Closed Bug 1484644 Opened Last year Closed Last year
Investigate whitelisting xul attribute tooltiptext in DOM overlays
46 bytes, text/x-phabricator-request
|Details | Review|
We currently only allow tooltiptext on toolbarbutton. But we use it on richlistitem, image, and button, at least, too. Some picked up data-l10n-attrs to explicitly whitelist it, some apparently don't: https://dxr.mozilla.org/mozilla-central/source/browser/components/preferences/in-content/sync.xul#79 https://dxr.mozilla.org/mozilla-central/source/browser/components/preferences/in-content/privacy.xul#328 Is this also something where we can bust tests if we strip attributes?
Looking at https://dxr.mozilla.org/mozilla-central/source/dom/webidl/XULElement.webidl#65, tooltiptext is defined on xul element, so we should probably add it to general?
yeah, totally. Anyone wants to write a patch? :)
Assignee: nobody → gandalf
Assignee: gandalf → masterkrombi
Status: NEW → ASSIGNED
Can you also whitelist `title` on `window`? Here are attributes we manually whitelist: https://searchfox.org/mozilla-central/search?q=data-l10n-attrs&path= I think `style` should remain whitelisted per case, but title definitely can be added to the global whitelist.
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/67a3276d3b4e Whitelist title and tooltiptext for XUL r=zbraniecki
You need to log in before you can comment on or make changes to this bug.