Bug 1470229 part 1 - Make the starting-with check in nsTreeSanitizer::SanitizeAttributes nicer. r?hsivonen
MozReview-Commit-ID: 87mxrKKUfJD
--- a/dom/base/nsTreeSanitizer.cpp
+++ b/dom/base/nsTreeSanitizer.cpp
@@ -1147,16 +1147,35 @@ nsTreeSanitizer::SanitizeStyleSheet(cons
}
}
if (didSanitize && mLogRemovals) {
LogMessage("Removed some rules and/or properties from stylesheet.", aDocument);
}
return didSanitize;
}
+template<size_t Len>
+static bool
+UTF16StringStartsWith(const char16_t* aStr, uint32_t aLength,
+ const char16_t (&aNeedle)[Len])
+{
+ MOZ_ASSERT(aNeedle[Len - 1] == '\0',
+ "needle should be a UTF-16 encoded string literal");
+
+ if (aLength < Len - 1) {
+ return false;
+ }
+ for (size_t i = 0; i < Len - 1; i++) {
+ if (aStr[i] != aNeedle[i]) {
+ return false;
+ }
+ }
+ return true;
+}
+
void
nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
AllowedAttributes aAllowed)
{
uint32_t ac = aElement->GetAttrCount();
for (int32_t i = ac - 1; i >= 0; --i) {
const nsAttrName* attrName = aElement->GetAttrNameAt(i);
@@ -1220,21 +1239,21 @@ nsTreeSanitizer::SanitizeAttributes(mozi
// name="" and rel="" are whitelisted, but treat them as blacklisted
// for <meta name> (fragment case) and <link rel> (all cases) to avoid
// document-wide metadata or styling overrides with non-conforming
// <meta name itemprop> or
// <link rel itemprop>
continue;
}
const char16_t* localStr = attrLocal->GetUTF16String();
+ uint32_t localLen = attrLocal->GetLength();
// Allow underscore to cater to the MCE editor library.
// Allow data-* on SVG and MathML, too, as a forward-compat measure.
- if (*localStr == '_' || (attrLocal->GetLength() > 5 && localStr[0] == 'd'
- && localStr[1] == 'a' && localStr[2] == 't' && localStr[3] == 'a'
- && localStr[4] == '-')) {
+ if (UTF16StringStartsWith(localStr, localLen, u"_") ||
+ UTF16StringStartsWith(localStr, localLen, u"data-")) {
continue;
}
// else not allowed
} else if (kNameSpaceID_XML == attrNs) {
if (nsGkAtoms::base == attrLocal) {
if (SanitizeURL(aElement, attrNs, attrLocal)) {
// in case the attribute removal shuffled the attribute order, start
// the loop again.