Closed
Bug 1500812
Opened 6 years ago
Closed 6 years ago
nsTreeSanitizer sanitizes the href="" attribute in <svg:use>, but not xlink:href.
Categories
(Core :: DOM: Core & HTML, enhancement)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
INVALID
People
(Reporter: emilio, Unassigned)
References
Details
This bit me in bug 1487649.
Reporter | ||
Updated•6 years ago
|
Summary: nsTreeSanitizer sanitizes the href="" attribute in <svg:use>, but not xhtml:href. → nsTreeSanitizer sanitizes the href="" attribute in <svg:use>, but not xlink:href.
Comment 1•6 years ago
|
||
Weird. There's code for xlink:href: https://searchfox.org/mozilla-central/source/dom/base/nsTreeSanitizer.cpp#1283
Reporter | ||
Comment 2•6 years ago
|
||
Yeah, let me double-check since it's been a while... But I think changing this: https://hg.mozilla.org/mozilla-central/rev/5254a8f44df4#l2.40 To an xlink:href on the innerHTML test would still pass the test. I'll dig.
Flags: needinfo?(emilio)
Reporter | ||
Comment 3•6 years ago
|
||
Hmmp, I can't repro this... Probably got confused.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(emilio)
Resolution: --- → INVALID
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•