Bug 1342348 part 1 - Don't check fragment url in tree sanitizer. r=hsivonen

MozReview-Commit-ID: 8tIiMtexHxd

--HG--
extra : rebase_source : e7dd8262c1d7c69209ce57323dc4c24a19774ec7

dom/base/nsTreeSanitizer.cpp

@@ -1281,6 +1281,10 @@ nsTreeSanitizer::SanitizeURL(mozilla::dom::Element* aElement,
   static const char* kWhitespace = "\n\r\t\b";
   const nsAString& v =
     nsContentUtils::TrimCharsInSet(kWhitespace, value);
+  // Fragment-only url cannot be harmful.
+  if (v.IsEmpty() && v.First() == u'#') {
+    return false;
+  }
 
   nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
   uint32_t flags = nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL;