Hi Anton, Looks like this is mostly related to Content Security Policy(CSP)[1] which have got strengthened after recent WebKit upgrades.
I have reduced the given html further(PSB) & I could reproduce the problem with the following html snippet, <html><head> <meta http-equiv='Content-Security-Policy' content='img-src *;’/></head> <body> <img src='file:///Users/ARAJKUMA/Downloads/penguingun-900x900.jpg' alt='from file:’/> <img src='https://betanews.com/wp-content/uploads/2016/04/penguingun-900x900.jpg' alt=‘from http:’/> </body></html> In the above html snippet, CSP of img tag is set to load from all except file scheme. It would load img from http: but not from file. If you also want to load from file: scheme, then you must explicitly set that in the CSP header. Something like below, <html><head> <meta http-equiv='Content-Security-Policy' content='img-src file: *;’/></head> <body> <img src='file:///Users/ARAJKUMA/Downloads/penguingun-900x900.jpg' alt='from file:’/> <img src='https://betanews.com/wp-content/uploads/2016/04/penguingun-900x900.jpg' alt=‘from http:’/> </body></html> [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP Thanks, Arun > On 20-Nov-2018, at 10:04 AM, Anton Tarasov <anton.tara...@jetbrains.com> > wrote: > > Thanks for the catch, Kevin! Seems very likely. Is it the thing configured at > compile-time? > > Regards, > Anton. > > On 11/20/2018 12:51 AM, Kevin Rushforth wrote: >> I can reproduce it and it seems related to Cross-Site-Scripting (XSS) >> protections, which you have enabled in your HTML header with: >> >> <meta http-equiv="Content-Security-Policy" ...> >> >> If I remove the 'http-equiv="Content-Security-Policy"' from the meta-data >> then it displays just fine. >> >> Perhaps Arun or Murali could comment on whether this is a bug or not. It >> seems just as likely to me that it is a feature that didn't used to be >> enabled and now is. >> >> -- Kevin >> >> >> On 11/19/2018 1:44 PM, Anton Tarasov wrote: >>> Hi Kevin, >>> >>> On 11/20/2018 12:21 AM, Kevin Rushforth wrote: >>>> Hi Anton, >>>> >>>> We'll take a look and see if we can reproduce it. Am I correct in >>>> understanding that the problem only happens with loadContent, which works >>>> on 8u152 and fails on 8u202-ea? And that load from a file works fine on >>>> both 8u152 and 8u202-ea? >>>> >>> Yes, that's right. I've also checked that it's broken in the latest jfx12 >>> as well. I'd appreciate your help in resolving this. >>> >>> Thanks, >>> Anton. >>> >>>> >>>> -- Kevin >>>> >>>> >>>> On 11/19/2018 12:17 PM, Anton Tarasov wrote: >>>>> Hello, JFX team! >>>>> >>>>> We (at JetBrains) faced an issue with WebView after we've moved to an JFX >>>>> update in JDK8u202. The issue is that WebView stopped loading images >>>>> referenced by an absolute URL under some circumstances. >>>>> >>>>> Below is a real html content, produced by IDEA markdown viewer. It has >>>>> lots of style pre-loads and a sample image that it should eventually >>>>> display. The html is loaded view WebEngine.loadContent(..) but a >>>>> placeholder text is only displayed - that's the problem that can be >>>>> reproduce with JDK8u202. However it worked with JDK8u152. >>>>> >>>>> The style references will obviously fail for you, but if you put this >>>>> html into a file and will load it via >>>>> WebEngine.load(file:///path/to/file), the image will be shown with no >>>>> problem (in 8u202 as well). >>>>> >>>>> <html><head><meta http-equiv="Content-Security-Policy" >>>>> content="default-src 'none'; script-src >>>>> http://localhost:63344/api/markdown-preview/scripts/processLinks.js?_ijt=ujioejund46k8cmdcsuggbpnf3 >>>>> >>>>> http://localhost:63344/api/markdown-preview/scripts/scrollToElement.js?_ijt=ujioejund46k8cmdcsuggbpnf3; >>>>> style-src https: >>>>> http://localhost:63344/api/markdown-preview/styles/default.css?_ijt=ujioejund46k8cmdcsuggbpnf3 >>>>> >>>>> http://localhost:63344/api/markdown-preview/styles/darcula.css?_ijt=ujioejund46k8cmdcsuggbpnf3 >>>>> >>>>> http://localhost:63344/api/markdown-preview/styles/inline.css?_ijt=ujioejund46k8cmdcsuggbpnf3; >>>>> img-src *; connect-src 'none'; font-src *; object-src 'none'; media-src >>>>> 'none'; child-src 'none';"/><link rel="stylesheet" >>>>> href="http://localhost:63344/api/markdown-preview/styles/default.css?_ijt=ujioejund46k8cmdcsuggbpnf3"; >>>>> /> >>>>> >>>>> <script >>>>> src="http://localhost:63344/api/markdown-preview/scripts/processLinks.js?_ijt=ujioejund46k8cmdcsuggbpnf3";></script> >>>>> <script >>>>> src="http://localhost:63344/api/markdown-preview/scripts/scrollToElement.js?_ijt=ujioejund46k8cmdcsuggbpnf3";></script></head><body >>>>> md-src-pos="0..89"><p md-src-pos="0..88"><img >>>>> src="file:///C:/Users/tav/IdeaProjects/DummyProject/src/kitten.jpg" >>>>> alt="Kitten" title="A cute kitten" md-src-pos="0..88" /></p></body></html> >>>>> >>>>> Then, if you remove all the style loading and leave only the image, the >>>>> image will be shown in either way: load(url) or loadContent (in 8u202) >>>>> >>>>> <html><head></head><body md-src-pos="0..89"><p md-src-pos="0..88"><img >>>>> src="file:///C:/Users/tav/IdeaProjects/DummyProject/src/kitten.jpg" >>>>> alt="Kitten" title="A cute kitten" md-src-pos="0..88" /></p></body></html> >>>>> >>>>> Sorry for not submitting the code, I hope you will easily put it into a >>>>> real demo (I played with JFX's WebViewApp). >>>>> >>>>> So, could you please advice on what went wrong with it? >>>>> >>>>> With regards, >>>>> Anton. >>>> >>> >> >
