issue with WebView in 8u202
Anton Tarasov
anton.tarasov at jetbrains.com
Tue Nov 20 04:34:50 UTC 2018
Thanks for the catch, Kevin! Seems very likely. Is it the thing
configured at compile-time?
Regards,
Anton.
On 11/20/2018 12:51 AM, Kevin Rushforth wrote:
> I can reproduce it and it seems related to Cross-Site-Scripting (XSS)
> protections, which you have enabled in your HTML header with:
>
> <meta http-equiv="Content-Security-Policy" ...>
>
> If I remove the 'http-equiv="Content-Security-Policy"' from the
> meta-data then it displays just fine.
>
> Perhaps Arun or Murali could comment on whether this is a bug or not.
> It seems just as likely to me that it is a feature that didn't used to
> be enabled and now is.
>
> -- Kevin
>
>
> On 11/19/2018 1:44 PM, Anton Tarasov wrote:
>> Hi Kevin,
>>
>> On 11/20/2018 12:21 AM, Kevin Rushforth wrote:
>>> Hi Anton,
>>>
>>> We'll take a look and see if we can reproduce it. Am I correct in
>>> understanding that the problem only happens with loadContent, which
>>> works on 8u152 and fails on 8u202-ea? And that load from a file
>>> works fine on both 8u152 and 8u202-ea?
>>>
>> Yes, that's right. I've also checked that it's broken in the latest
>> jfx12 as well. I'd appreciate your help in resolving this.
>>
>> Thanks,
>> Anton.
>>
>>>
>>> -- Kevin
>>>
>>>
>>> On 11/19/2018 12:17 PM, Anton Tarasov wrote:
>>>> Hello, JFX team!
>>>>
>>>> We (at JetBrains) faced an issue with WebView after we've moved to
>>>> an JFX update in JDK8u202. The issue is that WebView stopped
>>>> loading images referenced by an absolute URL under some circumstances.
>>>>
>>>> Below is a real html content, produced by IDEA markdown viewer. It
>>>> has lots of style pre-loads and a sample image that it should
>>>> eventually display. The html is loaded view
>>>> WebEngine.loadContent(..) but a placeholder text is only displayed
>>>> - that's the problem that can be reproduce with JDK8u202. However
>>>> it worked with JDK8u152.
>>>>
>>>> The style references will obviously fail for you, but if you put
>>>> this html into a file and will load it via
>>>> WebEngine.load(file:///path/to/file), the image will be shown with
>>>> no problem (in 8u202 as well).
>>>>
>>>> <html><head><meta http-equiv="Content-Security-Policy"
>>>> content="default-src 'none'; script-src
>>>> http://localhost:63344/api/markdown-preview/scripts/processLinks.js?_ijt=ujioejund46k8cmdcsuggbpnf3
>>>> http://localhost:63344/api/markdown-preview/scripts/scrollToElement.js?_ijt=ujioejund46k8cmdcsuggbpnf3;
>>>> style-src https:
>>>> http://localhost:63344/api/markdown-preview/styles/default.css?_ijt=ujioejund46k8cmdcsuggbpnf3
>>>> http://localhost:63344/api/markdown-preview/styles/darcula.css?_ijt=ujioejund46k8cmdcsuggbpnf3
>>>> http://localhost:63344/api/markdown-preview/styles/inline.css?_ijt=ujioejund46k8cmdcsuggbpnf3;
>>>> img-src *; connect-src 'none'; font-src *; object-src 'none';
>>>> media-src 'none'; child-src 'none';"/><link rel="stylesheet"
>>>> href="http://localhost:63344/api/markdown-preview/styles/default.css?_ijt=ujioejund46k8cmdcsuggbpnf3"
>>>> />
>>>>
>>>> <script
>>>> src="http://localhost:63344/api/markdown-preview/scripts/processLinks.js?_ijt=ujioejund46k8cmdcsuggbpnf3"></script>
>>>> <script
>>>> src="http://localhost:63344/api/markdown-preview/scripts/scrollToElement.js?_ijt=ujioejund46k8cmdcsuggbpnf3"></script></head><body
>>>> md-src-pos="0..89"><p md-src-pos="0..88"><img
>>>> src="file:///C:/Users/tav/IdeaProjects/DummyProject/src/kitten.jpg"
>>>> alt="Kitten" title="A cute kitten" md-src-pos="0..88"
>>>> /></p></body></html>
>>>>
>>>> Then, if you remove all the style loading and leave only the image,
>>>> the image will be shown in either way: load(url) or loadContent (in
>>>> 8u202)
>>>>
>>>> <html><head></head><body md-src-pos="0..89"><p
>>>> md-src-pos="0..88"><img
>>>> src="file:///C:/Users/tav/IdeaProjects/DummyProject/src/kitten.jpg"
>>>> alt="Kitten" title="A cute kitten" md-src-pos="0..88"
>>>> /></p></body></html>
>>>>
>>>> Sorry for not submitting the code, I hope you will easily put it
>>>> into a real demo (I played with JFX's WebViewApp).
>>>>
>>>> So, could you please advice on what went wrong with it?
>>>>
>>>> With regards,
>>>> Anton.
>>>
>>
>
More information about the openjfx-dev
mailing list