Bug 1966027 - Document.parseHTMLUnsafe shouldn't sanitize as safe. r=emilio

Differential Revision: https://phabricator.services.mozilla.com/D249035
2025-05-13 12:28:23 +00:00
parent 49b12c4176
commit aceb72f7f9
1 changed files with 3 additions and 3 deletions
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -20332,13 +20332,13 @@ already_AddRefed<Document> Document::ParseHTMLUnsafe(
    nsCOMPtr<nsIGlobalObject> global =
        do_QueryInterface(aGlobal.GetAsSupports());
    RefPtr<Sanitizer> sanitizer = Sanitizer::GetInstance(
-        global, aOptions.mSanitizer.Value(), true, aError);
+        global, aOptions.mSanitizer.Value(), /* aSafe */ false, aError);
    if (aError.Failed()) {
      return nullptr;
    }
    // Step 6. Call sanitize on document with sanitizer and false.
-    sanitizer->Sanitize(doc, /* aSafe */ true, aError);
+    sanitizer->Sanitize(doc, /* aSafe */ false, aError);
    if (aError.Failed()) {
      return nullptr;
    }
@@ -20375,7 +20375,7 @@ already_AddRefed<Document> Document::ParseHTML(GlobalObject& aGlobal,
  // from options with options and true.
  nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports());
  RefPtr<Sanitizer> sanitizer =
-      Sanitizer::GetInstance(global, aOptions.mSanitizer, true, aError);
+      Sanitizer::GetInstance(global, aOptions.mSanitizer, /* aSafe */ true, aError);
  if (aError.Failed()) {
    return nullptr;
  }