Tooltips broken on crates.io for Firefox

[asymmetric]

If I try to activate the tooltips to follow links (in my case, since I use vimium bindings, f), I instead see the following:

The tooltips are unstyled and all in a column at the left. They still work though.

Firefox 57.0b4 on Linux.

[eejdoowad]

This is a Firefox-only bug. On Chrome, hints are isolated from page styles using Shadow DOM. Firefox doesn't support Shadow DOM, so I try to reset page styles with reset CSS rules. This is prone to flaws, as showcased by crates.io. I'll have to see which styles are leaking through and account for them.

[eejdoowad]

On follow up, it turns out that the problem is related to crate.io's CSP (Content Security Policy). crates.io has the most robust CSP I've ever seen.

default-src 'self'; connect-src 'self' https://docs.rs https://crates-io.s3-us-west-1.amazonaws.com; script-src 'self' 'unsafe-eval' https://www.google-analytics.com https://www.google.com; style-src 'self' https://www.google.com https://ajax.googleapis.com; img-src *; object-src 'none'

The problem is that Firefox respects the style-src Content Security Policy, which disables inline script tags. It works on Chrome because Chrome ignores style-src. There are two potential fixes:

1. Use browser.tabs.insertCSS() to insert CSS instead of the inline Githubissues.
2. Githubissues is a development platform for aggregating issues.