commit 4365030461b8408ddeb68151140192fac323adc0
parent 2fe372485a29d80a5e1ab7698d3d80d1db19beb3
Author: Tom Schuster <tschuster@mozilla.com>
Date: Wed, 19 Nov 2025 08:46:56 +0000
Bug 1999740 - Sanitizer: Add SVG <a> element to the default config. r=freddyb
Differential Revision: https://phabricator.services.mozilla.com/D272420
Diffstat:
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/dom/security/sanitizer/SanitizerDefaultConfig.h b/dom/security/sanitizer/SanitizerDefaultConfig.h
@@ -126,6 +126,7 @@ constexpr nsStaticAtom* kDefaultMathMLElements[] = {
constexpr nsStaticAtom* kDefaultSVGElements[] = {
// clang-format off
+ nsGkAtoms::a,
nsGkAtoms::circle,
nsGkAtoms::defs,
nsGkAtoms::desc,
@@ -312,6 +313,11 @@ constexpr nsStaticAtom* kMathMLElementWithAttributes[] = {
constexpr nsStaticAtom* kSVGElementWithAttributes[] = {
// clang-format off
+ /* element */ nsGkAtoms::a,
+ nsGkAtoms::href,
+ nsGkAtoms::hreflang,
+ nsGkAtoms::type,
+ nullptr,
/* element */ nsGkAtoms::circle,
nsGkAtoms::cx,
nsGkAtoms::cy,
diff --git a/dom/security/sanitizer/safe-default-configuration.json b/dom/security/sanitizer/safe-default-configuration.json
@@ -726,6 +726,24 @@
"attributes": []
},
{
+ "name": "a",
+ "namespace": "http://www.w3.org/2000/svg",
+ "attributes": [
+ {
+ "name": "href",
+ "namespace": null
+ },
+ {
+ "name": "hreflang",
+ "namespace": null
+ },
+ {
+ "name": "type",
+ "namespace": null
+ }
+ ]
+ },
+ {
"name": "circle",
"namespace": "http://www.w3.org/2000/svg",
"attributes": [
diff --git a/dom/security/sanitizer/update-safe-default-configuration.py b/dom/security/sanitizer/update-safe-default-configuration.py
@@ -5,7 +5,7 @@
import json
from urllib.request import urlretrieve
-REVISION = "62b91240be04c9c35302fef471216e8f330b0390"
+REVISION = "f0b66021355352cf1e38d08e3659d0a90757d7fd"
urlretrieve(
f"https://raw.githubusercontent.com/WICG/sanitizer-api/{REVISION}/builtins/safe-default-configuration.json",
