зеркало из https://github.com/mozilla/gecko-dev.git
Bug 675916 - Restart iteration over attributes in the sanitizer when URL check ends up removing an attribute. r=bzbarsky.
This commit is contained in:
Родитель
34d8138343
Коммит
b547ed8606
|
@ -137,10 +137,11 @@ class NS_STACK_CLASS nsTreeSanitizer {
|
||||||
* @param aElement the element whose attribute to possibly modify
|
* @param aElement the element whose attribute to possibly modify
|
||||||
* @param aNamespace the namespace of the URL attribute
|
* @param aNamespace the namespace of the URL attribute
|
||||||
* @param aLocalName the local name of the URL attribute
|
* @param aLocalName the local name of the URL attribute
|
||||||
|
* @return true if the attribute was removed and false otherwise
|
||||||
*/
|
*/
|
||||||
void SanitizeURL(mozilla::dom::Element* aElement,
|
PRBool SanitizeURL(mozilla::dom::Element* aElement,
|
||||||
PRInt32 aNamespace,
|
PRInt32 aNamespace,
|
||||||
nsIAtom* aLocalName);
|
nsIAtom* aLocalName);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks a style rule for the presence of the 'binding' CSS property and
|
* Checks a style rule for the presence of the 'binding' CSS property and
|
||||||
|
|
|
@ -1227,7 +1227,12 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (IsURL(aURLs, attrLocal)) {
|
if (IsURL(aURLs, attrLocal)) {
|
||||||
SanitizeURL(aElement, attrNs, attrLocal);
|
if (SanitizeURL(aElement, attrNs, attrLocal)) {
|
||||||
|
// in case the attribute removal shuffled the attribute order, start
|
||||||
|
// the loop again.
|
||||||
|
--ac;
|
||||||
|
i = ac; // i will be decremented immediately thanks to the for loop
|
||||||
|
}
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (aAllowed->GetEntry(attrLocal) &&
|
if (aAllowed->GetEntry(attrLocal) &&
|
||||||
|
@ -1252,7 +1257,12 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
|
||||||
// else not allowed
|
// else not allowed
|
||||||
} else if (kNameSpaceID_XML == attrNs) {
|
} else if (kNameSpaceID_XML == attrNs) {
|
||||||
if (nsGkAtoms::base == attrLocal) {
|
if (nsGkAtoms::base == attrLocal) {
|
||||||
SanitizeURL(aElement, attrNs, attrLocal);
|
if (SanitizeURL(aElement, attrNs, attrLocal)) {
|
||||||
|
// in case the attribute removal shuffled the attribute order, start
|
||||||
|
// the loop again.
|
||||||
|
--ac;
|
||||||
|
i = ac; // i will be decremented immediately thanks to the for loop
|
||||||
|
}
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (nsGkAtoms::lang == attrLocal || nsGkAtoms::space == attrLocal) {
|
if (nsGkAtoms::lang == attrLocal || nsGkAtoms::space == attrLocal) {
|
||||||
|
@ -1261,7 +1271,12 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
|
||||||
// else not allowed
|
// else not allowed
|
||||||
} else if (aAllowXLink && kNameSpaceID_XLink == attrNs) {
|
} else if (aAllowXLink && kNameSpaceID_XLink == attrNs) {
|
||||||
if (nsGkAtoms::href == attrLocal) {
|
if (nsGkAtoms::href == attrLocal) {
|
||||||
SanitizeURL(aElement, attrNs, attrLocal);
|
if (SanitizeURL(aElement, attrNs, attrLocal)) {
|
||||||
|
// in case the attribute removal shuffled the attribute order, start
|
||||||
|
// the loop again.
|
||||||
|
--ac;
|
||||||
|
i = ac; // i will be decremented immediately thanks to the for loop
|
||||||
|
}
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (nsGkAtoms::type == attrLocal || nsGkAtoms::title == attrLocal
|
if (nsGkAtoms::type == attrLocal || nsGkAtoms::title == attrLocal
|
||||||
|
@ -1288,7 +1303,7 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
PRBool
|
||||||
nsTreeSanitizer::SanitizeURL(mozilla::dom::Element* aElement,
|
nsTreeSanitizer::SanitizeURL(mozilla::dom::Element* aElement,
|
||||||
PRInt32 aNamespace,
|
PRInt32 aNamespace,
|
||||||
nsIAtom* aLocalName)
|
nsIAtom* aLocalName)
|
||||||
|
@ -1312,7 +1327,9 @@ nsTreeSanitizer::SanitizeURL(mozilla::dom::Element* aElement,
|
||||||
}
|
}
|
||||||
if (NS_FAILED(rv)) {
|
if (NS_FAILED(rv)) {
|
||||||
aElement->UnsetAttr(aNamespace, aLocalName, PR_FALSE);
|
aElement->UnsetAttr(aNamespace, aLocalName, PR_FALSE);
|
||||||
|
return PR_TRUE;
|
||||||
}
|
}
|
||||||
|
return PR_FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
Загрузка…
Ссылка в новой задаче