Closed Bug 1644070 Opened 1 year ago Closed 11 months ago

TreeSanitizer's list of URL-bearing attributes is missing some

Categories

(Core :: DOM: Core & HTML, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla79
Tracking Status
firefox-esr78 --- fixed
firefox79 --- fixed

People

(Reporter: freddy, Assigned: freddy)

Details

(Keywords: sec-low, Whiteboard: [adv-main79-])

Attachments

(1 file)

No description provided.

This adds the elements formaction, data, ping, poster.

We can't really add a test for the <object data>, since we never
allow <object> elements in the first place and we don't allow
settings exceptions for temporarily allowed elements.
Same for poster elements, since it's only used in media elements
and those are either all allowed or none.

Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f05c306f7e1b
add missing URLish attributes to TreeSanitizer r=hsivonen
Severity: -- → S3
Priority: -- → P2

Backed out changeset f05c306f7e1b (bug 1644070) for test_sanitizer.js failures

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&selectedTaskRun=Kcj7ubSAQtihKmcLXWL8fA-0&searchStr=xpc&fromchange=8a1c8747a43bcff68aea85eaf83baab854382f1d&tochange=b77286550f612b4ffcd324f09635138a9f6f7c74

Backout link: https://hg.mozilla.org/integration/autoland/rev/b77286550f612b4ffcd324f09635138a9f6f7c74

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=305478483&repo=autoland&lineNumber=6345

