Closed Bug 1777164 Opened 2 years ago Closed 2 years ago

Sanitizer API: setHTML should require a SecureContext just like the Sanitizer constructor

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
104 Branch
Tracking Flags:
Tracking Status
firefox104 --- fixed

People

(Reporter: freddy, Assigned: freddy)

References

Details

(Whiteboard: [domsecurity-active] )

Attachments

(1 file)

Bug 1777164 - require SecureContext for setHTML r?emilio
48 bytes, text/x-phabricator-request
Details | Review

The Sanitizer constructor requires a SecureContext
https://bugzilla.mozilla.org/show_bug.cgi?id=1716624 introduced setHTML, which does not.
This bug will align them to both require a SecureContext.

The severity field is not set for this bug.
:freddy, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(fbraun)
Severity: -- → S3
Flags: needinfo?(fbraun)
Pushed by fbraun@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/de437faa8094
require SecureContext for setHTML r=emilio

Backed out for causing failures on sanitizer-insecure-context.html
Backout link
Push with failures
Link to failure log
Failure line :
TEST-UNEXPECTED-PASS | /sanitizer-api/sanitizer-insecure-context.html | Sanitizer API in an insecure context. - expected FAIL

Flags: needinfo?(fbraun)
Pushed by fbraun@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/963d3262c9a4
require SecureContext for setHTML r=emilio

https://hg.mozilla.org/mozilla-central/rev/963d3262c9a4

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox104: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 104 Branch
Flags: needinfo?(fbraun)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: