Background image bug in GMail theme

[mlgualtieri]

A user emailed to report an issue where the plugin breaks part of their GMail theme. I've personally never seen this happen, so if anyone can provide a test case it would be appreciated.

[Achaean]

I have the same problem with Waterfox.

[mlgualtieri]

At the moment I'm not planning to support browsers other than Chrome/Chromium and Firefox. But, are you saying that you are getting an error loading GMail themes when using the plugin installed in Waterfox? Unsure if that would be due to a difference in the Waterfox codebase, or an issue in the plugin. I've tested a bunch of the default themes in Firefox (version 60.x) and they all seem to load. Firefox 66 hasn't be stabilized for my distro, so I haven't tested on that yet. I'll fire it up in a VM asap and see if I can find any glitches.

[Achaean]

Meanwhile, I had the same issue with Firefox (latest stable version). After using it for 2 days without any problems, this morning I had this issue. I'm at Devuan ASCII (stable) x64 KDE (Debian stable based).

[mlgualtieri]

Any chance you can capture a screenshot of the issue? (Blur out any private info.) I just installed Firefox 66 in a VM and tried multiple themes and everything looks OK.

[Achaean]

Yes, of course! :-) As you can see, it's all black!

[mlgualtieri]

FYI - I managed to replicate! Will try to figure out what's going on and fix asap.

[mlgualtieri]

I've investigated this issue a bit. It doesn't happen on each load but it happens on some loads. It only seems to happen if a custom background image is set as the GMail theme (at least that's the only time I could reproduce), and only then, sometimes. The issue likely stems from some javascript/dynamic complexity within GMail.

The background image is applied to a specific div within the page's HTML. When the bug occurs, this div is not present, so the background is never applied.

I'm unsure at the moment, what - if anything - I could do within the plugin to remedy this. I'm looking into it though.

[EchoDev]

Would it be possible to add sites to a whitelist? This vulnerability doesn't seem to be an issue on Gmail anyways so might as well whitelist it on Gmail.

[mlgualtieri]

Adding whitelisting capability has been requested before, and it's something I'm open to adding. I just need to find the time to add such capability into the plugin. But, I'll be working on a bunch of updates to it this summer to get it ready for Chrome 85, so this might be a good time to put in some new features too.

[ghost]

I can eventually checking to do it (but i will check for that only when you have released the next version), if i do it i will only do the code who create and remember the whitelisted domain, and eventually an option page to easy settings (i let you do the part who check and ignore the domain in the filter (because i don't want to mess up with the sanitization process ^^). @mlgualtieri

[mlgualtieri]

This issue has been addressed in today's 1.1.0 release. Since it wasn't technically feasible to address in another manner, the new domain settings options to either "Always Scan / Never Sanitize" or "Never Scan / Never Sanitize" avoids the issue by preventing the CSS load blocker styles from being applied, which was causing the JavaScript timing conflict.