diff options
author | Henri Sivonen <hsivonen@hsivonen.fi> | 2020-11-19 19:06:03 +0000 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2020-11-19 22:47:05 +0000 |
commit | c9508464d5f54d57e89b6bbfbcd2b903bfd9edb2 (patch) | |
tree | bf7586b902243208dd208da54f2108d84cd8f2f1 | |
parent | 2219a336dd994d50f439bdb6e3b9b3fece776014 (diff) | |
download | uxp-c9508464d5f54d57e89b6bbfbcd2b903bfd9edb2.tar.gz |
[dom] Remove attributes from descendants when setting sanitized style.
This avoids a number of problems with incomplete sanitation.
-rw-r--r-- | dom/base/nsTreeSanitizer.cpp | 13 | ||||
-rw-r--r-- | dom/base/nsTreeSanitizer.h | 6 |
2 files changed, 19 insertions, 0 deletions
diff --git a/dom/base/nsTreeSanitizer.cpp b/dom/base/nsTreeSanitizer.cpp index 323c851c12..4719564437 100644 --- a/dom/base/nsTreeSanitizer.cpp +++ b/dom/base/nsTreeSanitizer.cpp @@ -1385,6 +1385,8 @@ nsTreeSanitizer::SanitizeChildren(nsINode* aRoot) nsAutoString styleText; nsContentUtils::GetNodeTextContent(node, false, styleText); + RemoveAllAttributesFromDescendants(elt); + nsAutoString sanitizedStyle; nsCOMPtr<nsIURI> baseURI = node->GetBaseURI(); if (SanitizeStyleSheet(styleText, @@ -1480,6 +1482,17 @@ nsTreeSanitizer::RemoveAllAttributes(nsIContent* aElement) } } +void nsTreeSanitizer::RemoveAllAttributesFromDescendants(mozilla::dom::Element* aElement) { + nsIContent* node = aElement->GetFirstChild(); + while (node) { + if (node->IsElement()) { + mozilla::dom::Element* elt = node->AsElement(); + RemoveAllAttributes(elt); + } + node = node->GetNextNode(aElement); + } +} + void nsTreeSanitizer::InitializeStatics() { diff --git a/dom/base/nsTreeSanitizer.h b/dom/base/nsTreeSanitizer.h index b8700d775f..b4a333f619 100644 --- a/dom/base/nsTreeSanitizer.h +++ b/dom/base/nsTreeSanitizer.h @@ -184,6 +184,12 @@ class MOZ_STACK_CLASS nsTreeSanitizer { void RemoveAllAttributes(nsIContent* aElement); /** + * Removes all attributes from the descendants of an element but not from + * the element itself. + */ + void RemoveAllAttributesFromDescendants(mozilla::dom::Element* aElement); + + /** * The whitelist of HTML elements. */ static nsTHashtable<nsISupportsHashKey>* sElementsHTML; |