Closed
Bug 1437147
Opened 7 years ago
Closed 7 years ago
Warn or error when sanitization removes items from HTML fragments
Categories
(Core :: DOM: Core & HTML, enhancement, P2)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla60
Tracking | Status | |
---|---|---|
firefox60 | --- | fixed |
People
(Reporter: bdahl, Assigned: Gijs)
References
Details
Attachments
(1 file)
After bug 1432966, items are silently removed when using innerHTML/createContextualFragment in chrome documents. As this differs from the regular content API, it would be helpful if there was an immediate console warning (or even js error) when items were removed.
https://groups.google.com/forum/#!topic/firefox-dev/p5pQXUsxO9Q
Updated•7 years ago
|
Severity: normal → enhancement
Component: DOM: Security → DOM
Assignee | ||
Updated•7 years ago
|
Flags: needinfo?(gijskruitbosch+bugs)
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → gijskruitbosch+bugs
Status: NEW → ASSIGNED
Flags: needinfo?(gijskruitbosch+bugs)
Updated•7 years ago
|
Priority: -- → P2
Comment hidden (mozreview-request) |
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8951290 [details]
Bug 1437147 - report warnings when the sanitizer removes stuff for chrome documents,
https://reviewboard.mozilla.org/r/220546/#review226652
r=me assuming we're ok with not localizing these messages...
::: dom/base/nsTreeSanitizer.h:190
(Diff revision 1)
> /**
> * Removes all attributes from an element node.
> */
> void RemoveAllAttributes(mozilla::dom::Element* aElement);
>
> + void LogMessage(const char* msg, nsIDocument* aDoc,
Please document the arguments.
::: dom/base/nsTreeSanitizer.cpp:1569
(Diff revision 1)
> + if (aElement) {
> + msg.Append(NS_LITERAL_STRING(" Element: ") + aElement->LocalName() +
> + NS_LITERAL_STRING("."));
> + }
> + if (aAttr) {
> + msg.Append(NS_LITERAL_STRING(" Attribute: ") + nsAtomString(aAttr) +
Could be nsDependentAtomString(aAttr) here
Attachment #8951290 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 3•7 years ago
|
||
(In reply to Boris Zbarsky [:bz] (no decent commit message means r-) from comment #2)
> Comment on attachment 8951290 [details]
> Bug 1437147 - report warnings when the sanitizer removes stuff for chrome
> documents,
>
> https://reviewboard.mozilla.org/r/220546/#review226652
>
> r=me assuming we're ok with not localizing these messages...
I think so; they're in the browser console and aimed at frontend engineers. :-)
Comment hidden (mozreview-request) |
Pushed by gijskruitbosch@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/da198449d15e
report warnings when the sanitizer removes stuff for chrome documents, r=bz
Comment 6•7 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox60:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•