Bug 649566 - @keyframe(s) missing from <style> sanitizing code in nsHTMLFragmentContentSink; r=bzbarsky
authorEhsan Akhgari <ehsan@mozilla.com>
Wed, 13 Apr 2011 18:12:32 -0400
changeset 68178 4af1022fca8374d88a8eab540cce7e60e6eb28e6
parent 68177 283a54188c6c5546b5cefcd157e519d7ee2275d7
child 68179 0c1749cfcc3849a4bd40ca882162e519a7deaee9
push id19528
push usereakhgari@mozilla.com
push dateFri, 15 Apr 2011 13:35:33 +0000
treeherdermozilla-central@754e793c647e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbzbarsky
bugs649566
milestone6.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 649566 - @keyframe(s) missing from <style> sanitizing code in nsHTMLFragmentContentSink; r=bzbarsky
content/html/document/src/nsHTMLFragmentContentSink.cpp
editor/libeditor/html/tests/test_bug520189.html
--- a/content/html/document/src/nsHTMLFragmentContentSink.cpp
+++ b/content/html/document/src/nsHTMLFragmentContentSink.cpp
@@ -1181,21 +1181,17 @@ nsHTMLParanoidFragmentSink::CloseContain
             PRInt32 ruleCount = sheet->StyleRuleCount();
             for (PRInt32 i = 0; i < ruleCount; ++i) {
               nsRefPtr<nsICSSRule> rule;
               rv = sheet->GetStyleRuleAt(i, *getter_AddRefs(rule));
               if (NS_FAILED(rv))
                 continue;
               NS_ASSERTION(rule, "We should have a rule by now");
               switch (rule->GetType()) {
-                case nsICSSRule::UNKNOWN_RULE:
-                case nsICSSRule::CHARSET_RULE:
-                case nsICSSRule::IMPORT_RULE:
-                case nsICSSRule::MEDIA_RULE:
-                case nsICSSRule::PAGE_RULE:
+                default:
                   didSanitize = PR_TRUE;
                   // Ignore these rule types.
                   break;
                 case nsICSSRule::NAMESPACE_RULE:
                 case nsICSSRule::FONT_FACE_RULE: {
                   // Append @namespace and @font-face rules verbatim.
                   nsAutoString cssText;
                   nsCOMPtr<nsIDOMCSSRule> styleRule = do_QueryInterface(rule);
--- a/editor/libeditor/html/tests/test_bug520189.html
+++ b/editor/libeditor/html/tests/test_bug520189.html
@@ -53,16 +53,20 @@ https://bugzilla.mozilla.org/show_bug.cg
   <iframe id="kk" src="about:blank"></iframe>
   <div id="ll" contenteditable="true"></div>
   <iframe id="mm" src="about:blank"></iframe>
   <div id="nn" contenteditable="true"></div>
   <iframe id="oo" src="about:blank"></iframe>
   <div id="pp" contenteditable="true"></div>
   <iframe id="qq" src="about:blank"></iframe>
   <div id="rr" contenteditable="true"></div>
+  <iframe id="ss" src="about:blank"></iframe>
+  <div id="tt" contenteditable="true"></div>
+  <iframe id="uu" src="about:blank"></iframe>
+  <div id="vv" contenteditable="true"></div>
 </div>
 <pre id="test">
 <script type="application/javascript">
 
