diff options
author | Henri Sivonen <hsivonen@hsivonen.fi> | 2020-11-19 19:06:03 +0000 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2020-11-19 19:06:03 +0000 |
commit | eefaee9064be68c5012d9e5c092012efb1fc2514 (patch) | |
tree | 55a78d83037156166aa07fe058b130e39c7bf512 | |
parent | 1864bbec2a0e17e2bb07de1ee8a71579c9cf1335 (diff) | |
download | UXP-eefaee9064be68c5012d9e5c092012efb1fc2514.tar UXP-eefaee9064be68c5012d9e5c092012efb1fc2514.tar.gz UXP-eefaee9064be68c5012d9e5c092012efb1fc2514.tar.lz UXP-eefaee9064be68c5012d9e5c092012efb1fc2514.tar.xz UXP-eefaee9064be68c5012d9e5c092012efb1fc2514.zip |
[dom] Remove attributes from descendants when setting sanitized style.
This avoids a number of problems with incomplete sanitation.
-rw-r--r-- | dom/base/nsTreeSanitizer.cpp | 13 | ||||
-rw-r--r-- | dom/base/nsTreeSanitizer.h | 6 |
2 files changed, 19 insertions, 0 deletions
diff --git a/dom/base/nsTreeSanitizer.cpp b/dom/base/nsTreeSanitizer.cpp index c8150d0c2..39c2408b7 100644 --- a/dom/base/nsTreeSanitizer.cpp +++ b/dom/base/nsTreeSanitizer.cpp @@ -1384,6 +1384,8 @@ nsTreeSanitizer::SanitizeChildren(nsINode* aRoot) nsAutoString styleText; nsContentUtils::GetNodeTextContent(node, false, styleText); + RemoveAllAttributesFromDescendants(elt); + nsAutoString sanitizedStyle; nsCOMPtr<nsIURI> baseURI = node->GetBaseURI(); if (SanitizeStyleSheet(styleText, @@ -1479,6 +1481,17 @@ nsTreeSanitizer::RemoveAllAttributes(nsIContent* aElement) } } +void nsTreeSanitizer::RemoveAllAttributesFromDescendants(mozilla::dom::Element* aElement) { + nsIContent* node = aElement->GetFirstChild(); + while (node) { + if (node->IsElement()) { + mozilla::dom::Element* elt = node->AsElement(); + RemoveAllAttributes(elt); + } + node = node->GetNextNode(aElement); + } +} + void nsTreeSanitizer::InitializeStatics() { diff --git a/dom/base/nsTreeSanitizer.h b/dom/base/nsTreeSanitizer.h index b8700d775..b4a333f61 100644 --- a/dom/base/nsTreeSanitizer.h +++ b/dom/base/nsTreeSanitizer.h @@ -184,6 +184,12 @@ class MOZ_STACK_CLASS nsTreeSanitizer { void RemoveAllAttributes(nsIContent* aElement); /** + * Removes all attributes from the descendants of an element but not from + * the element itself. + */ + void RemoveAllAttributesFromDescendants(mozilla::dom::Element* aElement); + + /** * The whitelist of HTML elements. */ static nsTHashtable<nsISupportsHashKey>* sElementsHTML; |