summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenri Sivonen <hsivonen@hsivonen.fi>2020-11-19 19:06:03 +0000
committerMoonchild <moonchild@palemoon.org>2020-11-19 22:47:05 +0000
commitc9508464d5f54d57e89b6bbfbcd2b903bfd9edb2 (patch)
treebf7586b902243208dd208da54f2108d84cd8f2f1
parent2219a336dd994d50f439bdb6e3b9b3fece776014 (diff)
downloaduxp-c9508464d5f54d57e89b6bbfbcd2b903bfd9edb2.tar.gz
[dom] Remove attributes from descendants when setting sanitized style.
This avoids a number of problems with incomplete sanitation.
-rw-r--r--dom/base/nsTreeSanitizer.cpp13
-rw-r--r--dom/base/nsTreeSanitizer.h6
2 files changed, 19 insertions, 0 deletions
diff --git a/dom/base/nsTreeSanitizer.cpp b/dom/base/nsTreeSanitizer.cpp
index 323c851c12..4719564437 100644
--- a/dom/base/nsTreeSanitizer.cpp
+++ b/dom/base/nsTreeSanitizer.cpp
@@ -1385,6 +1385,8 @@ nsTreeSanitizer::SanitizeChildren(nsINode* aRoot)
nsAutoString styleText;
nsContentUtils::GetNodeTextContent(node, false, styleText);
+ RemoveAllAttributesFromDescendants(elt);
+
nsAutoString sanitizedStyle;
nsCOMPtr<nsIURI> baseURI = node->GetBaseURI();
if (SanitizeStyleSheet(styleText,
@@ -1480,6 +1482,17 @@ nsTreeSanitizer::RemoveAllAttributes(nsIContent* aElement)
}
}
+void nsTreeSanitizer::RemoveAllAttributesFromDescendants(mozilla::dom::Element* aElement) {
+ nsIContent* node = aElement->GetFirstChild();
+ while (node) {
+ if (node->IsElement()) {
+ mozilla::dom::Element* elt = node->AsElement();
+ RemoveAllAttributes(elt);
+ }
+ node = node->GetNextNode(aElement);
+ }
+}
+
void
nsTreeSanitizer::InitializeStatics()
{
diff --git a/dom/base/nsTreeSanitizer.h b/dom/base/nsTreeSanitizer.h
index b8700d775f..b4a333f619 100644
--- a/dom/base/nsTreeSanitizer.h
+++ b/dom/base/nsTreeSanitizer.h
@@ -184,6 +184,12 @@ class MOZ_STACK_CLASS nsTreeSanitizer {
void RemoveAllAttributes(nsIContent* aElement);
/**
+ * Removes all attributes from the descendants of an element but not from
+ * the element itself.
+ */
+ void RemoveAllAttributesFromDescendants(mozilla::dom::Element* aElement);
+
+ /**
* The whitelist of HTML elements.
*/
static nsTHashtable<nsISupportsHashKey>* sElementsHTML;