1787594 - Align the nsTreeSanitizer's safelist with our MathML implementation

Status: NEW

(Core :: MathML, task)

Description

[Frédéric Wang (:fredw)]

We have recently been unshipping MathML attributes that are no longer part of MathML Core, sometimes adding global attributes like tabindex or on* event handler [1]. But nsTreeSanitizer has not always been kept in sync with those changes.

IIUC, nsTreeSanitizer is used to implement [2] so it's a web-exposed API and changing the MathML safelist is a behavior change. However, skimming over the spec, I can't see any explicit list of elements/attributes for MathML. Additionally, developers can always configure the sanitizer if they want to extend the element/attribute safelist [3], which they should probably for MathML where browser implementations are inconsistent. For example I believe the other implementation (Chromium) has a more restricted safelist based on MathML Core, at least for attributes [4] [5].

Given the above, I think we can restrict our MathML safelist and drop corresponding GkAtoms that we no longer use. Our element safe list [6] contains a number of MathML elements from "content markup" [7] that we have never implemented such as abs, and, apply, ... Similarly, the attribute safe list [8] contains attributes we don't implement (or that we removed) such as color, dir, subscriptshift, stackalign, scriptsizemultiplier....

[1] https://w3c.github.io/mathml-core/#mathml-elements-and-attributes
[2] https://wicg.github.io/sanitizer-api/#sanitizer-algorithms
[3] https://wicg.github.io/sanitizer-api/#config
[4] https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/modules/sanitizer_api/BUILD.gn;l=108;drc=7ac1d3e4b61674f8e8febf8f5a81897cd789cf2d
[5] https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/mathml/mathml_attribute_names.json5
[6] https://searchfox.org/mozilla-central/source/dom/base/nsTreeSanitizer.cpp#649
[7] https://www.w3.org/TR/MathML3/chapter4.html
[8] https://searchfox.org/mozilla-central/rev/839718c65b62ad1fca710390f472f834994da819/dom/base/nsTreeSanitizer.cpp#847

Comment 1

[Frédéric Wang (:fredw)]

I'm tentatively assigning this task to Sirri Celles, who is currently doing a Coding Experience at Igalia.

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Comment 3

[Frédéric Wang (:fredw)]

reassigning to Sirri.

Comment 4

[sirri]

Attachment: Bug 1787594 - Align the nsTreeSanitizer's safelist with our MathML implementation. r?fredw (Frédéric Wang)

changed dom/base/nsTreeSanitizer.cpp

Comment 5

[sirri]

Frédéric Wang (:fredw), I submitted a patch for this issue.

Comment 6

[BugBot [:suhaib / :marco/ :calixte]]

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Comment 7

[Frédéric Wang (:fredw)]

@hsivonen: Do you remember what dev-platform thead you are referring to in bug 482909 comment 6 ? Because the present bug is a bit going the opposite direction to what you implemented.

Incidentally, for the Sanitizer API see https://github.com/w3c/mathml-core/issues/227