[task 2020-06-08T15:11:22.805Z] 15:11:22     INFO -  TEST-START | parser/xml/test/unit/test_sanitizer.js
[task 2020-06-08T15:11:23.263Z] 15:11:23  WARNING -  TEST-UNEXPECTED-FAIL | parser/xml/test/unit/test_sanitizer.js | xpcshell return code: 0
[task 2020-06-08T15:11:23.264Z] 15:11:23     INFO -  TEST-INFO took 457ms
[task 2020-06-08T15:11:23.264Z] 15:11:23     INFO -  >>>>>>>
[task 2020-06-08T15:11:23.265Z] 15:11:23     INFO -  PID 11372 | Couldn't convert chrome URL: chrome://branding/locale/brand.properties
[task 2020-06-08T15:11:23.265Z] 15:11:23     INFO -  PID 11372 | [11372, Main Thread] WARNING: Failed to get directory to cache.: file /builds/worker/checkouts/gecko/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp, line 88
[task 2020-06-08T15:11:23.265Z] 15:11:23     INFO -  PID 11372 | [11372, Main Thread] WARNING: Failed to get directory to cache.: file /builds/worker/checkouts/gecko/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp, line 88
[task 2020-06-08T15:11:23.266Z] 15:11:23     INFO -  PID 11372 | [11372, Main Thread] WARNING: Failed to get directory to cache.: file /builds/worker/checkouts/gecko/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp, line 88
[task 2020-06-08T15:11:23.266Z] 15:11:23     INFO -  PID 11372 | [11372, Main Thread] WARNING: Failed to get directory to cache.: file /builds/worker/checkouts/gecko/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp, line 88
[task 2020-06-08T15:11:23.266Z] 15:11:23     INFO -  PID 11372 | [11372, Main Thread] WARNING: Failed to get directory to cache.: file /builds/worker/checkouts/gecko/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp, line 88
[task 2020-06-08T15:11:23.267Z] 15:11:23     INFO -  PID 11372 | [11372, Main Thread] WARNING: Couldn't get the user appdata directory. Crash events may not be produced.: file /builds/worker/checkouts/gecko/toolkit/crashreporter/nsExceptionHandler.cpp, line 2924
[task 2020-06-08T15:11:23.267Z] 15:11:23     INFO -  (xpcshell/head.js) | test MAIN run_test pending (1)
[task 2020-06-08T15:11:23.268Z] 15:11:23     INFO -  TEST-PASS | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 28] ensure places database is successfully initialized. - true == true
[task 2020-06-08T15:11:23.268Z] 15:11:23     INFO -  TEST-PASS | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 49] "<html><head></head><body></body></html>" == "<html><head></head><body></body></html>"
[task 2020-06-08T15:11:23.269Z] 15:11:23     INFO -  TEST-PASS | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 49] "<html><head></head><body>&amp;ADz&amp;AGn&amp;AG0&amp;AEf&amp;ACA&amp;AHM&amp;AHI&amp;AGO&amp;AD0&amp;AGn&amp;ACA&amp;AG8Abg&amp;AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&amp;ACAAPABi</body></html>" == "<html><head></head><body>&amp;ADz&amp;AGn&amp;AG0&amp;AEf&amp;ACA&amp;AHM&amp;AHI&amp;AGO&amp;AD0&amp;AGn&amp;ACA&amp;AG8Abg&amp;AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&amp;ACAAPABi</body></html>"
[task 2020-06-08T15:11:23.269Z] 15:11:23     INFO -  TEST-PASS | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 49] "<html><head></head><body>&amp;alert&amp;A7&amp;(1)&amp;R&amp;UA;&amp;&amp;&lt;&amp;A9&amp;11/script&amp;X&amp;&gt;</body></html>" == "<html><head></head><body>&amp;alert&amp;A7&amp;(1)&amp;R&amp;UA;&amp;&amp;&lt;&amp;A9&amp;11/script&amp;X&amp;&gt;</body></html>"
[task 2020-06-08T15:11:23.269Z] 15:11:23     INFO -  TEST-PASS | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 49] "<html><head></head><body>0? :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))</body></html>" == "<html><head></head><body>0? :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))</body></html>"
[task 2020-06-08T15:11:23.269Z] 15:11:23     INFO -  TEST-PASS | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 49] "<html><head></head><body></body></html>" == "<html><head></head><body></body></html>"
[task 2020-06-08T15:11:23.270Z] 15:11:23     INFO -  TEST-PASS | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 49] "<html><head></head><body></body></html>" == "<html><head></head><body></body></html>"
[task 2020-06-08T15:11:23.270Z] 15:11:23     INFO -  TEST-PASS | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 49] "<html><head></head><body></body></html>" == "<html><head></head><body></body></html>"
[task 2020-06-08T15:11:23.271Z] 15:11:23     INFO -  TEST-PASS | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 49] "<html><head></head><body></body></html>" == "<html><head></head><body></body></html>"
[task 2020-06-08T15:11:23.271Z] 15:11:23     INFO -  TEST-PASS | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 49] "<html><head></head><body><a>X</a></body></html>" == "<html><head></head><body><a>X</a></body></html>"
[task 2020-06-08T15:11:23.271Z] 15:11:23     INFO -  PID 11372 | [11372, Main Thread] WARNING: '!aWindow', file /builds/worker/checkouts/gecko/dom/audiochannel/AudioChannelAgent.cpp, line 102
[task 2020-06-08T15:11:23.271Z] 15:11:23     INFO -  PID 11372 | [11372, Main Thread] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/dom/html/HTMLMediaElement.cpp, line 1534
[task 2020-06-08T15:11:23.271Z] 15:11:23     INFO -  PID 11372 | [11372, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x805303F4 (NS_ERROR_DOM_BAD_URI): file /builds/worker/checkouts/gecko/caps/nsScriptSecurityManager.cpp, line 610
[task 2020-06-08T15:11:23.272Z] 15:11:23  WARNING -  TEST-UNEXPECTED-FAIL | parser/xml/test/unit/test_sanitizer.js | run_test - [run_test : 49] "<html><head></head><body><video poster=\\"javascript:alert(1)//\\" controls=\\"controls\\"></video></body></html>" == "<html><head></head><body><video controls=\\"controls\\"></video></body></html>"
[task 2020-06-08T15:11:23.272Z] 15:11:23     INFO -  Z:/task_1591625712/build/tests/xpcshell/tests/parser/xml/test/unit/test_sanitizer.js:run_test:49
[task 2020-06-08T15:11:23.272Z] 15:11:23     INFO -  Z:\task_1591625712\build\tests\xpcshell\head.js:_execute_test:571
[task 2020-06-08T15:11:23.272Z] 15:11:23     INFO -  -e:null:1
[task 2020-06-08T15:11:23.272Z] 15:11:23     INFO -  exiting test
Flags: needinfo?(fbraun)

When you forget about a test that you wrote yourself 7 years ago. New patch should fix this..

Flags: needinfo?(fbraun)
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d4fabaf9cd95
add missing URLish attributes to TreeSanitizer r=hsivonen
Status: ASSIGNED → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla79
Whiteboard: [adv-main79+]
Whiteboard: [adv-main79+] → [adv-main79-]

Comment on attachment 9154863 [details]
Bug 1644070 - add missing URLish attributes to TreeSanitizer r=hsivonen

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Would be nice to have this for Thunderbird, which doesn't use own mozilla-esr78 branch yet
  • User impact if declined: some information leakage
  • Fix Landed on Version: 79
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): already tested. Limited to places that minimize HTML.
  • String or UUID changes made by this patch:
Attachment #9154863 - Flags: approval-mozilla-esr78?

Comment on attachment 9154863 [details]
Bug 1644070 - add missing URLish attributes to TreeSanitizer r=hsivonen

Approved for 78.2esr, thanks for including tests.

Attachment #9154863 - Flags: approval-mozilla-esr78? → approval-mozilla-esr78+
You need to log in before you can comment on or make changes to this bug.