mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-27 06:43:32 +00:00
Bug 1805632 - Add a new pref just for Element.setHTML without enabling the Sanitizer interface. r=freddyb,webidl,edgar
The purpose of this is to allow using setHTML(text), without specifiying the sanitizer and thus always getting the default sanitizer policy. Differential Revision: https://phabricator.services.mozilla.com/D164677
This commit is contained in:
parent
649680ae32
commit
8cb9391ce6
@ -1,6 +1,7 @@
|
||||
[DEFAULT]
|
||||
prefs =
|
||||
dom.security.sanitizer.enabled=true
|
||||
dom.security.setHTML.enabled=true
|
||||
dom.security.sanitizer.rewrite_no_bounty=true
|
||||
scheme=https
|
||||
[test_sanitizer_api.html]
|
||||
|
@ -401,6 +401,6 @@ dictionary SetHTMLOptions {
|
||||
};
|
||||
|
||||
partial interface Element {
|
||||
[SecureContext, UseCounter, Throws, Pref="dom.security.sanitizer.enabled"]
|
||||
undefined setHTML(DOMString aInnerHTML, optional SetHTMLOptions options = {});
|
||||
[SecureContext, UseCounter, Throws, Pref="dom.security.setHTML.enabled"]
|
||||
undefined setHTML(DOMString aInnerHTML, optional SetHTMLOptions options = {});
|
||||
};
|
||||
|
@ -3705,6 +3705,13 @@
|
||||
value: false
|
||||
mirror: always
|
||||
|
||||
# Pref that controls the Element.setHTML API idenpendetly of the sanitizer
|
||||
# API.
|
||||
- name: dom.security.setHTML.enabled
|
||||
type: bool
|
||||
value: false
|
||||
mirror: always
|
||||
|
||||
# The Sanitizer implementation is currently being rewritten and
|
||||
# is known to be incomplete. Fuzzing and testing and this point
|
||||
# would be premature.
|
||||
|
@ -1 +1 @@
|
||||
prefs: [dom.security.sanitizer.enabled:true, dom.security.sanitizer.rewrite_no_bounty:true]
|
||||
prefs: [dom.security.sanitizer.enabled:true, dom.security.setHTML.enabled:true, dom.security.sanitizer.rewrite_no_bounty:true]
|
||||
|
Loading…
Reference in New Issue
Block a user