OLD | NEW |
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 part of dart.dom.html; | 5 part of dart.dom.html; |
6 | 6 |
7 | 7 |
8 /** | 8 /** |
9 * Interface used to validate that only accepted elements and attributes are | 9 * Interface used to validate that only accepted elements and attributes are |
10 * allowed while parsing HTML strings into DOM nodes. | 10 * allowed while parsing HTML strings into DOM nodes. |
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
154 var nextChild = child.previousNode; | 154 var nextChild = child.previousNode; |
155 walk(child, node); | 155 walk(child, node); |
156 child = nextChild; | 156 child = nextChild; |
157 } | 157 } |
158 } | 158 } |
159 walk(node, null); | 159 walk(node, null); |
160 } | 160 } |
161 | 161 |
162 /// Aggressively try to remove node. | 162 /// Aggressively try to remove node. |
163 void _removeNode(Node node, Node parent) { | 163 void _removeNode(Node node, Node parent) { |
164 // If we have the parent, it's presumably already passed more sanitization o
r | 164 // If we have the parent, it's presumably already passed more sanitization |
165 // is the fragment, so ask it to remove the child. And if that fails try to | 165 // or is the fragment, so ask it to remove the child. And if that fails |
166 // set the outer html. | 166 // try to set the outer html. |
167 if (parent == null) { | 167 if (parent == null) { |
168 node.remove(); | 168 node.remove(); |
169 } else { | 169 } else { |
170 parent._removeChild(node); | 170 parent._removeChild(node); |
171 } | 171 } |
172 } | 172 } |
173 | 173 |
| 174 /// Sanitize the element, assuming we can't trust anything about it. |
| 175 void _sanitizeUntrustedElement(Element element, Node parent) { |
| 176 // If the _hasCorruptedAttributes does not successfully return false, |
| 177 // then we consider it corrupted and remove. |
| 178 // TODO(alanknight): This is a workaround because on Firefox |
| 179 // embed/object |
| 180 // tags typeof is "function", not "object". We don't recognize them, and |
| 181 // can't call methods. This does mean that you can't explicitly allow an |
| 182 // embed tag. The only thing that will let it through is a null |
| 183 // sanitizer that doesn't traverse the tree at all. But sanitizing while |
| 184 // allowing embeds seems quite unlikely. |
| 185 var corrupted = true; |
| 186 var attrs; |
| 187 var isAttr; |
| 188 try { |
| 189 // If getting/indexing attributes throws, count that as corrupt. |
| 190 attrs = element.attributes; |
| 191 isAttr = attrs['is']; |
| 192 corrupted = Element.hasCorruptedAttributes(element); |
| 193 } catch(e) {} |
| 194 var elementText = 'element unprintable'; |
| 195 try { |
| 196 elementText = element.toString(); |
| 197 } catch(e) {} |
| 198 var elementTagName = 'element tag unavailable'; |
| 199 try { |
| 200 elementTagName = element.tagName; |
| 201 } catch(e) {} |
| 202 _sanitizeElement(element, parent, corrupted, elementText, elementTagName, |
| 203 attrs, isAttr); |
| 204 } |
| 205 |
| 206 /// Having done basic sanity checking on the element, and computed the |
| 207 /// important attributes we want to check, remove it if it's not valid |
| 208 /// or not allowed, either as a whole or particular attributes. |
| 209 void _sanitizeElement(Element element, Node parent, bool corrupted, |
| 210 String text, String tag, Map attrs, String isAttr) { |
| 211 if (false != corrupted) { |
| 212 window.console.warn( |