 /** Test for Bug 520182 **/
 
 const dataPayload = "foo<iframe src=\"data:text/html,bar\"></iframe>baz";
 const jsPayload = "foo<iframe src=\"javascript:void('bar');\"></iframe>baz";
@@ -75,16 +79,18 @@ const validStyle3Payload = "foo<style>@f
 const validStyle4Payload = "foo<style>@namespace xxx url(http://example.com/);</style>baz";
 const invalidStyle1Payload = "foo<style>#bar{-moz-binding:url('data:text/xml,<?xml version=\"1.0\"><binding xmlns=\"http://www.mozilla.org/xbl\"/>');}</style>baz";
 const invalidStyle2Payload = "foo<span style=\"-moz-binding:url('data:text/xml,<?xml version=&quot;1.0&quot;><binding xmlns=&quot;http://www.mozilla.org/xbl&quot;/>');\">bar</span>baz";
 const invalidStyle3Payload = "foo<style>@import 'xxx.css';</style>baz";
 const invalidStyle4Payload = "foo<span style=\"@import 'xxx.css';\">bar</span>baz";
 const invalidStyle5Payload = "foo<span style=\"@font-face{font-family:xxx;src:'xxx.ttf';}\">bar</span>baz";
 const invalidStyle6Payload = "foo<span style=\"@namespace xxx url(http://example.com/);\">bar</span>baz";
 const invalidStyle7Payload = "<html><head><title>xxx</title></head><body>foo</body></html>";
+const invalidStyle8Payload = "foo<style>@-moz-document url(http://example.com/) {};</style>baz";
+const invalidStyle9Payload = "foo<style>@-moz-keyframes bar {};</style>baz";
 const nestedStylePayload = "foo<style>#bar1{-moz-binding:url('data:text/xml,<?xml version=&quot;1.0&quot;><binding xmlns=&quot;http://www.mozilla.org/xbl&quot; id=&quot;binding-1&quot;/>');<style></style>#bar2{-moz-binding:url('data:text/xml,<?xml version=&quot;1.0&quot;><binding xmlns=&quot;http://www.mozilla.org/xbl&quot; id=&quot;binding-2&quot;/>');</style>baz";
 const validImgSrc1Payload = "foo<img src=\"data:image/png,bar\">baz";
 const validImgSrc2Payload = "foo<img src=\"javascript:void('bar');\">baz";
 const validImgSrc3Payload = "foo<img src=\"file:///bar.png\">baz";
 const validDataFooPayload = "foo<span data-bar=\"value\">baz</span>";
 const validDataFoo2Payload = "foo<span _bar=\"value\">baz</span>";
 
 var tests = [
@@ -384,16 +390,42 @@ var tests = [
     rootElement: function() document.getElementById("qq").contentDocument.documentElement,
     checkResult: function(html) isnot(html.indexOf("bar"), -1, "Should have retained the _bar attribute")
   },
   {
     id: "rr",
     payload: validDataFoo2Payload,
     rootElement: function() document.getElementById("rr"),
     checkResult: function(html) isnot(html.indexOf("bar"), -1, "Should have retained the _bar attribute")
+  },
+  {
+    id: "ss",
+    isIFrame: true,
+    payload: invalidStyle8Payload,
+    rootElement: function() document.getElementById("ss").contentDocument.documentElement,
+    checkResult: function(html) is(html.indexOf("@-moz-document"), -1, "Should not have retained the @-moz-document rule")
+  },
+  {
+    id: "tt",
+    payload: invalidStyle8Payload,
+    rootElement: function() document.getElementById("tt"),
+    checkResult: function(html) is(html.indexOf("@-moz-document"), -1, "Should not have retained the @-moz-document rule")
+  },
+  {
+    id: "uu",
+    isIFrame: true,
+    payload: invalidStyle9Payload,
+    rootElement: function() document.getElementById("uu").contentDocument.documentElement,
+    checkResult: function(html) is(html.indexOf("@-moz-keyframes"), -1, "Should not have retained the @-moz-keyframes rule")
+  },
+  {
+    id: "vv",
+    payload: invalidStyle9Payload,
+    rootElement: function() document.getElementById("vv"),
+    checkResult: function(html) is(html.indexOf("@-moz-keyframes"), -1, "Should not have retained the @-moz-keyframes rule")
   }
 ];
 
 function doNextTest() {
   if (typeof testCounter == "undefined")
     testCounter = 0;
   else if (++testCounter == tests.length) {
     SimpleTest.finish();