| OLD | NEW |
|---|
| 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 part of dart.dom.html; | 5 part of dart.dom.html; |
| 6 | 6 |
| 7 | 7 |
| 8 /** | 8 /** |
| 9 * Interface used to validate that only accepted elements and attributes are | 9 * Interface used to validate that only accepted elements and attributes are |
| 10 * allowed while parsing HTML strings into DOM nodes. | 10 * allowed while parsing HTML strings into DOM nodes. |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 new _ValidatingTreeSanitizer(validator); | 61 new _ValidatingTreeSanitizer(validator); |
| 62 | 62 |
| 63 /** | 63 /** |
| 64 * Called with the root of the tree which is to be sanitized. | 64 * Called with the root of the tree which is to be sanitized. |
| 65 * | 65 * |
| 66 * This method needs to walk the entire tree and either remove elements and | 66 * This method needs to walk the entire tree and either remove elements and |
| 67 * attributes which are not recognized as safe or throw an exception which | 67 * attributes which are not recognized as safe or throw an exception which |
| 68 * will mark the entire tree as unsafe. | 68 * will mark the entire tree as unsafe. |
| 69 */ | 69 */ |
| 70 void sanitizeTree(Node node); | 70 void sanitizeTree(Node node); |
| 71 |
| 72 /** |
| 73 * A sanitizer for trees that we trust. It does no validation and allows |
| 74 * any elements. It is also more efficient, since it can pass the text |
| 75 * directly through to the underlying APIs without creating a document |
| 76 * fragment to be sanitized. |
| 77 */ |
| 78 static const trusted = const _TrustedHtmlTreeSanitizer(); |
| 71 } | 79 } |
| 72 | 80 |
| 73 /** | 81 /** |
| 82 * A sanitizer for trees that we trust. It does no validation and allows |
| 83 * any elements. |
| 84 */ |
| 85 class _TrustedHtmlTreeSanitizer implements NodeTreeSanitizer { |
| 86 const _TrustedHtmlTreeSanitizer(); |
| 87 |
| 88 sanitizeTree(Node node) {} |
| 89 } |
| 90 |
| 91 /** |
| 74 * Defines the policy for what types of uris are allowed for particular | 92 * Defines the policy for what types of uris are allowed for particular |
| 75 * attribute values. | 93 * attribute values. |
| 76 * | 94 * |
| 77 * This can be used to provide custom rules such as allowing all http:// URIs | 95 * This can be used to provide custom rules such as allowing all http:// URIs |
| 78 * for image attributes but only same-origin URIs for anchor tags. | 96 * for image attributes but only same-origin URIs for anchor tags. |
| 79 */ | 97 */ |
| 80 abstract class UriPolicy { | 98 abstract class UriPolicy { |
| 81 /** | 99 /** |
| 82 * Constructs the default UriPolicy which is to only allow Uris to the same | 100 * Constructs the default UriPolicy which is to only allow Uris to the same |
| 83 * origin as the application was launched from. | 101 * origin as the application was launched from. |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 258 case Node.COMMENT_NODE: | 276 case Node.COMMENT_NODE: |
| 259 case Node.DOCUMENT_FRAGMENT_NODE: | 277 case Node.DOCUMENT_FRAGMENT_NODE: |
| 260 case Node.TEXT_NODE: | 278 case Node.TEXT_NODE: |
| 261 case Node.CDATA_SECTION_NODE: | 279 case Node.CDATA_SECTION_NODE: |
| 262 break; | 280 break; |
| 263 default: | 281 default: |
| 264 _removeNode(node, parent); | 282 _removeNode(node, parent); |
| 265 } | 283 } |
| 266 } | 284 } |
| 267 } | 285 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1154423009:
Make it easier and more efficient to use trusted HTML text (Closed)
Base URL: git@github.com:dart-lang/sdk.git@master