Bug 1330228 - Use HasBeenTypePassword when sanitizing a document for bfcache. r=baku
authorMatthew Noorenberghe <mozilla@noorenberghe.ca>
Fri, 21 Dec 2018 16:45:19 +0000
changeset 508847 fa89cf35d16f3402c60e204836d533f2e9cb36e1
parent 508846 8420eec6f0cccd845d587b47208498fdaba914dc
child 508848 443b0e20be2216655fcd4c0ab32287282014c697
push id10547
push userffxbld-merge
push dateMon, 21 Jan 2019 13:03:58 +0000
treeherdermozilla-beta@24ec1916bffe [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku
bugs1330228
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1330228 - Use HasBeenTypePassword when sanitizing a document for bfcache. r=baku Check whether an input was ever type=password rather than just checking the current type to handle sites which toggle password visibility. I haven't yet figured out what this code is used for so haven't made a test yet. Differential Revision: https://phabricator.services.mozilla.com/D15149
dom/base/nsDocument.cpp
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -7289,21 +7289,21 @@ already_AddRefed<Element> nsIDocument::C
 bool nsIDocument::IsSafeToFlush() const {
   nsIPresShell* shell = GetShell();
   if (!shell) return true;
 
   return shell->IsSafeToFlush();
 }
 
 void nsIDocument::Sanitize() {
-  // Sanitize the document by resetting all password fields and any form
-  // fields with autocomplete=off to their default values.  We do this now,
-  // instead of when the presentation is restored, to offer some protection
-  // in case there is ever an exploit that allows a cached document to be
-  // accessed from a different document.
+  // Sanitize the document by resetting all (current and former) password fields
+  // and any form fields with autocomplete=off to their default values.  We do
+  // this now, instead of when the presentation is restored, to offer some
+  // protection in case there is ever an exploit that allows a cached document
+  // to be accessed from a different document.
 
   // First locate all input elements, regardless of whether they are
   // in a form, and reset the password and autocomplete=off elements.
 
   RefPtr<nsContentList> nodes =
       GetElementsByTagName(NS_LITERAL_STRING("input"));
 
   nsAutoString value;
@@ -7311,27 +7311,18 @@ void nsIDocument::Sanitize() {
   uint32_t length = nodes->Length(true);
   for (uint32_t i = 0; i < length; ++i) {
     NS_ASSERTION(nodes->Item(i), "null item in node list!");
 
     RefPtr<HTMLInputElement> input =
         HTMLInputElement::FromNodeOrNull(nodes->Item(i));
     if (!input) continue;
 
-    bool resetValue = false;
-
     input->GetAttribute(NS_LITERAL_STRING("autocomplete"), value);
-    if (value.LowerCaseEqualsLiteral("off")) {
-      resetValue = true;
-    } else {
-      input->GetType(value);
-      if (value.LowerCaseEqualsLiteral("password")) resetValue = true;
-    }
-
-    if (resetValue) {
+    if (value.LowerCaseEqualsLiteral("off") || input->HasBeenTypePassword()) {
       input->Reset();
     }
   }
 
   // Now locate all _form_ elements that have autocomplete=off and reset them
   nodes = GetElementsByTagName(NS_LITERAL_STRING("form"));
 
   length = nodes->Length(true);