Open Bug 1650370 (sanitizer-api) Opened 4 years ago Updated 3 months ago

[meta] Sanitizer API: ship and prototype an API for html sanitization behind a pref


(Core :: DOM: Security, task, P3)






(Reporter: freddy, Assigned: freddy)


(Depends on 6 open bugs, )


(Keywords: dev-doc-needed, meta, Whiteboard: [domsecurity-meta])

Spec and explainer at

We'll experiment and prototype the non-contentious bits behind a pref soon, but the spec is still very young and it will take a couple of iterations

Severity: -- → N/A
Priority: -- → P3
Whiteboard: [domsecurity-meta]
Depends on: 1652481
Depends on: 1652671

This sounds like something that should be documented at and maybe also exposed to about:preferences#experimental.


Keywords: dev-doc-needed
Depends on: 1658564
Depends on: 1664485
Depends on: 1669945
Depends on: 1670913
Depends on: 1673309
Depends on: 1690984
Depends on: 1691746
Alias: sanitizer-api-meta → sanitizer-api

Hi there, I've invented and implemented the first version of the sanitizer in Gecko. I'd be happy to contribute to the spec as a co-author.

Depends on: 1716624
Depends on: 1731215
Depends on: 1736983
Depends on: 1546235
Depends on: CVE-2022-34475
Depends on: 1764254
Depends on: 1769232

Github repo for spec:

I've invented and implemented the original version of the sanitizer code in Gecko/Mozilla/Firefox. How can I contribute to the spec? What's the process? PRs? Who decides about them?

FYI, my original motivation for this sanitizer feature in Gecko was a "Sanitized HTML" feature for Thunderbird, so that environments that have very strong security needs (e.g. embassies, dissidents etc.) and cannot affort compromise, even when attacked by state actors, even in the presence of certain critical security holes in the HTML rendering engine (Gecko), can still read HTML email, using a simplified version of the HTML which has everything removed that might have a security hole in Gecko.

Depends on: 1779184

The spec is mostly done, we're currently facing mostly interop and editorial changes. Chromium is already shipping in pre-release channels and we aim to follow soon.

Depends on: 1780046
Depends on: 1782910
Depends on: 1782926
Depends on: 1784040
No longer depends on: 1652671
Depends on: 1805632
Depends on: 1806447
Depends on: 1850675
Depends on: 1806964
Depends on: 1864838
Depends on: 1712140
Depends on: 1878646
You need to log in before you can comment on or make changes to this bug.