Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(core): prevent infinite loops in clobbered elements check #54425

Closed
wants to merge 1 commit into from
Closed

fix(core): prevent infinite loops in clobbered elements check #54425

wants to merge 1 commit into from

Conversation

AndrewKushnir
Copy link
Contributor

This commit updates HTML sanitization logic to avoid infinite loops in case clobbered elements contain fields like nextSibling or parentNode. Those fields are used for DOM traversal and this update makes sure that those calls return valid results.

Also this commit fixes an issue when clobbering nodeName causes JS exceptions.

(more context in the internal ticket: b/323800512)

PR Type

What kind of change does this PR introduce?

  • Fix

Does this PR introduce a breaking change?

  • Yes
  • No

@AndrewKushnir AndrewKushnir added action: review The PR is still awaiting reviews from at least one requested reviewer area: core Issues related to the framework runtime target: patch This PR is targeted for the next patch release core: sanitization labels Feb 14, 2024
@ngbot ngbot bot added this to the Backlog milestone Feb 14, 2024
@AndrewKushnir AndrewKushnir force-pushed the clobbering_check_fix branch 4 times, most recently from 01fd9df to 894b81e Compare February 15, 2024 06:14
@AndrewKushnir
fix(core): prevent infinite loops in clobbered elements check
e92a3f7 
This commit updates HTML sanitization logic to avoid infinite loops in case clobbered elements contain fields like `nextSibling` or `parentNode`. Those fields are used for DOM traversal and this update makes sure that those calls return valid results.

Also this commit fixes an issue when clobbering `nodeName` causes JS exceptions.
@AndrewKushnir
Copy link
Contributor Author

AndrewKushnir commented Feb 28, 2024
edited

Exploratory presubmit.

pkozlowski-opensource
pkozlowski-opensource approved these changes Mar 4, 2024
View reviewed changes
Copy link
Member

@pkozlowski-opensource pkozlowski-opensource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Reviewed-for: fw-core
Reviewed-for: fw-security

@AndrewKushnir
Copy link
Contributor Author

AndrewKushnir commented Mar 5, 2024
edited

Caretaker notes

  • TGP is "green" for the changes in this PR
  • Landing this PR in g3 would require including this extra change into the sync (update: this step is no longer needed, we can merge and sync as usual)
  • Please merge and sync this change separately from other changes

@AndrewKushnir AndrewKushnir added action: merge The PR is ready for merge by the caretaker merge: caretaker note Alert the caretaker performing the merge to check the PR for an out of normal action needed or note and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Mar 5, 2024
@atscott
Copy link
Contributor

atscott commented Mar 11, 2024

This PR was merged into the repository by commit eaff724.

@atscott atscott closed this in eaff724 Mar 11, 2024
atscott pushed a commit that referenced this pull request Mar 11, 2024
@AndrewKushnir @atscott
fix(core): prevent infinite loops in clobbered elements check (#54425)
e27b505 
This commit updates HTML sanitization logic to avoid infinite loops in case clobbered elements contain fields like `nextSibling` or `parentNode`. Those fields are used for DOM traversal and this update makes sure that those calls return valid results.

Also this commit fixes an issue when clobbering `nodeName` causes JS exceptions.

PR Close #54425
atscott pushed a commit that referenced this pull request Mar 11, 2024
@AndrewKushnir @atscott
fix(core): prevent infinite loops in clobbered elements check (#54425)
2909e98 
This commit updates HTML sanitization logic to avoid infinite loops in case clobbered elements contain fields like `nextSibling` or `parentNode`. Those fields are used for DOM traversal and this update makes sure that those calls return valid results.

Also this commit fixes an issue when clobbering `nodeName` causes JS exceptions.

PR Close #54425
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Apr 11, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@alfaproject alfaproject alfaproject left review comments

@pkozlowski-opensource pkozlowski-opensource pkozlowski-opensource approved these changes

@alxhub alxhub Awaiting requested review from alxhub

@jelbourn jelbourn Awaiting requested review from jelbourn

@josephperrott josephperrott Awaiting requested review from josephperrott

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker area: core Issues related to the framework runtime core: sanitization merge: caretaker note Alert the caretaker performing the merge to check the PR for an out of normal action needed or note target: patch This PR is targeted for the next patch release
Projects
None yet
Milestone
Backlog
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@AndrewKushnir @atscott @alfaproject @pkozlowski-opensource