diff options
| author | Henri Sivonen <hsivonen@hsivonen.fi> | 2020-11-19 19:06:03 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2020-11-19 22:47:05 +0000 |
| commit | c9508464d5f54d57e89b6bbfbcd2b903bfd9edb2 (patch) | |
| tree | bf7586b902243208dd208da54f2108d84cd8f2f1 /dom/base/nsTreeSanitizer.cpp | |
| parent | 2219a336dd994d50f439bdb6e3b9b3fece776014 (diff) | |
| download | UXP-c9508464d5f54d57e89b6bbfbcd2b903bfd9edb2.tar UXP-c9508464d5f54d57e89b6bbfbcd2b903bfd9edb2.tar.gz UXP-c9508464d5f54d57e89b6bbfbcd2b903bfd9edb2.tar.lz UXP-c9508464d5f54d57e89b6bbfbcd2b903bfd9edb2.tar.xz UXP-c9508464d5f54d57e89b6bbfbcd2b903bfd9edb2.zip | |
[dom] Remove attributes from descendants when setting sanitized style.
This avoids a number of problems with incomplete sanitation.
Diffstat (limited to 'dom/base/nsTreeSanitizer.cpp')
| -rw-r--r-- | dom/base/nsTreeSanitizer.cpp | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/dom/base/nsTreeSanitizer.cpp b/dom/base/nsTreeSanitizer.cpp index 323c851c1..471956443 100644 --- a/dom/base/nsTreeSanitizer.cpp +++ b/dom/base/nsTreeSanitizer.cpp @@ -1385,6 +1385,8 @@ nsTreeSanitizer::SanitizeChildren(nsINode* aRoot) nsAutoString styleText; nsContentUtils::GetNodeTextContent(node, false, styleText); + RemoveAllAttributesFromDescendants(elt); + nsAutoString sanitizedStyle; nsCOMPtr<nsIURI> baseURI = node->GetBaseURI(); if (SanitizeStyleSheet(styleText, @@ -1480,6 +1482,17 @@ nsTreeSanitizer::RemoveAllAttributes(nsIContent* aElement) } } +void nsTreeSanitizer::RemoveAllAttributesFromDescendants(mozilla::dom::Element* aElement) { + nsIContent* node = aElement->GetFirstChild(); + while (node) { + if (node->IsElement()) { + mozilla::dom::Element* elt = node->AsElement(); + RemoveAllAttributes(elt); + } + node = node->GetNextNode(aElement); + } +} + void nsTreeSanitizer::InitializeStatics() { |