Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tools/dom/templates/html/impl/impl_Element.darttemplate

Issue 1146753004: Sanitization should reject elements that we can't examine (e.g. embed/object on FF) (Closed) Base URL: git@github.com:dart-lang/sdk.git@master
Patch Set: Review fixes Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « tools/dom/src/Validators.dart ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a 2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file. 3 // BSD-style license that can be found in the LICENSE file.
4 4
5 part of $LIBRARYNAME; 5 part of $LIBRARYNAME;
6 6
7 class _ChildrenElementList extends ListBase<Element> 7 class _ChildrenElementList extends ListBase<Element>
8 implements NodeListWrapper { 8 implements NodeListWrapper {
9 // Raw Element. 9 // Raw Element.
10 final Element _element; 10 final Element _element;
(...skipping 1374 matching lines...) Expand 10 before | Expand all | Expand 10 after
1385 */ 1385 */
1386 ElementEvents get on => new ElementEvents(this); 1386 ElementEvents get on => new ElementEvents(this);
1387 1387
1388 /** 1388 /**
1389 * Verify if any of the attributes that we use in the sanitizer look unexpecte d, 1389 * Verify if any of the attributes that we use in the sanitizer look unexpecte d,
1390 * possibly indicating DOM clobbering attacks. 1390 * possibly indicating DOM clobbering attacks.
1391 * 1391 *
1392 * Those attributes are: attributes, lastChild, children, previousNode and tag Name. 1392 * Those attributes are: attributes, lastChild, children, previousNode and tag Name.
1393 */ 1393 */
1394 $if DART2JS 1394 $if DART2JS
1395 bool get _hasCorruptedAttributes { 1395 static bool _hasCorruptedAttributes(Element element) {
1396 return JS('bool', r''' 1396 return JS('bool', r'''
1397 (function(element) { 1397 (function(element) {
1398 if (!(element.attributes instanceof NamedNodeMap)) { 1398 if (!(element.attributes instanceof NamedNodeMap)) {
1399 return true; 1399 return true;
1400 } 1400 }
1401 var childNodes = element.childNodes; 1401 var childNodes = element.childNodes;
1402 if (element.lastChild && 1402 if (element.lastChild &&
1403 element.lastChild !== childNodes[childNodes.length -1]) { 1403 element.lastChild !== childNodes[childNodes.length -1]) {
1404 return true; 1404 return true;
1405 } 1405 }
1406 if (element.children) { // On Safari, children can apparently be null. 1406 if (element.children) { // On Safari, children can apparently be null.
1407 if (!((element.children instanceof HTMLCollection) || 1407 if (!((element.children instanceof HTMLCollection) ||
1408 (element.children instanceof NodeList))) { 1408 (element.children instanceof NodeList))) {
1409 return true; 1409 return true;
1410 } 1410 }
1411 } 1411 }
1412 return false; 1412 return false;
1413 })(#)''', this); 1413 })(#)''', element);
1414 } 1414 }
1415 $else 1415 $else
1416 // Dartium isn't affected by these attacks, because it goes directly to the C+ + API. 1416 // Dartium isn't affected by these attacks, because it goes directly to the C+ + API.
1417 bool get _hasCorruptedAttributes => false; 1417 static bool _hasCorruptedAttributes(Element element) => false;
Alan Knight 2015/05/21 20:38:41 Made this static, as suggested.
1418 $endif 1418 $endif
1419 1419
1420 $if DART2JS 1420 $if DART2JS
1421 @DomName('Element.offsetHeight') 1421 @DomName('Element.offsetHeight')
1422 @DocsEditable() 1422 @DocsEditable()
1423 int get offsetHeight => JS('num', '#.offsetHeight', this).round(); 1423 int get offsetHeight => JS('num', '#.offsetHeight', this).round();
1424 1424
1425 @DomName('Element.offsetLeft') 1425 @DomName('Element.offsetLeft')
1426 @DocsEditable() 1426 @DocsEditable()
1427 int get offsetLeft => JS('num', '#.offsetLeft', this).round(); 1427 int get offsetLeft => JS('num', '#.offsetLeft', this).round();
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after
1574 const ScrollAlignment._internal(this._value); 1574 const ScrollAlignment._internal(this._value);
1575 toString() => 'ScrollAlignment.$_value'; 1575 toString() => 'ScrollAlignment.$_value';
1576 1576
1577 /// Attempt to align the element to the top of the scrollable area. 1577 /// Attempt to align the element to the top of the scrollable area.
1578 static const TOP = const ScrollAlignment._internal('TOP'); 1578 static const TOP = const ScrollAlignment._internal('TOP');
1579 /// Attempt to center the element in the scrollable area. 1579 /// Attempt to center the element in the scrollable area.
1580 static const CENTER = const ScrollAlignment._internal('CENTER'); 1580 static const CENTER = const ScrollAlignment._internal('CENTER');
1581 /// Attempt to align the element to the bottom of the scrollable area. 1581 /// Attempt to align the element to the bottom of the scrollable area.
1582 static const BOTTOM = const ScrollAlignment._internal('BOTTOM'); 1582 static const BOTTOM = const ScrollAlignment._internal('BOTTOM');
1583 } 1583 }
OLDNEW
« no previous file with comments | « tools/dom/src/Validators.dart ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698