@keyframe(s) missing from <style> sanitizing code in nsHTMLFragmentContentSink

RESOLVED FIXED in Firefox 5

Status

()

Core
CSS Parsing and Computation
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Craig Topper, Assigned: Ehsan)

Tracking

Trunk
mozilla6
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox5- fixed, status2.0 ?, status1.9.2 ?, status1.9.1 ?)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
This code contains case statements for every other CSS rule type so should probably have the keyframe(s) rule types too.
(Reporter)

Comment 1

6 years ago
The code is missing DOCUMENT_RULE too.
It should really also:
 (a) have a default: case, and set didSanitize to true in that case
 (b) handle a bunch of the rule classes it explicitly doesn't handle
Pointer to code in question:
http://hg.mozilla.org/mozilla-central/file/a6467a88b056/content/html/document/src/nsHTMLFragmentContentSink.cpp#l1180
Created attachment 526076 [details] [diff] [review]
Patch (v1)
Assignee: nobody → ehsan
Status: NEW → ASSIGNED
Attachment #526076 - Flags: review?(bzbarsky)
Comment on attachment 526076 [details] [diff] [review]
Patch (v1)

r=me, but file a followup on maybe leaving the group rules in but sanitizing their contents?
Attachment #526076 - Flags: review?(bzbarsky) → review+
Filed bug 650094.

CCing Henri as this patch probably steps on his tows...
(In reply to comment #7)
> CCing Henri as this patch probably steps on his tows...

Thanks. Whichever of the patch here and or the patch for bug 482909 lands first causes the patch for the other one to rot in such a way that eventually the fix here has to be rewritten on top of bug 482909.
http://hg.mozilla.org/mozilla-central/rev/4af1022fca83
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla6
status1.9.1: --- → ?
status1.9.2: --- → ?
status2.0: --- → ?
status-firefox5: --- → affected
tracking-firefox5: --- → ?
Comment on attachment 526076 [details] [diff] [review]
Patch (v1)

a=dbaron for mozilla-aurora (from triage meeting)
Attachment #526076 - Flags: approval-mozilla-aurora+
Not tracking though, but please land on aurora.
tracking-firefox5: ? → -
http://hg.mozilla.org/mozilla-aurora/rev/b77a491994c1
status-firefox5: affected → fixed
You need to log in before you can comment on or make changes to this bug.