| author | Cosmin Sabou <csabou@mozilla.com> |
| Tue, 23 Feb 2021 17:59:59 +0200 | |
| changeset 568414 | b422dd886e036907f35269f381f43785873c5296 |
| parent 568413 | 403ffdf9b6fb1d2be503cfb0feddae5faa3b85b7 |
| child 568415 | 9be2f6747aeb71cc1943afc48eb5addd0553bad4 |
| push id | 137040 |
| push user | csabou@mozilla.com |
| push date | Tue, 23 Feb 2021 16:02:15 +0000 |
| treeherder | autoland@b422dd886e03 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| bugs | 1664485 |
| milestone | 88.0a1 |
| backs out | cffeff2a28032c57f5d43a8293814d4cedbbc804 |
| first release with | nightly linux32
b422dd886e03
/
88.0a1
/
20210223230332
/
files
nightly linux64
b422dd886e03
/
88.0a1
/
20210223230332
/
files
nightly mac
b422dd886e03
/
88.0a1
/
20210223230332
/
files
nightly win32
b422dd886e03
/
88.0a1
/
20210223230332
/
files
nightly win64
b422dd886e03
/
88.0a1
/
20210223230332
/
files
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| releases | nightly linux32
88.0a1
/
20210223230332
/
pushlog to previous
nightly linux64
88.0a1
/
20210223230332
/
pushlog to previous
nightly mac
88.0a1
/
20210223230332
/
pushlog to previous
nightly win32
88.0a1
/
20210223230332
/
pushlog to previous
nightly win64
88.0a1
/
20210223230332
/
pushlog to previous
|
--- a/dom/security/sanitizer/Sanitizer.cpp +++ b/dom/security/sanitizer/Sanitizer.cpp @@ -42,42 +42,50 @@ already_AddRefed<Sanitizer> Sanitizer::C AutoTArray<nsString, 1> params = {}; sanitizer->LogLocalizedString("SanitizerOptionsDiscarded", params, nsIScriptError::infoFlag); return sanitizer.forget(); } /* static */ already_AddRefed<DocumentFragment> Sanitizer::InputToNewFragment( - const mozilla::dom::StringOrDocumentFragmentOrDocument& aInput, + const Optional<mozilla::dom::StringOrDocumentFragmentOrDocument>& aInput, ErrorResult& aRv) { // turns an StringOrDocumentFragmentOrDocument into a DocumentFragment for // internal use with nsTreeSanitizer nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal); if (!window || !window->GetDoc()) { // FIXME: Should we throw another exception? aRv.Throw(NS_ERROR_FAILURE); return nullptr; } + if (!aInput.WasPassed()) { + AutoTArray<nsString, 1> params = {}; + LogLocalizedString("SanitizerRcvdNoInput", params, + nsIScriptError::warningFlag); + RefPtr<DocumentFragment> emptyFragment = + window->GetDoc()->CreateDocumentFragment(); + return emptyFragment.forget(); + } // We need to create a new docfragment based on the input // and can't use a live document (possibly with mutation observershandlers) nsAutoString innerHTML; - if (aInput.IsDocumentFragment()) { - RefPtr<DocumentFragment> inFragment = &aInput.GetAsDocumentFragment(); + if (aInput.Value().IsDocumentFragment()) { + RefPtr<DocumentFragment> inFragment = + &aInput.Value().GetAsDocumentFragment(); inFragment->GetInnerHTML(innerHTML); - } else if (aInput.IsString()) { - innerHTML.Assign(aInput.GetAsString()); - } else if (aInput.IsDocument()) { - RefPtr<Document> doc = &aInput.GetAsDocument(); + } else if (aInput.Value().IsString()) { + innerHTML.Assign(aInput.Value().GetAsString()); + } else if (aInput.Value().IsDocument()) { + RefPtr<Document> doc = &aInput.Value().GetAsDocument(); nsCOMPtr<Element> docElement = doc->GetDocumentElement(); - if (docElement) { - docElement->GetInnerHTML(innerHTML, IgnoreErrors()); - } + + docElement->GetInnerHTML(innerHTML, IgnoreErrors()); } if (innerHTML.IsEmpty()) { AutoTArray<nsString, 1> params = {}; LogLocalizedString("SanitizerRcvdNoInput", params, nsIScriptError::warningFlag); RefPtr<DocumentFragment> emptyFragment = window->GetDoc()->CreateDocumentFragment(); @@ -95,39 +103,53 @@ already_AddRefed<DocumentFragment> Sanit if (aRv.Failed()) { aRv.Throw(NS_ERROR_FAILURE); return nullptr; } return fragment.forget(); } already_AddRefed<DocumentFragment> Sanitizer::Sanitize( - const