Bug 1342348 part 1 - Don't check fragment url in tree sanitizer. r=hsivonen

MozReview-Commit-ID: 8tIiMtexHxd

--HG--
extra : rebase_source : e23191b1396a4eb73510456de97197a34d20f723

dom/base/nsTreeSanitizer.cpp

@@ -1281,6 +1281,10 @@ nsTreeSanitizer::SanitizeURL(mozilla::dom::Element* aElement,
   static const char* kWhitespace = "\n\r\t\b";
   const nsAString& v =
     nsContentUtils::TrimCharsInSet(kWhitespace, value);
+  // Fragment-only url cannot be harmful.
+  if (v.First() == u'#') {
+    return false;
+  }
 
   nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
   uint32_t flags = nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL;