CSS is not loaded in MHTML
Reported by
woxxom@gmail.com,
Mar 27 2018
|
|||||||
Issue descriptionChrome 65, 66, 67. Windows 7. ========================================================== 1. unpack and open the attached test.mhtml Expected: CSS is applied (see good.png) Observed: CSS is not applied (see bad.png) ========================================================== Bisect info: 522860 (good) - 522866 (bad) https://chromium.googlesource.com/chromium/src/+log/ce3cea47..06d36e78?pretty=fuller Suspecting r522861 = 4abe0d1667f8df2d5681a38285861bd65ff763cf = https://crrev.com/c/815290 by japhet@chromium.org "Move SetIntegrityMetadata() calls to central location in ResourceFetcher" Landed in 65.0.3289.0
,
Mar 27 2018
,
Mar 28 2018
,
Mar 29 2018
JianLi - can you see if this affects us on android? Thanks!
,
Mar 29 2018
Android is affected too, see the screenshots from Canary and old Chrome attached below.
,
Apr 2 2018
The console shows a bunch of error messages like this: Subresource Integrity: The resource 'https://assets-cdn.github.com/assets/frameworks-a4bf54bef6fb.css' has an integrity attribute, but the resource requires the request to be CORS enabled to check the integrity, and it is not. The resource has been blocked because the integrity cannot be enforced. The link element in the MHTML page is: <link crossorigin=3D"anonymous" href=3D"https://assets-cdn.github.com/ass= ets/frameworks-a4bf54bef6fb.css" integrity=3D"sha512-pL9Uvvb7LMqGC8jv/AyqZ7= Ya6/HTgkhZzKwEsHOdsfaW2pr3fgzqjgKUSJfYkZ/klxwHrcu+tZwtNDTuw8vH6Q=3D=3D" med= ia=3D"all" rel=3D"stylesheet"> We can probably drop the integrity attribute since the css has already been loaded and validated in the original page.
,
Apr 2 2018
#6: I think you are right. If this is trusted page, it was loaded and validated locally. If not ttrusted - it can be modified by anybody, so removing the integrity attr is not a big deal for untrusted page.
,
Apr 4 2018
,
Jul 17
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/248f07cfebfb8ce34e2c94911ad489a9a326c898 commit 248f07cfebfb8ce34e2c94911ad489a9a326c898 Author: Dan Harrington <harringtond@chromium.org> Date: Tue Jul 17 15:25:36 2018 Remove the integrity attribute when writing MHTML integrity can appear on <link> and <script>. Since all <script> elements are removed, this CL only affects <link>. If a stylesheet is loaded, the integrity attribute is removed when writing MHTML. If the stylesheet didn't load, the <link> element is removed when writing MHTML. Bug: 826139 Change-Id: I5a80a9d07edd995d736b9b6230a805fed51162a3 Reviewed-on: https://chromium-review.googlesource.com/1110263 Commit-Queue: Dan H <harringtond@chromium.org> Reviewed-by: Jian Li <jianli@chromium.org> Cr-Commit-Position: refs/heads/master@{#575645} [modify] https://crrev.com/248f07cfebfb8ce34e2c94911ad489a9a326c898/third_party/blink/renderer/core/exported/web_frame_serializer.cc [modify] https://crrev.com/248f07cfebfb8ce34e2c94911ad489a9a326c898/third_party/blink/renderer/core/exported/web_frame_serializer_sanitization_test.cc [modify] https://crrev.com/248f07cfebfb8ce34e2c94911ad489a9a326c898/third_party/blink/renderer/core/testing/data/frameserialization/beautifull.css [add] https://crrev.com/248f07cfebfb8ce34e2c94911ad489a9a326c898/third_party/blink/renderer/core/testing/data/frameserialization/integrityfail.css [add] https://crrev.com/248f07cfebfb8ce34e2c94911ad489a9a326c898/third_party/blink/renderer/core/testing/data/frameserialization/link_integrity.html
,
Jul 17
,
Jul 17
Note, this fixes the way Chrome saves MHTML. MHTML files saved by Chrome before this change will behave the same. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by yhirano@chromium.org
, Mar 27 2018