| 213 'Removing element due to corrupted attributes on <$text>'); |
| 214 _removeNode(element, parent); |
| 215 return; |
| 216 } |
| 217 if (!validator.allowsElement(element)) { |
| 218 window.console.warn( |
| 219 'Removing disallowed element <$tag>'); |
| 220 _removeNode(element, parent); |
| 221 return; |
| 222 } |
| 223 |
| 224 if (isAttr != null) { |
| 225 if (!validator.allowsAttribute(element, 'is', isAttr)) { |
| 226 window.console.warn('Removing disallowed type extension ' |
| 227 '<$tag is="$isAttr">'); |
| 228 _removeNode(element, parent); |
| 229 return; |
| 230 } |
| 231 } |
| 232 |
| 233 // TODO(blois): Need to be able to get all attributes, irrespective of |
| 234 // XMLNS. |
| 235 var keys = attrs.keys.toList(); |
| 236 for (var i = attrs.length - 1; i >= 0; --i) { |
| 237 var name = keys[i]; |
| 238 if (!validator.allowsAttribute(element, name.toLowerCase(), |
| 239 attrs[name])) { |
| 240 window.console.warn('Removing disallowed attribute ' |
| 241 '<$tag $name="${attrs[name]}">'); |
| 242 attrs.remove(name); |
| 243 } |
| 244 } |
| 245 |
| 246 if (element is TemplateElement) { |
| 247 TemplateElement template = element; |
| 248 sanitizeTree(template.content); |
| 249 } |
| 250 } |
| 251 |
| 252 /// Sanitize the node and its children recursively. |
174 void sanitizeNode(Node node, Node parent) { | 253 void sanitizeNode(Node node, Node parent) { |
175 switch (node.nodeType) { | 254 switch (node.nodeType) { |
176 case Node.ELEMENT_NODE: | 255 case Node.ELEMENT_NODE: |
177 Element element = node; | 256 _sanitizeUntrustedElement(node, parent); |
178 if (element._hasCorruptedAttributes) { | |
179 window.console.warn('Removing element due to corrupted attributes on <
${element}>'); | |
180 _removeNode(node, parent); | |
181 break; | |
182 } | |
183 var attrs = element.attributes; | |
184 if (!validator.allowsElement(element)) { | |
185 window.console.warn( | |
186 'Removing disallowed element <${element.tagName}>'); | |
187 _removeNode(node, parent); | |
188 break; | |
189 } | |
190 | |
191 var isAttr = attrs['is']; | |
192 if (isAttr != null) { | |
193 if (!validator.allowsAttribute(element, 'is', isAttr)) { | |
194 window.console.warn('Removing disallowed type extension ' | |
195 '<${element.tagName} is="$isAttr">'); | |
196 _removeNode(node, parent); | |
197 break; | |
198 } | |
199 } | |
200 | |
201 // TODO(blois): Need to be able to get all attributes, irrespective of | |
202 // XMLNS. | |
203 var keys = attrs.keys.toList(); | |
204 for (var i = attrs.length - 1; i >= 0; --i) { | |
205 var name = keys[i]; | |
206 if (!validator.allowsAttribute(element, name.toLowerCase(), | |
207 attrs[name])) { | |
208 window.console.warn('Removing disallowed attribute ' | |
209 '<${element.tagName} $name="${attrs[name]}">'); | |
210 attrs.remove(name); | |
211 } | |
212 } | |
213 | |
214 if (element is TemplateElement) { | |
215 TemplateElement template = element; | |
216 sanitizeTree(template.content); | |
217 } | |
218 break; | 257 break; |
219 case Node.COMMENT_NODE: | 258 case Node.COMMENT_NODE: |
220 case Node.DOCUMENT_FRAGMENT_NODE: | 259 case Node.DOCUMENT_FRAGMENT_NODE: |
221 case Node.TEXT_NODE: | 260 case Node.TEXT_NODE: |
222 case Node.CDATA_SECTION_NODE: | 261 case Node.CDATA_SECTION_NODE: |
223 break; | 262 break; |
224 default: | 263 default: |
225 _removeNode(node, parent); | 264 _removeNode(node, parent); |
226 } | 265 } |
227 } | 266 } |
228 } | 267 } |
OLD | NEW |