tools/dom/src/Validators.dart - Issue 1148893004: Make sanitizer tests handle IE11, where tagName can't be clobbered

Side by Side Diff: tools/dom/src/Validators.dart

Issue 1148893004: Make sanitizer tests handle IE11, where tagName can't be clobbered (Closed) Base URL: https://github.com/dart-lang/sdk.git@master

Patch Set: Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file	1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file

2 // for details. All rights reserved. Use of this source code is governed by a	2 // for details. All rights reserved. Use of this source code is governed by a

3 // BSD-style license that can be found in the LICENSE file.	3 // BSD-style license that can be found in the LICENSE file.

4	4

5 part of dart.dom.html;	5 part of dart.dom.html;

6	6

7	7

8 /**	8 /**

9 * Interface used to validate that only accepted elements and attributes are	9 * Interface used to validate that only accepted elements and attributes are

10 * allowed while parsing HTML strings into DOM nodes.	10 * allowed while parsing HTML strings into DOM nodes.

(...skipping 180 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
191 isAttr = attrs['is'];	191 isAttr = attrs['is'];

192 corrupted = Element._hasCorruptedAttributes(element);	192 corrupted = Element._hasCorruptedAttributes(element);

193 } catch(e) {}	193 } catch(e) {}

194 var elementText = 'element unprintable';	194 var elementText = 'element unprintable';

195 try {	195 try {

196 elementText = element.toString();	196 elementText = element.toString();

197 } catch(e) {}	197 } catch(e) {}

198 var elementTagName = 'element tag unavailable';	198 var elementTagName = 'element tag unavailable';

199 try {	199 try {

200 elementTagName = element.tagName;	200 elementTagName = element.tagName;

	201 if (elementTagName != elementTagName.toString() {
	sra1 2015/05/27 00:45:18 1. Parse error - missing ')'. 2. A malicious toStr 1. Parse error - missing ')'. 2. A malicious toString could return 'this'. 3. With --trust-type-annotations or type inference, this could plausibly be optimized to a null check or `false`. If you are really checking for a String, use if (confuse(elementTagName) is !String) { corrupted = true; } Alan Knight 2015/05/27 19:54:47 OK, this doesn't seem worthwhile, took it out. Show quoted text On 2015/05/27 00:45:18, sra1 wrote: > 1. Parse error - missing ')'. > 2. A malicious toString could return 'this'. > 3. With --trust-type-annotations or type inference, this could plausibly be > optimized to a null check or `false`. > > If you are really checking for a String, use > if (confuse(elementTagName) is !String) { > corrupted = true; > } OK, this doesn't seem worthwhile, took it out.
	202 corrupted = true; // The tag name is not a string

	203 }

201 } catch(e) {}	204 } catch(e) {}

202 _sanitizeElement(element, parent, corrupted, elementText, elementTagName,	205 _sanitizeElement(element, parent, corrupted, elementText, elementTagName,

203 attrs, isAttr);	206 attrs, isAttr);

204 }	207 }

205	208

206 /// Having done basic sanity checking on the element, and computed the	209 /// Having done basic sanity checking on the element, and computed the

207 /// important attributes we want to check, remove it if it's not valid	210 /// important attributes we want to check, remove it if it's not valid

208 /// or not allowed, either as a whole or particular attributes.	211 /// or not allowed, either as a whole or particular attributes.

209 void _sanitizeElement(Element element, Node parent, bool corrupted,	212 void _sanitizeElement(Element element, Node parent, bool corrupted,

210 String text, String tag, Map attrs, String isAttr) {	213 String text, String tag, Map attrs, String isAttr) {

(...skipping 35 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
246 if (element is TemplateElement) {	249 if (element is TemplateElement) {

247 TemplateElement template = element;	250 TemplateElement template = element;

248 sanitizeTree(template.content);	251 sanitizeTree(template.content);

249 }	252 }

250 }	253 }

251	254

252 /// Sanitize the node and its children recursively.	255 /// Sanitize the node and its children recursively.

253 void sanitizeNode(Node node, Node parent) {	256 void sanitizeNode(Node node, Node parent) {

254 switch (node.nodeType) {	257 switch (node.nodeType) {

255 case Node.ELEMENT_NODE:	258 case Node.ELEMENT_NODE:

256 _sanitizeUntrustedElement(node, parent);	259 _sanitizeUntrustedElement(node, parent);

257 break;	260 break;

258 case Node.COMMENT_NODE:	261 case Node.COMMENT_NODE:

259 case Node.DOCUMENT_FRAGMENT_NODE:	262 case Node.DOCUMENT_FRAGMENT_NODE:

260 case Node.TEXT_NODE:	263 case Node.TEXT_NODE:

261 case Node.CDATA_SECTION_NODE:	264 case Node.CDATA_SECTION_NODE:

262 break;	265 break;

263 default:	266 default:

264 _removeNode(node, parent);	267 _removeNode(node, parent);

265 }	268 }

266 }	269 }

267 }	270 }

OLD	NEW

« no previous file with comments | « tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart ('k') | no next file » | no next file with comments »