The Tor Browser / file comparison
comparison: parser/html/nsIParserUtils.idl
parser/html/nsIParserUtils.idl
- branch
- TOR_BUG_9701
- changeset 14
- 925c144e1f1f
equal
deleted
inserted
replaced
| -1:000000000000 | 0:662bee32b77c |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this file, | |
| 3 * You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 #include "nsISupports.idl" | |
| 6 | |
| 7 interface nsIDOMElement; | |
| 8 interface nsIDOMDocumentFragment; | |
| 9 interface nsIURI; | |
| 10 | |
| 11 /** | |
| 12 * Non-Web HTML parser functionality to Firefox extensions and XULRunner apps. | |
| 13 * Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc. | |
| 14 * directly instead. | |
| 15 */ | |
| 16 [scriptable, uuid(a1101145-0025-411e-8873-fdf57bf28128)] | |
| 17 interface nsIParserUtils : nsISupports | |
| 18 { | |
| 19 | |
| 20 /** | |
| 21 * Flag for sanitizer: Allow comment nodes. | |
| 22 */ | |
| 23 const unsigned long SanitizerAllowComments = (1 << 0); | |
| 24 | |
| 25 /** | |
| 26 * Flag for sanitizer: Allow <style> and style="" (with contents sanitized | |
| 27 * in case of -moz-binding). Note! If -moz-binding is absent, properties | |
| 28 * that might be XSS risks in other Web engines are preserved! | |
| 29 */ | |
| 30 const unsigned long SanitizerAllowStyle = (1 << 1); | |
| 31 | |
| 32 /** | |
| 33 * Flag for sanitizer: Only allow cid: URLs for embedded content. | |
| 34 * | |
| 35 * At present, sanitizing CSS backgrounds, etc., is not supported, so setting | |
| 36 * this together with SanitizerAllowStyle doesn't make sense. | |
| 37 * | |
| 38 * At present, sanitizing CSS syntax in SVG presentational attributes is not | |
| 39 * supported, so this option flattens out SVG. | |
| 40 */ | |
| 41 const unsigned long SanitizerCidEmbedsOnly = (1 << 2); | |
| 42 | |
| 43 /** | |
| 44 * Flag for sanitizer: Drop non-CSS presentational HTML elements and | |
| 45 * attributes, such as <font>, <center> and bgcolor="". | |
| 46 */ | |
| 47 const unsigned long SanitizerDropNonCSSPresentation = (1 << 3); | |
| 48 | |
| 49 /** | |
| 50 * Flag for sanitizer: Drop forms and form controls (excluding | |
| 51 * fieldset/legend). | |
| 52 */ | |
| 53 const unsigned long SanitizerDropForms = (1 << 4); | |
| 54 | |
| 55 /** | |
| 56 * Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten | |
| 57 * out SVG. | |
| 58 */ | |
| 59 const unsigned long SanitizerDropMedia = (1 << 5); | |
| 60 | |
| 61 /** | |
| 62 * Parses a string into an HTML document, sanitizes the document and | |
| 63 * returns the result serialized to a string. | |
| 64 * | |
| 65 * The sanitizer is designed to protect against XSS when sanitized content | |
| 66 * is inserted into a different-origin context without an iframe-equivalent | |
| 67 * sandboxing mechanism. | |
| 68 * | |
| 69 * By default, the sanitizer doesn't try to avoid leaking information that | |
| 70 * the content was viewed to third parties. That is, by default, e.g. | |
| 71 * <img src> pointing to an HTTP server potentially controlled by a third | |
| 72 * party is not removed. To avoid ambient information leakage upon loading | |
| 73 * the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that | |
| 74 * case, <a href> links (and similar) to other content are preserved, so an | |
| 75 * explicit user action (following a link) after the content has been loaded | |
| 76 * can still leak information. | |
| 77 * | |
| 78 * By default, non-dangerous non-CSS presentational HTML elements and | |
| 79 * attributes or forms are not removed. To remove these, use | |
| 80 * SanitizerDropNonCSSPresentation and/or SanitizerDropForms. | |
| 81 * | |
| 82 * By default, comments and CSS is removed. To preserve comments, use | |
| 83 * SanitizerAllowComments. To preserve <style> and style="", use | |
| 84 * SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if | |
| 85 * present. In this case, properties that Gecko doesn't recognize can get | |
| 86 * removed as a side effect. Note! If -moz-binding is not present, <style> | |
| 87 * and style="" and SanitizerAllowStyle is specified, the sanitized content | |
| 88 * may still be XSS dangerous if loaded into a non-Gecko Web engine! | |
| 89 * | |
| 90 * @param src the HTML source to parse (C++ callers are allowed but not | |
| 91 * required to use the same string for the return value.) | |
| 92 * @param flags sanitization option flags defined above | |
| 93 */ | |
| 94 AString sanitize(in AString src, in unsigned long flags); | |
| 95 | |
| 96 /** | |
| 97 * Convert HTML to plain text. | |
| 98 * | |
| 99 * @param src the HTML source to parse (C++ callers are allowed but not | |
| 100 * required to use the same string for the return value.) | |
| 101 * @param flags conversion option flags defined in nsIDocumentEncoder | |
| 102 * @param wrapCol number of characters per line; 0 for no auto-wrapping | |
| 103 */ | |
| 104 AString convertToPlainText(in AString src, | |
| 105 in unsigned long flags, | |
| 106 in unsigned long wrapCol); | |
| 107 | |
| 108 /** | |
| 109 * Parses markup into a sanitized document fragment. | |
| 110 * | |
| 111 * @param fragment the input markup | |
| 112 * @param flags sanitization option flags defined above | |
| 113 * @param isXML true if |fragment| is XML and false if HTML | |
| 114 * @param baseURI the base URL for this fragment | |
| 115 * @param element the context node for the fragment parsing algorithm | |
| 116 */ | |
| 117 nsIDOMDocumentFragment parseFragment(in AString fragment, | |
| 118 in unsigned long flags, | |
| 119 in boolean isXML, | |
| 120 in nsIURI baseURI, | |
| 121 in nsIDOMElement element); | |
| 122 | |
| 123 }; | |
| 124 | |
| 125 %{ C++ | |
| 126 #define NS_PARSERUTILS_CONTRACTID \ | |
| 127 "@mozilla.org/parserutils;1" | |
| 128 #define NS_PARSERUTILS_CID \ | |
| 129 { 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } } | |
| 130 %} |
