Skip to content

fix(core): prevent infinite loops in clobbered elements check#54425

Closed
AndrewKushnir wants to merge 1 commit intoangular:mainfrom
AndrewKushnir:clobbering_check_fix
Closed

fix(core): prevent infinite loops in clobbered elements check#54425
AndrewKushnir wants to merge 1 commit intoangular:mainfrom
AndrewKushnir:clobbering_check_fix

Conversation

@AndrewKushnir
Copy link
Contributor

@AndrewKushnir AndrewKushnir commented Feb 14, 2024

This commit updates HTML sanitization logic to avoid infinite loops in case clobbered elements contain fields like nextSibling or parentNode. Those fields are used for DOM traversal and this update makes sure that those calls return valid results.

Also this commit fixes an issue when clobbering nodeName causes JS exceptions.

(more context in the internal ticket: b/323800512)

PR Type

What kind of change does this PR introduce?

  • Fix

Does this PR introduce a breaking change?

  • Yes
  • No

@AndrewKushnir AndrewKushnir added action: review The PR is still awaiting reviews from at least one requested reviewer area: core Issues related to the framework runtime target: patch This PR is targeted for the next patch release core: sanitization labels Feb 14, 2024
@AndrewKushnir AndrewKushnir requested a review from alxhub February 14, 2024 01:54
@ngbot ngbot bot added this to the Backlog milestone Feb 14, 2024
@AndrewKushnir AndrewKushnir force-pushed the clobbering_check_fix branch 4 times, most recently from 01fd9df to 894b81e Compare February 15, 2024 06:14
alfaproject
alfaproject reviewed Feb 15, 2024
View reviewed changes
@AndrewKushnir
fix(core): prevent infinite loops in clobbered elements check
e92a3f7 
This commit updates HTML sanitization logic to avoid infinite loops in case clobbered elements contain fields like `nextSibling` or `parentNode`. Those fields are used for DOM traversal and this update makes sure that those calls return valid results.

Also this commit fixes an issue when clobbering `nodeName` causes JS exceptions.
@AndrewKushnir
Copy link
Contributor Author

AndrewKushnir commented Feb 28, 2024
edited
Loading

Exploratory presubmit.

pkozlowski-opensource
pkozlowski-opensource approved these changes Mar 4, 2024
View reviewed changes
Copy link
Member

@pkozlowski-opensource pkozlowski-opensource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Reviewed-for: fw-core
Reviewed-for: fw-security

@AndrewKushnir
Copy link
Contributor Author

AndrewKushnir commented Mar 5, 2024
edited
Loading

Caretaker notes

  • TGP is "green" for the changes in this PR
  • Landing this PR in g3 would require including this extra change into the sync (update: this step is no longer needed, we can merge and sync as usual)
  • Please merge and sync this change separately from other changes

@AndrewKushnir AndrewKushnir added action: merge The PR is ready for merge by the caretaker merge: caretaker note Alert the caretaker performing the merge to check the PR for an out of normal action needed or note and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Mar 5, 2024
@atscott
Copy link
Contributor

atscott commented Mar 11, 2024

This PR was merged into the repository by commit eaff724.

@atscott atscott closed this in eaff724 Mar 11, 2024
atscott pushed a commit that referenced this pull request Mar 11, 2024
@AndrewKushnir @atscott
fix(core): prevent infinite loops in clobbered elements check (#54425)
e27b505 
This commit updates HTML sanitization logic to avoid infinite loops in case clobbered elements contain fields like `nextSibling` or `parentNode`. Those fields are used for DOM traversal and this update makes sure that those calls return valid results.

Also this commit fixes an issue when clobbering `nodeName` causes JS exceptions.

PR Close #54425
atscott pushed a commit that referenced this pull request Mar 11, 2024
@AndrewKushnir @atscott
fix(core): prevent infinite loops in clobbered elements check (#54425)
2909e98 
This commit updates HTML sanitization logic to avoid infinite loops in case clobbered elements contain fields like `nextSibling` or `parentNode`. Those fields are used for DOM traversal and this update makes sure that those calls return valid results.

Also this commit fixes an issue when clobbering `nodeName` causes JS exceptions.

PR Close #54425
@angular-automatic-lock-bot
Copy link

angular-automatic-lock-bot bot commented Apr 11, 2024

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Apr 11, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@pkozlowski-opensource pkozlowski-opensource pkozlowski-opensource approved these changes

@alxhub alxhub Awaiting requested review from alxhub

@jelbourn jelbourn Awaiting requested review from jelbourn

@josephperrott josephperrott Awaiting requested review from josephperrott

+1 more reviewer

@alfaproject alfaproject alfaproject left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: core Issues related to the framework runtime core: sanitization merge: caretaker note Alert the caretaker performing the merge to check the PR for an out of normal action needed or note target: patch This PR is targeted for the next patch release

Projects

None yet

Milestone

Backlog

Development

Successfully merging this pull request may close these issues.

4 participants

@AndrewKushnir @atscott @alfaproject @pkozlowski-opensource