Backed out changeset ce9d71b0a088 (bug 1342348) for crashing in xpcshell test parser/xml/test/unit/test_sanitizer.js. r=backout
authorSebastian Hengst <archaeopteryx@coole-files.de>
Mon, 27 Feb 2017 15:26:04 +0100
changeset 374043 0edea4787f1b441247b20ab0ef180c85538cd750
parent 374042 e35c7e3eb3cc6ab342159612bd57ac194adf9b65
child 374044 a7e8fe5d004bc7e6e04c4a9c9dc4e2f62d4718ec
push id10863
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 23:02:23 +0000
treeherdermozilla-aurora@0931190cd725 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1342348
milestone54.0a1
backs outce9d71b0a088c72e91e333dfdc49f2e890da0d3a
Backed out changeset ce9d71b0a088 (bug 1342348) for crashing in xpcshell test parser/xml/test/unit/test_sanitizer.js. r=backout
dom/base/nsTreeSanitizer.cpp
--- a/dom/base/nsTreeSanitizer.cpp
+++ b/dom/base/nsTreeSanitizer.cpp
@@ -1276,20 +1276,16 @@ nsTreeSanitizer::SanitizeURL(mozilla::do
 {
   nsAutoString value;
   aElement->GetAttr(aNamespace, aLocalName, value);
 
   // Get value and remove mandatory quotes
   static const char* kWhitespace = "\n\r\t\b";
   const nsAString& v =
     nsContentUtils::TrimCharsInSet(kWhitespace, value);
-  // Fragment-only url cannot be harmful.
-  if (v.First() == u'#') {
-    return false;
-  }
 
   nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
   uint32_t flags = nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL;
 
   nsCOMPtr<nsIURI> baseURI = aElement->GetBaseURI();
   nsCOMPtr<nsIURI> attrURI;
   nsresult rv = NS_NewURI(getter_AddRefs(attrURI), v, nullptr, baseURI);
   if (NS_SUCCEEDED(rv)) {