parser/html/nsIParserUtils.idl@6474c204b198
parser/html/nsIParserUtils.idl
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
3 * You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #include "nsISupports.idl"
7 interface nsIDOMElement;
8 interface nsIDOMDocumentFragment;
9 interface nsIURI;
11 /**
12 * Non-Web HTML parser functionality to Firefox extensions and XULRunner apps.
13 * Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc.
14 * directly instead.
15 */
16 [scriptable, uuid(a1101145-0025-411e-8873-fdf57bf28128)]
17 interface nsIParserUtils : nsISupports
18 {
20 /**
21 * Flag for sanitizer: Allow comment nodes.
22 */
23 const unsigned long SanitizerAllowComments = (1 << 0);
25 /**
26 * Flag for sanitizer: Allow <style> and style="" (with contents sanitized
27 * in case of -moz-binding). Note! If -moz-binding is absent, properties
28 * that might be XSS risks in other Web engines are preserved!
29 */
30 const unsigned long SanitizerAllowStyle = (1 << 1);
32 /**
33 * Flag for sanitizer: Only allow cid: URLs for embedded content.
34 *
35 * At present, sanitizing CSS backgrounds, etc., is not supported, so setting
36 * this together with SanitizerAllowStyle doesn't make sense.
37 *
38 * At present, sanitizing CSS syntax in SVG presentational attributes is not
39 * supported, so this option flattens out SVG.
40 */
41 const unsigned long SanitizerCidEmbedsOnly = (1 << 2);
43 /**
44 * Flag for sanitizer: Drop non-CSS presentational HTML elements and
45 * attributes, such as <font>, <center> and bgcolor="".
46 */
47 const unsigned long SanitizerDropNonCSSPresentation = (1 << 3);
49 /**
50 * Flag for sanitizer: Drop forms and form controls (excluding
51 * fieldset/legend).
52 */
53 const unsigned long SanitizerDropForms = (1 << 4);
55 /**
56 * Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten
57 * out SVG.
58 */
59 const unsigned long SanitizerDropMedia = (1 << 5);
61 /**
62 * Parses a string into an HTML document, sanitizes the document and
63 * returns the result serialized to a string.
64 *
65 * The sanitizer is designed to protect against XSS when sanitized content
66 * is inserted into a different-origin context without an iframe-equivalent
67 * sandboxing mechanism.
68 *
69 * By default, the sanitizer doesn't try to avoid leaking information that
70 * the content was viewed to third parties. That is, by default, e.g.
71 * <img src> pointing to an HTTP server potentially controlled by a third
72 * party is not removed. To avoid ambient information leakage upon loading
73 * the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that
74 * case, <a href> links (and similar) to other content are preserved, so an
75 * explicit user action (following a link) after the content has been loaded
76 * can still leak information.
77 *
78 * By default, non-dangerous non-CSS presentational HTML elements and
79 * attributes or forms are not removed. To remove these, use
80 * SanitizerDropNonCSSPresentation and/or SanitizerDropForms.
81 *
82 * By default, comments and CSS is removed. To preserve comments, use
83 * SanitizerAllowComments. To preserve <style> and style="", use
84 * SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if
85 * present. In this case, properties that Gecko doesn't recognize can get
86 * removed as a side effect. Note! If -moz-binding is not present, <style>
87 * and style="" and SanitizerAllowStyle is specified, the sanitized content
88 * may still be XSS dangerous if loaded into a non-Gecko Web engine!
89 *
90 * @param src the HTML source to parse (C++ callers are allowed but not
91 * required to use the same string for the return value.)
92 * @param flags sanitization option flags defined above
93 */
94 AString sanitize(in AString src, in unsigned long flags);
96 /**
97 * Convert HTML to plain text.
98 *
99 * @param src the HTML source to parse (C++ callers are allowed but not
100 * required to use the same string for the return value.)
101 * @param flags conversion option flags defined in nsIDocumentEncoder
102 * @param wrapCol number of characters per line; 0 for no auto-wrapping
103 */
104 AString convertToPlainText(in AString src,
105 in unsigned long flags,
106 in unsigned long wrapCol);
108 /**
109 * Parses markup into a sanitized document fragment.
110 *
111 * @param fragment the input markup
112 * @param flags sanitization option flags defined above
113 * @param isXML true if |fragment| is XML and false if HTML
114 * @param baseURI the base URL for this fragment
115 * @param element the context node for the fragment parsing algorithm
116 */
117 nsIDOMDocumentFragment parseFragment(in AString fragment,
118 in unsigned long flags,
119 in boolean isXML,
120 in nsIURI baseURI,
121 in nsIDOMElement element);
123 };
125 %{ C++
126 #define NS_PARSERUTILS_CONTRACTID \
127 "@mozilla.org/parserutils;1"
128 #define NS_PARSERUTILS_CID \
129 { 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } }
130 %}
