Bug 1883804 - Only unescape ASCII chars in IDTracker::ResetWithLocalRef. r=longsonr

Differential Revision: https://phabricator.services.mozilla.com/D205039
This commit is contained in:
Jonathan Kew 2024-03-19 13:11:05 +00:00
parent 7e42f22388
commit 38685b833f
2 changed files with 16 additions and 2 deletions

View File

@ -143,8 +143,19 @@ void IDTracker::ResetWithLocalRef(Element& aFrom, const nsAString& aLocalRef,
Unlink();
return;
}
NS_UnescapeURL(utf8Ref);
RefPtr<nsAtom> idAtom = NS_Atomize(utf8Ref);
// Only unescape ASCII characters; if we were to unescape arbitrary bytes,
// we'd potentially end up with invalid UTF-8.
nsAutoCString unescaped;
bool appended;
if (NS_FAILED(NS_UnescapeURL(utf8Ref.BeginReading(), utf8Ref.Length(),
esc_OnlyASCII | esc_AlwaysCopy, unescaped,
appended, mozilla::fallible))) {
Unlink();
return;
}
RefPtr<nsAtom> idAtom = NS_Atomize(unescaped);
ResetWithID(aFrom, idAtom, aWatch);
}

View File

@ -0,0 +1,3 @@
<svg>
<set xlink:href="#)󠵵‏᭭%a8*=٫́壎
<title class=">

After

Width:  |  Height:  |  Size: 67 B