The Tor Browser / file comparison
comparison: content/base/public/nsTreeSanitizer.h
content/base/public/nsTreeSanitizer.h
- branch
- TOR_BUG_9701
- changeset 9
- a63d609f5ebe
equal
deleted
inserted
replaced
| -1:000000000000 | 0:edafabd33257 |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 #ifndef nsTreeSanitizer_h_ | |
| 6 #define nsTreeSanitizer_h_ | |
| 7 | |
| 8 #include "mozilla/css/StyleRule.h" | |
| 9 #include "nsIPrincipal.h" | |
| 10 #include "mozilla/dom/Element.h" | |
| 11 | |
| 12 class nsIContent; | |
| 13 | |
| 14 /** | |
| 15 * See the documentation of nsIParserUtils::sanitize for documentation | |
| 16 * about the default behavior and the configuration options of this sanitizer. | |
| 17 */ | |
| 18 class MOZ_STACK_CLASS nsTreeSanitizer { | |
| 19 | |
| 20 public: | |
| 21 | |
| 22 /** | |
| 23 * The constructor. | |
| 24 * | |
| 25 * @param aFlags Flags from nsIParserUtils | |
| 26 */ | |
| 27 nsTreeSanitizer(uint32_t aFlags = 0); | |
| 28 | |
| 29 static void InitializeStatics(); | |
| 30 static void ReleaseStatics(); | |
| 31 | |
| 32 /** | |
| 33 * Sanitizes a disconnected DOM fragment freshly obtained from a parser. | |
| 34 * The argument must be of type nsINode::eDOCUMENT_FRAGMENT and, | |
| 35 * consequently, must not be in the document. Furthermore, the fragment | |
| 36 * must have just come from a parser so that it can't have mutation | |
| 37 * event listeners set on it. | |
| 38 */ | |
| 39 void Sanitize(nsIContent* aFragment); | |
| 40 | |
| 41 /** | |
| 42 * Sanitizes a disconnected (not in a docshell) document freshly obtained | |
| 43 * from a parser. The document must not be embedded in a docshell and must | |
| 44 * not have had a chance to get mutation event listeners attached to it. | |
| 45 * The root element must be <html>. | |
| 46 */ | |
| 47 void Sanitize(nsIDocument* aDocument); | |
| 48 | |
| 49 private: | |
| 50 | |
| 51 /** | |
| 52 * Whether <style> and style="" are allowed. | |
| 53 */ | |
| 54 bool mAllowStyles; | |
| 55 | |
| 56 /** | |
| 57 * Whether comment nodes are allowed. | |
| 58 */ | |
| 59 bool mAllowComments; | |
| 60 | |
| 61 /** | |
| 62 * Whether HTML <font>, <center>, bgcolor="", etc., are dropped. | |
| 63 */ | |
| 64 bool mDropNonCSSPresentation; | |
| 65 | |
| 66 /** | |
| 67 * Whether to remove forms and form controls (excluding fieldset/legend). | |
| 68 */ | |
| 69 bool mDropForms; | |
| 70 | |
| 71 /** | |
| 72 * Whether only cid: embeds are allowed. | |
| 73 */ | |
| 74 bool mCidEmbedsOnly; | |
| 75 | |
| 76 /** | |
| 77 * Whether to drop <img>, <video>, <audio> and <svg>. | |
| 78 */ | |
| 79 bool mDropMedia; | |
| 80 | |
| 81 /** | |
| 82 * Whether we are sanitizing a full document (as opposed to a fragment). | |
| 83 */ | |
| 84 bool mFullDocument; | |
| 85 | |
| 86 void SanitizeChildren(nsINode* aRoot); | |
| 87 | |
| 88 /** | |
| 89 * Queries if an element must be replaced with its children. | |
| 90 * @param aNamespace the namespace of the element the question is about | |
| 91 * @param aLocal the local name of the element the question is about | |
| 92 * @return true if the element must be replaced with its children and | |
| 93 * false if the element is to be kept | |
| 94 */ | |
| 95 bool MustFlatten(int32_t aNamespace, nsIAtom* aLocal); | |
| 96 | |
| 97 /** | |
| 98 * Queries if an element including its children must be removed. | |
| 99 * @param aNamespace the namespace of the element the question is about | |
| 100 * @param aLocal the local name of the element the question is about | |
| 101 * @param aElement the element node itself for inspecting attributes | |
| 102 * @return true if the element and its children must be removed and | |
| 103 * false if the element is to be kept | |
| 104 */ | |
| 105 bool MustPrune(int32_t aNamespace, | |
| 106 nsIAtom* aLocal, | |
| 107 mozilla::dom::Element* aElement); | |
| 108 | |
| 109 /** | |
| 110 * Checks if a given local name (for an attribute) is on the given list | |
| 111 * of URL attribute names. | |
| 112 * @param aURLs the list of URL attribute names | |
| 113 * @param aLocalName the name to search on the list | |
| 114 * @return true if aLocalName is on the aURLs list and false otherwise | |
| 115 */ | |
| 116 bool IsURL(nsIAtom*** aURLs, nsIAtom* aLocalName); | |
