summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHenri Sivonen <hsivonen@hsivonen.fi>2020-11-19 19:06:03 +0000
committerMoonchild <moonchild@palemoon.org>2020-11-19 19:06:03 +0000
commiteefaee9064be68c5012d9e5c092012efb1fc2514 (patch)
tree55a78d83037156166aa07fe058b130e39c7bf512
parent1864bbec2a0e17e2bb07de1ee8a71579c9cf1335 (diff)
downloadUXP-eefaee9064be68c5012d9e5c092012efb1fc2514.tar
UXP-eefaee9064be68c5012d9e5c092012efb1fc2514.tar.gz
UXP-eefaee9064be68c5012d9e5c092012efb1fc2514.tar.lz
UXP-eefaee9064be68c5012d9e5c092012efb1fc2514.tar.xz
UXP-eefaee9064be68c5012d9e5c092012efb1fc2514.zip
[dom] Remove attributes from descendants when setting sanitized style.
This avoids a number of problems with incomplete sanitation.
-rw-r--r--dom/base/nsTreeSanitizer.cpp13
-rw-r--r--dom/base/nsTreeSanitizer.h6
2 files changed, 19 insertions, 0 deletions
diff --git a/dom/base/nsTreeSanitizer.cpp b/dom/base/nsTreeSanitizer.cpp
index c8150d0c2..39c2408b7 100644
--- a/dom/base/nsTreeSanitizer.cpp
+++ b/dom/base/nsTreeSanitizer.cpp
@@ -1384,6 +1384,8 @@ nsTreeSanitizer::SanitizeChildren(nsINode* aRoot)
nsAutoString styleText;
nsContentUtils::GetNodeTextContent(node, false, styleText);
+ RemoveAllAttributesFromDescendants(elt);
+
nsAutoString sanitizedStyle;
nsCOMPtr<nsIURI> baseURI = node->GetBaseURI();
if (SanitizeStyleSheet(styleText,
@@ -1479,6 +1481,17 @@ nsTreeSanitizer::RemoveAllAttributes(nsIContent* aElement)
}
}
+void nsTreeSanitizer::RemoveAllAttributesFromDescendants(mozilla::dom::Element* aElement) {
+ nsIContent* node = aElement->GetFirstChild();
+ while (node) {
+ if (node->IsElement()) {
+ mozilla::dom::Element* elt = node->AsElement();
+ RemoveAllAttributes(elt);
+ }
+ node = node->GetNextNode(aElement);
+ }
+}
+
void
nsTreeSanitizer::InitializeStatics()
{
diff --git a/dom/base/nsTreeSanitizer.h b/dom/base/nsTreeSanitizer.h
index b8700d775..b4a333f61 100644
--- a/dom/base/nsTreeSanitizer.h
+++ b/dom/base/nsTreeSanitizer.h
@@ -184,6 +184,12 @@ class MOZ_STACK_CLASS nsTreeSanitizer {
void RemoveAllAttributes(nsIContent* aElement);
/**
+ * Removes all attributes from the descendants of an element but not from
+ * the element itself.
+ */
+ void RemoveAllAttributesFromDescendants(mozilla::dom::Element* aElement);
+
+ /**
* The whitelist of HTML elements.
*/
static nsTHashtable<nsISupportsHashKey>* sElementsHTML;