mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 675916 - Restart iteration over attributes in the sanitizer when URL check ends up removing an attribute. r=bzbarsky.

This commit is contained in:
Henri Sivonen 2011-08-02 20:45:38 +03:00
Родитель 34d8138343
Коммит b547ed8606
2 изменённых файлов: 25 добавлений и 7 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

7
content/base/public/nsTreeSanitizer.h
Просмотреть файл

@ -137,10 +137,11 @@ class NS_STACK_CLASS nsTreeSanitizer {
* @param aElement the element whose attribute to possibly modify * @param aElement the element whose attribute to possibly modify
* @param aNamespace the namespace of the URL attribute * @param aNamespace the namespace of the URL attribute
* @param aLocalName the local name of the URL attribute * @param aLocalName the local name of the URL attribute
* @return true if the attribute was removed and false otherwise
*/ */
void SanitizeURL(mozilla::dom::Element* aElement, PRBool SanitizeURL(mozilla::dom::Element* aElement,
PRInt32 aNamespace, PRInt32 aNamespace,
nsIAtom* aLocalName); nsIAtom* aLocalName);
/** /**
* Checks a style rule for the presence of the 'binding' CSS property and * Checks a style rule for the presence of the 'binding' CSS property and

25
content/base/src/nsTreeSanitizer.cpp
Просмотреть файл

@ -1227,7 +1227,12 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
continue; continue;
} }
if (IsURL(aURLs, attrLocal)) { if (IsURL(aURLs, attrLocal)) {
SanitizeURL(aElement, attrNs, attrLocal); if (SanitizeURL(aElement, attrNs, attrLocal)) {
// in case the attribute removal shuffled the attribute order, start
// the loop again.
--ac;
i = ac; // i will be decremented immediately thanks to the for loop
}
continue; continue;
} }
if (aAllowed->GetEntry(attrLocal) && if (aAllowed->GetEntry(attrLocal) &&
@ -1252,7 +1257,12 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
// else not allowed // else not allowed
} else if (kNameSpaceID_XML == attrNs) { } else if (kNameSpaceID_XML == attrNs) {
if (nsGkAtoms::base == attrLocal) { if (nsGkAtoms::base == attrLocal) {
SanitizeURL(aElement, attrNs, attrLocal); if (SanitizeURL(aElement, attrNs, attrLocal)) {
// in case the attribute removal shuffled the attribute order, start
// the loop again.
--ac;
i = ac; // i will be decremented immediately thanks to the for loop
}
continue; continue;
} }
if (nsGkAtoms::lang == attrLocal || nsGkAtoms::space == attrLocal) { if (nsGkAtoms::lang == attrLocal || nsGkAtoms::space == attrLocal) {
@ -1261,7 +1271,12 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
// else not allowed // else not allowed
} else if (aAllowXLink && kNameSpaceID_XLink == attrNs) { } else if (aAllowXLink && kNameSpaceID_XLink == attrNs) {
if (nsGkAtoms::href == attrLocal) { if (nsGkAtoms::href == attrLocal) {
SanitizeURL(aElement, attrNs, attrLocal); if (SanitizeURL(aElement, attrNs, attrLocal)) {
// in case the attribute removal shuffled the attribute order, start
// the loop again.
--ac;
i = ac; // i will be decremented immediately thanks to the for loop
}
continue; continue;
} }
if (nsGkAtoms::type == attrLocal || nsGkAtoms::title == attrLocal if (nsGkAtoms::type == attrLocal || nsGkAtoms::title == attrLocal
@ -1288,7 +1303,7 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
} }
} }
void PRBool
nsTreeSanitizer::SanitizeURL(mozilla::dom::Element* aElement, nsTreeSanitizer::SanitizeURL(mozilla::dom::Element* aElement,
PRInt32 aNamespace, PRInt32 aNamespace,
nsIAtom* aLocalName) nsIAtom* aLocalName)
@ -1312,7 +1327,9 @@ nsTreeSanitizer::SanitizeURL(mozilla::dom::Element* aElement,
} }
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
aElement->UnsetAttr(aNamespace, aLocalName, PR_FALSE); aElement->UnsetAttr(aNamespace, aLocalName, PR_FALSE);
return PR_TRUE;
} }
return PR_FALSE;
} }
void void