Bug 1784040 - Error handling during construction of the sanitizer. r=emilio

Differential Revision: https://phabricator.services.mozilla.com/D159146

dom/base/Element.cpp

@@ -4818,7 +4818,10 @@ void Element::SetHTML(const nsAString& aInnerHTML,
         aError.ThrowInvalidStateError("Missing owner global.");
         return;
       }
-      sanitizer = new Sanitizer(global, {});
+      sanitizer = Sanitizer::New(global, {}, aError);
+      if (aError.Failed()) {
+        return;
+      }
     } else {
       sanitizer = &aOptions.mSanitizer.Value();
     }

dom/base/nsTreeSanitizer.cpp

@@ -2503,7 +2503,8 @@ UniquePtr<nsTreeSanitizer::ElementNameSet> nsTreeSanitizer::ConvertElementNames(
 }
 
 void nsTreeSanitizer::WithWebSanitizerOptions(
-    nsIGlobalObject* aGlobal, const mozilla::dom::SanitizerConfig& aOptions) {
+    nsIGlobalObject* aGlobal, const mozilla::dom::SanitizerConfig& aOptions,
+    ErrorResult& aRv) {
   if (StaticPrefs::dom_security_sanitizer_logging()) {
     mLogRemovals = true;
     if (nsPIDOMWindowInner* win = aGlobal->AsInnerWindow()) {

dom/base/nsTreeSanitizer.h

@@ -21,6 +21,7 @@ class nsINode;
 
 namespace mozilla {
 class DeclarationBlock;
+class ErrorResult;
 enum class StyleSanitizationKind : uint8_t;
 }  // namespace mozilla
 
@@ -65,7 +66,8 @@ class nsTreeSanitizer {
    * which allows modifying the allow-list from above
    */
   void WithWebSanitizerOptions(nsIGlobalObject* aGlobal,
-                               const mozilla::dom::SanitizerConfig& aOptions);
+                               const mozilla::dom::SanitizerConfig& aOptions,
+                               mozilla::ErrorResult& aRv);
 
   /**
    * Removes conditional CSS from this subtree.

dom/security/sanitizer/Sanitizer.cpp

@@ -30,13 +30,27 @@ JSObject* Sanitizer::WrapObject(JSContext* aCx,
   return Sanitizer_Binding::Wrap(aCx, this, aGivenProto);
 }
 
+/* static */
+already_AddRefed<Sanitizer> Sanitizer::New(nsIGlobalObject* aGlobal,
+                                           const SanitizerConfig& aOptions,
+                                           ErrorResult& aRv) {
+  nsTreeSanitizer treeSanitizer(nsIParserUtils::SanitizerAllowStyle);
+  treeSanitizer.WithWebSanitizerOptions(aGlobal, aOptions, aRv);
+  if (aRv.Failed()) {
+    return nullptr;
+  }
+
+  RefPtr<Sanitizer> sanitizer =
+      new Sanitizer(aGlobal, std::move(treeSanitizer));
+  return sanitizer.forget();
+}
+
 /* static */
 already_AddRefed<Sanitizer> Sanitizer::Constructor(
     const GlobalObject& aGlobal, const SanitizerConfig& aOptions,
     ErrorResult& aRv) {
   nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports());
-  RefPtr<Sanitizer> sanitizer = new Sanitizer(global, aOptions);
-  return sanitizer.forget();
+  return New(global, aOptions, aRv);
 }
 
 /* static */

dom/security/sanitizer/Sanitizer.h

@@ -30,21 +30,24 @@ namespace dom {
 class GlobalObject;
 
 class Sanitizer final : public nsISupports, public nsWrapperCache {
+  explicit Sanitizer(nsIGlobalObject* aGlobal, nsTreeSanitizer&& aTreeSanitizer)
+      : mGlobal(aGlobal), mTreeSanitizer(std::move(aTreeSanitizer)) {
+    MOZ_ASSERT(aGlobal);
+  }
+
  public:
   NS_DECL_CYCLE_COLLECTING_ISUPPORTS
   NS_DECL_CYCLE_COLLECTION_WRAPPERCACHE_CLASS(Sanitizer);
 
-  explicit Sanitizer(nsIGlobalObject* aGlobal, const SanitizerConfig& aOptions)
-      : mGlobal(aGlobal), mTreeSanitizer(nsIParserUtils::SanitizerAllowStyle) {
-    MOZ_ASSERT(aGlobal);
-    mTreeSanitizer.WithWebSanitizerOptions(aGlobal, aOptions);
-  }
-
   nsIGlobalObject* GetParentObject() const { return mGlobal; }
 
   JSObject* WrapObject(JSContext* aCx,
                        JS::Handle<JSObject*> aGivenProto) override;
 
+  static already_AddRefed<Sanitizer> New(nsIGlobalObject* aGlobal,
+                                         const SanitizerConfig& aOptions,
+                                         ErrorResult& aRv);
+
   /**
    * Sanitizer() WebIDL constructor
    * @return a new Sanitizer object, with methods as below