Backed out 2 changesets (bug 1342348) for xpcshell bustage a=backout
authorWes Kocher <wkocher@mozilla.com>
Mon, 27 Feb 2017 16:56:04 -0800
changeset 394090 9c87e4453a8a3cb35e8bc4d68caf0037fec8b5df
parent 394089 06efe0295e1e68eff1e3a61af0ece9049bf3a10b
child 394091 3cbede0babaf680ffec2a15e93fdf7df45e9ad38
push id1468
push userasasaki@mozilla.com
push dateMon, 05 Jun 2017 19:31:07 +0000
treeherdermozilla-release@0641fc6ee9d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1342348
milestone54.0a1
backs out6e181ffefa618670a57a1a556afcd8a98b3fd8d5
4f0fce98dd3a7bdc4d4961a978f328e37bff615e
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 2 changesets (bug 1342348) for xpcshell bustage a=backout Backed out changeset 6e181ffefa61 (bug 1342348) Backed out changeset 4f0fce98dd3a (bug 1342348) MozReview-Commit-ID: F7bUbScVyfN
dom/base/nsTreeSanitizer.cpp
toolkit/components/reader/AboutReader.jsm
--- a/dom/base/nsTreeSanitizer.cpp
+++ b/dom/base/nsTreeSanitizer.cpp
@@ -1276,20 +1276,16 @@ nsTreeSanitizer::SanitizeURL(mozilla::do
 {
   nsAutoString value;
   aElement->GetAttr(aNamespace, aLocalName, value);
 
   // Get value and remove mandatory quotes
   static const char* kWhitespace = "\n\r\t\b";
   const nsAString& v =
     nsContentUtils::TrimCharsInSet(kWhitespace, value);
-  // Fragment-only url cannot be harmful.
-  if (v.IsEmpty() && v.First() == u'#') {
-    return false;
-  }
 
   nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
   uint32_t flags = nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL;
 
   nsCOMPtr<nsIURI> baseURI = aElement->GetBaseURI();
   nsCOMPtr<nsIURI> attrURI;
   nsresult rv = NS_NewURI(getter_AddRefs(attrURI), v, nullptr, baseURI);
   if (NS_SUCCEEDED(rv)) { 
--- a/toolkit/components/reader/AboutReader.jsm
+++ b/toolkit/components/reader/AboutReader.jsm
@@ -734,16 +734,31 @@ AboutReader.prototype = {
 
       // The native locale could be set differently than the article's text direction.
       var localeDirection = gChromeRegistry.isLocaleRTL("global") ? "rtl" : "ltr";
       this._readTimeElement.setAttribute("dir", localeDirection);
       this._readTimeElement.style.textAlign = article.dir == "rtl" ? "right" : "left";
     }
   },
 
+  _fixLocalLinks() {
+    // We need to do this because preprocessing the content through nsIParserUtils
+    // gives back a DOM with a <base> element. That influences how these URLs get
+    // resolved, making them no longer match the document URI (which is
+    // about:reader?url=...). To fix this, make all the hash URIs absolute. This
+    // is hacky, but the alternative of removing the base element has potential
+    // security implications if Readability has not successfully made all the URLs
+    // absolute, so we pick just fixing these in-document links explicitly.
+    let localLinks = this._contentElement.querySelectorAll("a[href^='#']");
+    for (let localLink of localLinks) {
+      // Have to get the attribute because .href provides an absolute URI.
+      localLink.href = this._doc.documentURI + localLink.getAttribute("href");
+    }
+  },
+
   _formatReadTime(slowEstimate, fastEstimate) {
     let displayStringKey = "aboutReader.estimatedReadTimeRange1";
 
     // only show one reading estimate when they are the same value
     if (slowEstimate == fastEstimate) {
       displayStringKey = "aboutReader.estimatedReadTimeValue1";
     }
 
@@ -799,16 +814,17 @@ AboutReader.prototype = {
     this._headerElement.style.display = "block";
 
     let parserUtils = Cc["@mozilla.org/parserutils;1"].getService(Ci.nsIParserUtils);
     let contentFragment = parserUtils.parseFragment(article.content,
       Ci.nsIParserUtils.SanitizerDropForms | Ci.nsIParserUtils.SanitizerAllowStyle,
       false, articleUri, this._contentElement);
     this._contentElement.innerHTML = "";
     this._contentElement.appendChild(contentFragment);
+    this._fixLocalLinks();
     this._maybeSetTextDirection(article);
     this._foundLanguage(article.language);
 
     this._contentElement.style.display = "block";
     this._updateImageMargins();
 
     this._requestFavicon();
     this._doc.body.classList.add("loaded");