Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/svg/SVGAnimateElement.h

Issue 1171223004: Sanitize SVG animation attributes which could set JavaScript URL values. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Thanks for feedback. Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/editing/Editor.h ('k') | Source/core/svg/SVGAnimateElement.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2004, 2005 Nikolas Zimmermann <zimmermann@kde.org> 2 * Copyright (C) 2004, 2005 Nikolas Zimmermann <zimmermann@kde.org>
3 * Copyright (C) 2004, 2005 Rob Buis <buis@kde.org> 3 * Copyright (C) 2004, 2005 Rob Buis <buis@kde.org>
4 * Copyright (C) 2008 Apple Inc. All rights reserved. 4 * Copyright (C) 2008 Apple Inc. All rights reserved.
5 * Copyright (C) Research In Motion Limited 2011. All rights reserved. 5 * Copyright (C) Research In Motion Limited 2011. All rights reserved.
6 * 6 *
7 * This library is free software; you can redistribute it and/or 7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Library General Public 8 * modify it under the terms of the GNU Library General Public
9 * License as published by the Free Software Foundation; either 9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version. 10 * version 2 of the License, or (at your option) any later version.
(...skipping 10 matching lines...) Expand all
21 */ 21 */
22 22
23 #ifndef SVGAnimateElement_h 23 #ifndef SVGAnimateElement_h
24 #define SVGAnimateElement_h 24 #define SVGAnimateElement_h
25 25
26 #include "core/SVGNames.h" 26 #include "core/SVGNames.h"
27 #include "core/svg/SVGAnimatedTypeAnimator.h" 27 #include "core/svg/SVGAnimatedTypeAnimator.h"
28 #include "core/svg/SVGAnimationElement.h" 28 #include "core/svg/SVGAnimationElement.h"
29 #include "platform/heap/Handle.h" 29 #include "platform/heap/Handle.h"
30 #include "wtf/OwnPtr.h" 30 #include "wtf/OwnPtr.h"
31 #include <base/gtest_prod_util.h>
31 32
32 namespace blink { 33 namespace blink {
33 34
34 class SVGAnimatedTypeAnimator; 35 class SVGAnimatedTypeAnimator;
35 36
36 class SVGAnimateElement : public SVGAnimationElement { 37 class SVGAnimateElement : public SVGAnimationElement {
37 DEFINE_WRAPPERTYPEINFO(); 38 DEFINE_WRAPPERTYPEINFO();
38 public: 39 public:
39 static PassRefPtrWillBeRawPtr<SVGAnimateElement> create(Document&); 40 static PassRefPtrWillBeRawPtr<SVGAnimateElement> create(Document&);
40 virtual ~SVGAnimateElement(); 41 virtual ~SVGAnimateElement();
41 42
42 DECLARE_VIRTUAL_TRACE(); 43 DECLARE_VIRTUAL_TRACE();
43 44
45 virtual bool isSVGAnimationAttributeSettingJavaScriptURL(const Attribute&) c onst override;
46
44 AnimatedPropertyType animatedPropertyType(); 47 AnimatedPropertyType animatedPropertyType();
45 bool animatedPropertyTypeSupportsAddition(); 48 bool animatedPropertyTypeSupportsAddition();
46 49
47 static SVGElementInstances findElementInstances(SVGElement* targetElement); 50 static SVGElementInstances findElementInstances(SVGElement* targetElement);
48 51
49 protected: 52 protected:
50 SVGAnimateElement(const QualifiedName&, Document&); 53 SVGAnimateElement(const QualifiedName&, Document&);
51 54
52 virtual void resetAnimatedType() override final; 55 virtual void resetAnimatedType() override final;
53 virtual void clearAnimatedType() override final; 56 virtual void clearAnimatedType() override final;
54 57
55 virtual bool calculateToAtEndOfDurationValue(const String& toAtEndOfDuration String) override final; 58 virtual bool calculateToAtEndOfDurationValue(const String& toAtEndOfDuration String) override final;
56 virtual bool calculateFromAndToValues(const String& fromString, const String & toString) override final; 59 virtual bool calculateFromAndToValues(const String& fromString, const String & toString) override final;
57 virtual bool calculateFromAndByValues(const String& fromString, const String & byString) override final; 60 virtual bool calculateFromAndByValues(const String& fromString, const String & byString) override final;
58 virtual void calculateAnimatedValue(float percentage, unsigned repeatCount, SVGSMILElement* resultElement) override final; 61 virtual void calculateAnimatedValue(float percentage, unsigned repeatCount, SVGSMILElement* resultElement) override final;
59 virtual void applyResultsToTarget() override final; 62 virtual void applyResultsToTarget() override final;
60 virtual float calculateDistance(const String& fromString, const String& toSt ring) override final; 63 virtual float calculateDistance(const String& fromString, const String& toSt ring) override final;
61 virtual bool isAdditive() override final; 64 virtual bool isAdditive() override final;
62 65
63 virtual void setTargetElement(SVGElement*) override final; 66 virtual void setTargetElement(SVGElement*) override final;
64 virtual void setAttributeName(const QualifiedName&) override final; 67 virtual void setAttributeName(const QualifiedName&) override final;
65 68
69 FRIEND_TEST_ALL_PREFIXES(UnsafeSVGAttributeSanitizationTest, stringsShouldNo tSupportAddition);
70
66 private: 71 private:
67 void resetAnimatedPropertyType(); 72 void resetAnimatedPropertyType();
68 73
69 virtual bool hasValidAttributeType() override; 74 virtual bool hasValidAttributeType() override;
70 75
71 RefPtrWillBeMember<SVGPropertyBase> m_fromProperty; 76 RefPtrWillBeMember<SVGPropertyBase> m_fromProperty;
72 RefPtrWillBeMember<SVGPropertyBase> m_toProperty; 77 RefPtrWillBeMember<SVGPropertyBase> m_toProperty;
73 RefPtrWillBeMember<SVGPropertyBase> m_toAtEndOfDurationProperty; 78 RefPtrWillBeMember<SVGPropertyBase> m_toAtEndOfDurationProperty;
74 RefPtrWillBeMember<SVGPropertyBase> m_animatedProperty; 79 RefPtrWillBeMember<SVGPropertyBase> m_animatedProperty;
75 80
76 SVGAnimatedTypeAnimator m_animator; 81 SVGAnimatedTypeAnimator m_animator;
77 }; 82 };
78 83
79 inline bool isSVGAnimateElement(const SVGElement& element) 84 inline bool isSVGAnimateElement(const SVGElement& element)
80 { 85 {
81 return element.hasTagName(SVGNames::animateTag) 86 return element.hasTagName(SVGNames::animateTag)
82 || element.hasTagName(SVGNames::animateTransformTag) 87 || element.hasTagName(SVGNames::animateTransformTag)
83 || element.hasTagName(SVGNames::setTag); 88 || element.hasTagName(SVGNames::setTag);
84 } 89 }
85 90
86 DEFINE_SVGELEMENT_TYPE_CASTS_WITH_FUNCTION(SVGAnimateElement); 91 DEFINE_SVGELEMENT_TYPE_CASTS_WITH_FUNCTION(SVGAnimateElement);
87 92
88 } // namespace blink 93 } // namespace blink
89 94
90 #endif // SVGAnimateElement_h 95 #endif // SVGAnimateElement_h
OLDNEW
« no previous file with comments | « Source/core/editing/Editor.h ('k') | Source/core/svg/SVGAnimateElement.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698