. Open the same MHTML in Firefox / IE - page displayed with images and styles.
7. Pages saved from local HTML files in IE / Firefox to MHTML format are also displayed without resources in Chrome.

What is the expected behavior?
Irrespectively of data source (internet page or local HTML file) Chrome should properly display all resources saved in MHTML.

What went wrong?
Chrome does not show resources (css, images) in MHTML pages saved from local HTML file (i.e. not site).

Does it occur on multiple sites: Yes

Is it a problem with a plugin? No 

Did this work before? N/A 

Does this work in other browsers? Yes 

Chrome version: 53.0.2785.116  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 23.0 r0

Please see the screenshots attached.
00. web-site.png
88.8 KB View Download
01. local-html.png
83.7 KB View Download
02. mhtml-from-local-html.png
59.3 KB View Download
03. mhtml-from-local-html-firefox.png
117 KB View Download

Comment 1 by dtapu...@chromium.org, Sep 20 2016

Components: -Blink Blink>Loader

Comment 2 by hirosh...@chromium.org, Nov 8 2016

Status: Untriaged (was: Unconfirmed)
Reproduced on:
Chrome 56.0.2913.0 on Windows 7
Chrome 54.0.2840.71 on Windows 7

Comment 3 by hirosh...@chromium.org, Nov 10 2016

Labels: -OS-Windows OS-All
When I saved MHTML from locally-saved HTML, the URLs for the HTML and embedded images have file:// scheme, and the access to the embedded image is rejected because the URL is local, just like http:// pages are rejected to access local files.

The request to the embedded image fails because
SecurityOrigin::canLoadLocalResources() returns false
(called from FrameFetchContext::canRequestInternal()
 called from FrameFetchContext::canRequest()).

We might allow MHTML archive to access local file:// URLs if the URL is in the archive (and thus actual local file is not accessed and the embedded image file is displayed instead), but I'm not sure about its security implication.

Comment 4 by csharrison@chromium.org, Nov 22 2016

Cc: mkwst@chromium.org
+mkwst, do you see anything wrong with allowing MHTML archives to access file URLs in the archive? Sounds relatively benign to me.

Comment 5 by mkwst@chromium.org, Nov 23 2016 

Can we distinguish between locally-stored resources that were originally same-origin with the HTML file, and those that weren't? As I recall, we can't.

We currently err on the side of turning the MHTML bundle into a unique origin, and follow all the SOP rules that come along with it. Until something fundamental changes (https://discourse.wicg.io/t/proposal-packaging-for-the-web-signed-and-indexed/1827, for example), it doesn't seem prudent to change that stance.

Comment 6 by csharrison@chromium.org, Nov 23 2016

Status: WontFix (was: Untriaged)
Ah good point, let's mark this as WontFix for now then.

Sign in to add a comment