1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/parser/html/nsIParserUtils.idl Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,130 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this file,
1.6 + * You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#include "nsISupports.idl"
1.9 +
1.10 +interface nsIDOMElement;
1.11 +interface nsIDOMDocumentFragment;
1.12 +interface nsIURI;
1.13 +
1.14 +/**
1.15 + * Non-Web HTML parser functionality to Firefox extensions and XULRunner apps.
1.16 + * Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc.
1.17 + * directly instead.
1.18 + */
1.19 +[scriptable, uuid(a1101145-0025-411e-8873-fdf57bf28128)]
1.20 +interface nsIParserUtils : nsISupports
1.21 +{
1.22 +
1.23 + /**
1.24 + * Flag for sanitizer: Allow comment nodes.
1.25 + */
1.26 + const unsigned long SanitizerAllowComments = (1 << 0);
1.27 +
1.28 + /**
1.29 + * Flag for sanitizer: Allow <style> and style="" (with contents sanitized
1.30 + * in case of -moz-binding). Note! If -moz-binding is absent, properties
1.31 + * that might be XSS risks in other Web engines are preserved!
1.32 + */
1.33 + const unsigned long SanitizerAllowStyle = (1 << 1);
1.34 +
1.35 + /**
1.36 + * Flag for sanitizer: Only allow cid: URLs for embedded content.
1.37 + *
1.38 + * At present, sanitizing CSS backgrounds, etc., is not supported, so setting
1.39 + * this together with SanitizerAllowStyle doesn't make sense.
1.40 + *
1.41 + * At present, sanitizing CSS syntax in SVG presentational attributes is not
1.42 + * supported, so this option flattens out SVG.
1.43 + */
1.44 + const unsigned long SanitizerCidEmbedsOnly = (1 << 2);
1.45 +
1.46 + /**
1.47 + * Flag for sanitizer: Drop non-CSS presentational HTML elements and
1.48 + * attributes, such as <font>, <center> and bgcolor="".
1.49 + */
1.50 + const unsigned long SanitizerDropNonCSSPresentation = (1 << 3);
1.51 +
1.52 + /**
1.53 + * Flag for sanitizer: Drop forms and form controls (excluding
1.54 + * fieldset/legend).
1.55 + */
1.56 + const unsigned long SanitizerDropForms = (1 << 4);
1.57 +
1.58 + /**
1.59 + * Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten
1.60 + * out SVG.
1.61 + */
1.62 + const unsigned long SanitizerDropMedia = (1 << 5);
1.63 +
1.64 + /**
1.65 + * Parses a string into an HTML document, sanitizes the document and
1.66 + * returns the result serialized to a string.
1.67 + *
1.68 + * The sanitizer is designed to protect against XSS when sanitized content
1.69 + * is inserted into a different-origin context without an iframe-equivalent
1.70 + * sandboxing mechanism.
1.71 + *
1.72 + * By default, the sanitizer doesn't try to avoid leaking information that
1.73 + * the content was viewed to third parties. That is, by default, e.g.
1.74 + * <img src> pointing to an HTTP server potentially controlled by a third
1.75 + * party is not removed. To avoid ambient information leakage upon loading
1.76 + * the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that
1.77 + * case, <a href> links (and similar) to other content are preserved, so an
1.78 + * explicit user action (following a link) after the content has been loaded
1.79 + * can still leak information.
1.80 + *
1.81 + * By default, non-dangerous non-CSS presentational HTML elements and
1.82 + * attributes or forms are not removed. To remove these, use
1.83 + * SanitizerDropNonCSSPresentation and/or SanitizerDropForms.
1.84 + *
1.85 + * By default, comments and CSS is removed. To preserve comments, use
1.86 + * SanitizerAllowComments. To preserve <style> and style="", use
1.87 + * SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if
1.88 + * present. In this case, properties that Gecko doesn't recognize can get
1.89 + * removed as a side effect. Note! If -moz-binding is not present, <style>
1.90 + * and style="" and SanitizerAllowStyle is specified, the sanitized content
1.91 + * may still be XSS dangerous if loaded into a non-Gecko Web engine!
1.92 + *
1.93 + * @param src the HTML source to parse (C++ callers are allowed but not
1.94 + * required to use the same string for the return value.)
1.95 + * @param flags sanitization option flags defined above
1.96 + */
1.97 + AString sanitize(in AString src, in unsigned long flags);
1.98 +
1.99 + /**
1.100 + * Convert HTML to plain text.
1.101 + *
1.102 + * @param src the HTML source to parse (C++ callers are allowed but not
1.103 + * required to use the same string for the return value.)
1.104 + * @param flags conversion option flags defined in nsIDocumentEncoder
1.105 + * @param wrapCol number of characters per line; 0 for no auto-wrapping
1.106 + */
1.107 + AString convertToPlainText(in AString src,
1.108 + in unsigned long flags,
1.109 + in unsigned long wrapCol);
1.110 +
1.111 + /**
1.112 + * Parses markup into a sanitized document fragment.
1.113 + *
1.114 + * @param fragment the input markup
1.115 + * @param flags sanitization option flags defined above
1.116 + * @param isXML true if |fragment| is XML and false if HTML
1.117 + * @param baseURI the base URL for this fragment
1.118 + * @param element the context node for the fragment parsing algorithm
1.119 + */
1.120 + nsIDOMDocumentFragment parseFragment(in AString fragment,
1.121 + in unsigned long flags,
1.122 + in boolean isXML,
1.123 + in nsIURI baseURI,
1.124 + in nsIDOMElement element);
1.125 +
1.126 +};
1.127 +
1.128 +%{ C++
1.129 +#define NS_PARSERUTILS_CONTRACTID \
1.130 + "@mozilla.org/parserutils;1"
1.131 +#define NS_PARSERUTILS_CID \
1.132 +{ 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } }
1.133 +%}
