From aceb72f7f94a54d19b0c54df8a4873d4d2042b6c Mon Sep 17 00:00:00 2001
From: Tom Schuster <tschuster@mozilla.com>
Date: Tue, 13 May 2025 12:28:23 +0000
Subject: [PATCH] Bug 1966027 - Document.parseHTMLUnsafe shouldn't sanitize as
 safe. r=emilio

Differential Revision: https://phabricator.services.mozilla.com/D249035
---
 dom/base/Document.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp
index 3a649ca1ef42..ebbe887298c3 100644
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -20332,13 +20332,13 @@ already_AddRefed<Document> Document::ParseHTMLUnsafe(
     nsCOMPtr<nsIGlobalObject> global =
         do_QueryInterface(aGlobal.GetAsSupports());
     RefPtr<Sanitizer> sanitizer = Sanitizer::GetInstance(
-        global, aOptions.mSanitizer.Value(), true, aError);
+        global, aOptions.mSanitizer.Value(), /* aSafe */ false, aError);
     if (aError.Failed()) {
       return nullptr;
     }
 
     // Step 6. Call sanitize on document with sanitizer and false.
-    sanitizer->Sanitize(doc, /* aSafe */ true, aError);
+    sanitizer->Sanitize(doc, /* aSafe */ false, aError);
     if (aError.Failed()) {
       return nullptr;
     }
@@ -20375,7 +20375,7 @@ already_AddRefed<Document> Document::ParseHTML(GlobalObject& aGlobal,
   // from options with options and true.
   nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports());
   RefPtr<Sanitizer> sanitizer =
-      Sanitizer::GetInstance(global, aOptions.mSanitizer, true, aError);
+      Sanitizer::GetInstance(global, aOptions.mSanitizer, /* aSafe */ true, aError);
   if (aError.Failed()) {
     return nullptr;
   }