Bug 1342348 part 1 - Don't check fragment url in tree sanitizer. r=hsivonen
☠☠ backed out by 9c87e4453a8a ☠ ☠
authorXidorn Quan <me@upsuper.org>
Tue, 28 Feb 2017 10:21:33 +1100
changeset 374134 4f0fce98dd3a7bdc4d4961a978f328e37bff615e
parent 374133 d18a90d8df3e4b7f1182e64cf3eba720bb7febca
child 374135 6e181ffefa618670a57a1a556afcd8a98b3fd8d5
push id10863
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 23:02:23 +0000
treeherdermozilla-aurora@0931190cd725 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershsivonen
bugs1342348
milestone54.0a1
Bug 1342348 part 1 - Don't check fragment url in tree sanitizer. r=hsivonen MozReview-Commit-ID: 8tIiMtexHxd
dom/base/nsTreeSanitizer.cpp
--- a/dom/base/nsTreeSanitizer.cpp
+++ b/dom/base/nsTreeSanitizer.cpp
@@ -1276,16 +1276,20 @@ nsTreeSanitizer::SanitizeURL(mozilla::do
 {
   nsAutoString value;
   aElement->GetAttr(aNamespace, aLocalName, value);
 
   // Get value and remove mandatory quotes
   static const char* kWhitespace = "\n\r\t\b";
   const nsAString& v =
     nsContentUtils::TrimCharsInSet(kWhitespace, value);
+  // Fragment-only url cannot be harmful.
+  if (v.IsEmpty() && v.First() == u'#') {
+    return false;
+  }
 
   nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
   uint32_t flags = nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL;
 
   nsCOMPtr<nsIURI> baseURI = aElement->GetBaseURI();
   nsCOMPtr<nsIURI> attrURI;
   nsresult rv = NS_NewURI(getter_AddRefs(attrURI), v, nullptr, baseURI);
   if (NS_SUCCEEDED(rv)) {