corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1432966: Sanitize HTML fragments created for chrome-privileged documents. r=bz f=gijs

Browse Source 
This is a short-term solution to our inability to apply CSP to
chrome-privileged documents.

Ideally, we should be preventing all inline script execution in
chrome-privileged documents, since the reprecussions of XSS in chrome
documents are much worse than in content documents. Unfortunately, that's not
possible in the near term because a) we don't support CSP in system principal
documents at all, and b) we rely heavily on inline JS in our static XUL.

This stop-gap solution at least prevents some of the most common vectors of
XSS attack, by automatically sanitizing any HTML fragment created for a
chrome-privileged document.

MozReview-Commit-ID: 5w17celRFr
This commit is contained in:
Kris Maglione
2018-01-24 14:56:48 -08:00
parent cc873f589f
commit 9e04067677
21 changed files with 265 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dom/base/Element.cpp
View File

@@ -3927,6 +3927,12 @@ Element::SetInnerHTML(const nsAString& aInnerHTML, nsIPrincipal* aSubjectPrincip
SetInnerHTMLInternal(aInnerHTML, aError);
}
void
Element::UnsafeSetInnerHTML(const nsAString& aInnerHTML, ErrorResult& aError)
{
SetInnerHTMLInternal(aInnerHTML, aError, true);
}
void
Element::GetOuterHTML(nsAString& aOuterHTML)
{