| 117 | |
| 118 /** | |
| 119 * Removes dangerous attributes from the element. If the style attribute | |
| 120 * is allowed, its value is sanitized. The values of URL attributes are | |
| 121 * sanitized, except src isn't sanitized when it is allowed to remain | |
| 122 * potentially dangerous. | |
| 123 * | |
| 124 * @param aElement the element whose attributes should be sanitized | |
| 125 * @param aAllowed the whitelist of permitted local names to use | |
| 126 * @param aURLs the local names of URL-valued attributes | |
| 127 * @param aAllowXLink whether XLink attributes are allowed | |
| 128 * @param aAllowStyle whether the style attribute is allowed | |
| 129 * @param aAllowDangerousSrc whether to leave the value of the src | |
| 130 * attribute unsanitized | |
| 131 */ | |
| 132 void SanitizeAttributes(mozilla::dom::Element* aElement, | |
| 133 nsTHashtable<nsISupportsHashKey>* aAllowed, | |
| 134 nsIAtom*** aURLs, | |
| 135 bool aAllowXLink, | |
| 136 bool aAllowStyle, | |
| 137 bool aAllowDangerousSrc); | |
| 138 | |
| 139 /** | |
| 140 * Remove the named URL attribute from the element if the URL fails a | |
| 141 * security check. | |
| 142 * | |
| 143 * @param aElement the element whose attribute to possibly modify | |
| 144 * @param aNamespace the namespace of the URL attribute | |
| 145 * @param aLocalName the local name of the URL attribute | |
| 146 * @return true if the attribute was removed and false otherwise | |
| 147 */ | |
| 148 bool SanitizeURL(mozilla::dom::Element* aElement, | |
| 149 int32_t aNamespace, | |
| 150 nsIAtom* aLocalName); | |
| 151 | |
| 152 /** | |
| 153 * Checks a style rule for the presence of the 'binding' CSS property and | |
| 154 * removes that property from the rule and reserializes in case the | |
| 155 * property was found. | |
| 156 * | |
| 157 * @param aRule The style rule to check | |
| 158 * @param aRuleText the serialized mutated rule if the method returns true | |
| 159 * @return true if the rule was modified and false otherwise | |
| 160 */ | |
| 161 bool SanitizeStyleRule(mozilla::css::StyleRule* aRule, | |
| 162 nsAutoString &aRuleText); | |
| 163 | |
| 164 /** | |
| 165 * Parses a style sheet and reserializes it with the 'binding' property | |
| 166 * removed if it was present. | |
| 167 * | |
| 168 * @param aOrigin the original style sheet source | |
| 169 * @param aSanitized the reserialization without 'binding'; only valid if | |
| 170 * this method return true | |
| 171 * @param aDocument the document the style sheet belongs to | |
| 172 * @param aBaseURI the base URI to use | |
| 173 * @return true if the 'binding' property was encountered and false | |
| 174 * otherwise | |
| 175 */ | |
| 176 bool SanitizeStyleSheet(const nsAString& aOriginal, | |
| 177 nsAString& aSanitized, | |
| 178 nsIDocument* aDocument, | |
| 179 nsIURI* aBaseURI); | |
| 180 | |
| 181 /** | |
| 182 * Removes all attributes from an element node. | |
| 183 */ | |
| 184 void RemoveAllAttributes(nsIContent* aElement); | |
| 185 | |
| 186 /** | |
| 187 * The whitelist of HTML elements. | |
| 188 */ | |
| 189 static nsTHashtable<nsISupportsHashKey>* sElementsHTML; | |
| 190 | |
| 191 /** | |
| 192 * The whitelist of non-presentational HTML attributes. | |
| 193 */ | |
| 194 static nsTHashtable<nsISupportsHashKey>* sAttributesHTML; | |
| 195 | |
| 196 /** | |
| 197 * The whitelist of presentational HTML attributes. | |
| 198 */ | |
| 199 static nsTHashtable<nsISupportsHashKey>* sPresAttributesHTML; | |
| 200 | |
| 201 /** | |
| 202 * The whitelist of SVG elements. | |
| 203 */ | |
| 204 static nsTHashtable<nsISupportsHashKey>* sElementsSVG; | |
| 205 | |
| 206 /** | |
| 207 * The whitelist of SVG attributes. | |
| 208 */ | |
| 209 static nsTHashtable<nsISupportsHashKey>* sAttributesSVG; | |
| 210 | |
| 211 /** | |
| 212 * The whitelist of SVG elements. | |
| 213 */ | |
| 214 static nsTHashtable<nsISupportsHashKey>* sElementsMathML; | |
| 215 | |
| 216 /** | |
| 217 * The whitelist of MathML attributes. | |
| 218 */ | |
| 219 static nsTHashtable<nsISupportsHashKey>* sAttributesMathML; | |
| 220 | |
| 221 /** | |
| 222 * Reusable null principal for URL checks. | |
| 223 */ | |
| 224 static nsIPrincipal* sNullPrincipal; | |
| 225 }; | |
| 226 | |
| 227 #endif // nsTreeSanitizer_h_ |
