Relax restrictions on <animate> and <set> elements in SVG content in nsTreeSanitizer

NEW
Unassigned

Status

()

3 years ago
2 years ago

People

(Reporter: Gijs, Unassigned)

Tracking

({sec-other})

Trunk
sec-other
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [adv-main42-])

(Reporter)

Description

3 years ago
In bug 1182778 I'm stripping all of <animate> and <set>. In theory, it should be possible to only strip the attributeName if the attribute that's being animated/set is not supposed to be set in the first place. Because of namespaces, I expect that's not trivial.

Marking sec-sensitive because 1182778 is still hidden.
Keywords: sec-other
Group: core-security → dom-core-security
Whiteboard: [adv-main42-]
Can we open this up now?
status-firefox43: affected → ---
Flags: needinfo?(gijskruitbosch+bugs)
(Reporter)

Comment 2

2 years ago
(In reply to Ryan VanderMeulen [:RyanVM] from comment #1)
> Can we open this up now?

Yes. (I can't, though, so pinging the needinfo back.)
Flags: needinfo?(gijskruitbosch+bugs) → needinfo?(ryanvm)
Group: dom-core-security
Flags: needinfo?(ryanvm)
You need to log in before you can comment on or make changes to this bug.