page-icon: protocol now works in the privileged about content process

Skip to first unread message

Mike Conley

Jun 27, 2022, 10:39:18 AMJun 27
to Firefox Dev, Mozilla dev-platform mailing list mailing list
If you tend to not use or think about favicons within the browser UI, you can probably ignore this message.

Hey firefox-dev / dev-platform!

Just a heads up to let you know that bug 1354248 landed and stuck a few weeks back, meaning that as of Firefox 103, the `page-icon:` protocol now also works in the privileged about content process.

For those unfamiliar, the page-icon: protocol allows front-end developers to show favicons for sites within the browser UI. For example, if you open up the Bookmarks or History menus/toolbar button panels/sidebars, you'll often see favicons (or the default globe favicon) rendered to the left of the page title. That's using the page-icon: protocol, usually like this:

<img src="page-icon:" />

or, perhaps less frequently, in dynamically generated CSS, like:

.some-item {
  background-image: url(page-icon:;

There's a lot going on behind the scenes for gathering and storing favicons in the Places database as users navigate the web which I won't go into detail about here, but suffice it to say that the above is how you, ultimately, query Places for the binary favicon data for a particular site[1].

Up until now, this protocol has only ever worked in the parent process. Pages like about:newtab, which run in the privileged about content process, have not been able to use it, and have had to resort to pretty wild hacks to show favicons (the usual trick is to serialize them into data URLs and send those big strings over IPC).

Well, now that bug 1354248 has landed, the privileged about content process can now use the page-icon: protocol just like the parent process. No more data URL hacks required!

To be clear, this privilege is only being granted to the privileged about content process. Normal content processes are definitely not allowed to use this protocol, as that could constitute a history data privacy leak. Normal content processes that attempt to use this mechanism will be blocked by the script security manager, and compromised content processes that might manage to make an IPC request for the page-icon data will be crashed immediately by the parent process.

Anyhow, though that might be handy for people to know.


[1]: There's even a way to specify the size of the favicon you want back by supplying onen edge of the square in pixels! Example:


This is pretty non-obvious, and I only discovered this while looking at the source. Hopefully I'll find time to document this for
Reply all
Reply to author
0 new messages