mozilla::dom::StringOrDocumentFragmentOrDocument& aInput, + const Optional<mozilla::dom::StringOrDocumentFragmentOrDocument>& aInput, ErrorResult& aRv) { nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal); if (!window || !window->GetDoc()) { aRv.Throw(NS_ERROR_FAILURE); return nullptr; } + if (!aInput.WasPassed()) { + AutoTArray<nsString, 1> params = {}; + LogLocalizedString("SanitizerRcvdNoInput", params, + nsIScriptError::warningFlag); + RefPtr<DocumentFragment> fragment = + window->GetDoc()->CreateDocumentFragment(); + return fragment.forget(); + } ErrorResult error; RefPtr<DocumentFragment> fragment = Sanitizer::InputToNewFragment(aInput, error); if (error.Failed()) { return fragment.forget(); } nsTreeSanitizer treeSanitizer(mSanitizationFlags); treeSanitizer.Sanitize(fragment); return fragment.forget(); } void Sanitizer::SanitizeToString( - const StringOrDocumentFragmentOrDocument& aInput, nsAString& outSanitized, - ErrorResult& aRv) { + const Optional<StringOrDocumentFragmentOrDocument>& aInput, + nsAString& outSanitized, ErrorResult& aRv) { outSanitized.Truncate(); + if (!aInput.WasPassed()) { + AutoTArray<nsString, 1> params = {}; + LogLocalizedString("SanitizerRcvdNoInput", params, + nsIScriptError::warningFlag); + return; + } ErrorResult error; RefPtr<DocumentFragment> fragment = Sanitizer::InputToNewFragment(aInput, error); if (error.Failed()) { return; } nsTreeSanitizer treeSanitizer(mSanitizationFlags);
--- a/dom/security/sanitizer/Sanitizer.h +++ b/dom/security/sanitizer/Sanitizer.h @@ -54,40 +54,41 @@ class Sanitizer final : public nsISuppor ErrorResult& aRv); /** * sanitize WebIDL method. * @param aInput "bad" HTML that needs to be sanitized * @return DocumentFragment of the sanitized HTML */ already_AddRefed<DocumentFragment> Sanitize( - const mozilla::dom::StringOrDocumentFragmentOrDocument& aInput, + const Optional<mozilla::dom::StringOrDocumentFragmentOrDocument>& aInput, ErrorResult& aRv); /** * sanitizeToString WebIDL method. * @param aInput "bad" HTML that needs to be sanitized * @param outSanitized out-param for the string of sanitized HTML */ - void SanitizeToString(const StringOrDocumentFragmentOrDocument& aInput, - nsAString& outSanitized, ErrorResult& aRv); + void SanitizeToString( + const Optional<StringOrDocumentFragmentOrDocument>& aInput, + nsAString& outSanitized, ErrorResult& aRv); /** * Logs localized message to either content console or browser console * @param aName Localization key * @param aParams Localization parameters * @param aFlags Logging Flag (see nsIScriptError) */ void LogLocalizedString(const char* aName, const nsTArray<nsString>& aParams, uint32_t aFlags); private: ~Sanitizer() = default; already_AddRefed<DocumentFragment> InputToNewFragment( - const mozilla::dom::StringOrDocumentFragmentOrDocument& aInput, + const Optional<mozilla::dom::StringOrDocumentFragmentOrDocument>& aInput, ErrorResult& aRv); /** * Logs localized message to either content console or browser console * @param aMessage Message to log * @param aFlags Logging Flag (see nsIScriptError) * @param aInnerWindowID Inner Window ID (Logged on browser console if 0) * @param aFromPrivateWindow If from private window */
--- a/dom/webidl/Sanitizer.webidl +++ b/dom/webidl/Sanitizer.webidl @@ -19,12 +19,12 @@ dictionary SanitizerOptions { sequence<DOMString> removed; }; [Exposed=Window, SecureContext, Pref="dom.security.sanitizer.enabled"] interface Sanitizer { [Throws] constructor(optional SanitizerOptions options = {}); // optionality still discussed in spec [Throws] - DocumentFragment sanitize(SanitizerInput input); + DocumentFragment sanitize(optional SanitizerInput input); [Throws] - DOMString sanitizeToString(SanitizerInput input); + DOMString sanitizeToString(optional SanitizerInput input); };