mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 01:05:45 +00:00
limit the number of columns spanned, as a protection against suspicous html code, bug 86293, r=karnaze, sr=bzbarksy
This commit is contained in:
parent
3d0e97ae5b
commit
72edc1148f
@ -47,6 +47,10 @@
|
||||
#include "nsIPresContext.h"
|
||||
#include "nsRuleNode.h"
|
||||
|
||||
// use the same protection as ancient code did
|
||||
// http://lxr.mozilla.org/classic/source/lib/layout/laytable.c#46
|
||||
#define MAX_COLSPAN 1000
|
||||
|
||||
class nsHTMLTableColElement : public nsGenericHTMLContainerElement,
|
||||
public nsIDOMHTMLTableColElement,
|
||||
public nsIHTMLTableColElement
|
||||
@ -186,7 +190,8 @@ nsHTMLTableColElement::StringToAttribute(nsIAtom* aAttribute,
|
||||
}
|
||||
}
|
||||
else if (aAttribute == nsHTMLAtoms::span) {
|
||||
if (ParseValue(aValue, 1, aResult, eHTMLUnit_Integer)) {
|
||||
/* protection from unrealistic large colspan values */
|
||||
if (ParseValue(aValue, 1, MAX_COLSPAN, aResult, eHTMLUnit_Integer)) {
|
||||
return NS_CONTENT_ATTR_HAS_VALUE;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user