Bug 563322 part 3 - Successfully prevent script execution in the XML fragment case. r=Olli.Pettay.
authorHenri Sivonen <hsivonen@iki.fi>
Mon, 01 Aug 2011 10:48:28 +0300
changeset 73608 79548c572c09f8475a14e147567ece3eebcc3930
parent 73607 a228ff77a9f82df058eb760f47ceca9cbcb58d27
child 73609 047bd50613abc3efa8f1da4955f3e8b030467eff
push id20896
push usermak77@bonardo.net
push dateMon, 01 Aug 2011 14:04:43 +0000
treeherdermozilla-central@345ba237404d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersOlli
bugs563322
milestone8.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 563322 part 3 - Successfully prevent script execution in the XML fragment case. r=Olli.Pettay.
content/xml/document/src/nsXMLFragmentContentSink.cpp
--- a/content/xml/document/src/nsXMLFragmentContentSink.cpp
+++ b/content/xml/document/src/nsXMLFragmentContentSink.cpp
@@ -266,16 +266,23 @@ nsXMLFragmentContentSink::CreateElement(
 
   return rv;
 }
 
 nsresult
 nsXMLFragmentContentSink::CloseElement(nsIContent* aContent)
 {
   // don't do fancy stuff in nsXMLContentSink
+  if (mPreventScriptExecution && aContent->Tag() == nsGkAtoms::script &&
+      (aContent->GetNameSpaceID() == kNameSpaceID_XHTML ||
+       aContent->GetNameSpaceID() == kNameSpaceID_SVG)) {
+    nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(aContent);
+    NS_ASSERTION(sele, "script did QI correctly!");
+    sele->PreventExecution();
+  }
   return NS_OK;
 }
 
 void
 nsXMLFragmentContentSink::MaybeStartLayout(PRBool aIgnorePendingSheets)
 {
   return;
 }