Closed
Bug 1716624
Opened 3 years ago
Closed 3 years ago
[sanitizer] implement Element.setHTML(input, sanitizer)
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
94 Branch
Tracking | Status | |
---|---|---|
firefox94 | --- | fixed |
People
(Reporter: freddy, Assigned: freddy)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-complete, Whiteboard: [domsecurity-active])
Attachments
(2 files)
No description provided.
Updated•3 years ago
|
Severity: -- → S4
Status: NEW → ASSIGNED
Priority: -- → P3
Whiteboard: [domsecurity-active]
Comment 1•3 years ago
|
||
This bug is about implementing the spec changes that arose from https://github.com/WICG/sanitizer-api/issues/42 (adding to a body comment in case the See Also ever gets stomped, or people miss that reference in the header)
Keywords: dev-doc-needed
Assignee | ||
Comment 2•3 years ago
|
||
Updated•3 years ago
|
Attachment #9237962 -
Attachment description: WIP: Bug 1716624 [sanitizer] Empty bindings for Element::SetHTML() f?hsivonen → Bug 1716624 [sanitizer] Element::SetHTML() r?hsivonen
Assignee | ||
Updated•3 years ago
|
Summary: [sanitizer] implement new api that takes contextual parsing into accoun → [sanitizer] implement Element.setHTML(input, sanitizer)
Assignee | ||
Comment 3•3 years ago
|
||
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/07e6465d36b9 [sanitizer] Element::SetHTML() r=hsivonen
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/826af8de7137 prototype implementation of Sanitizer.SanitizeFor r=hsivonen
Comment 6•3 years ago
|
||
Backed out for causing build bustages in dom/base/Element.cpp.
Flags: needinfo?(fbraun)
Assignee | ||
Updated•3 years ago
|
Flags: needinfo?(fbraun)
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a67288a8c440 [sanitizer] Element::SetHTML() r=hsivonen
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b9166368209c prototype implementation of Sanitizer.SanitizeFor r=hsivonen
Comment 9•3 years ago
|
||
Backed out for causing mochitest failures on test_sanitizer_api.html.
Flags: needinfo?(fbraun)
Comment 10•3 years ago
|
||
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6b8a67596d2c [sanitizer] Element::SetHTML() r=hsivonen
Comment 11•3 years ago
|
||
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/79141ac1bf85 prototype implementation of Sanitizer.SanitizeFor r=hsivonen
Comment 12•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/6b8a67596d2c
https://hg.mozilla.org/mozilla-central/rev/79141ac1bf85
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox94:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
Assignee | ||
Updated•3 years ago
|
Flags: needinfo?(fbraun)
Comment 13•3 years ago
|
||
FYI, the docs update for this can be tracked here: https://github.com/mdn/content/issues/9366#issuecomment-934088883
- the BCD is accepted but has not gone live at time I write this.
- The docs changes are here: https://github.com/mdn/content/pull/9579
In summary,- adds Element.setHTML, Sanitizer.sanitizeFor()
- removes Sanitizer.sanitizeToString()
- tidies up the config options to match spec (while still noting they are not supported)
- Fixes up all the top level docs and cross linking.
Updated•3 years ago
|
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•