Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(876)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/svg/SVGAnimationElement.h

Issue 1171223004: Sanitize SVG animation attributes which could set JavaScript URL values. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Thanks for feedback. Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/svg/SVGAnimateElement.cpp ('k') | Source/core/svg/SVGAnimationElement.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2004, 2005 Nikolas Zimmermann <zimmermann@kde.org> 2 * Copyright (C) 2004, 2005 Nikolas Zimmermann <zimmermann@kde.org>
3 * Copyright (C) 2004, 2005, 2006 Rob Buis <buis@kde.org> 3 * Copyright (C) 2004, 2005, 2006 Rob Buis <buis@kde.org>
4 * Copyright (C) 2007 Eric Seidel <eric@webkit.org> 4 * Copyright (C) 2007 Eric Seidel <eric@webkit.org>
5 * Copyright (C) 2008 Apple Inc. All rights reserved. 5 * Copyright (C) 2008 Apple Inc. All rights reserved.
6 * Copyright (C) 2008 Cameron McCormack <cam@mcc.id.au> 6 * Copyright (C) 2008 Cameron McCormack <cam@mcc.id.au>
7 * Copyright (C) Research In Motion Limited 2011. All rights reserved. 7 * Copyright (C) Research In Motion Limited 2011. All rights reserved.
8 * 8 *
9 * This library is free software; you can redistribute it and/or 9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Library General Public 10 * modify it under the terms of the GNU Library General Public
(...skipping 11 matching lines...) Expand all
22 * Boston, MA 02110-1301, USA. 22 * Boston, MA 02110-1301, USA.
23 */ 23 */
24 24
25 #ifndef SVGAnimationElement_h 25 #ifndef SVGAnimationElement_h
26 #define SVGAnimationElement_h 26 #define SVGAnimationElement_h
27 27
28 #include "core/svg/SVGAnimatedBoolean.h" 28 #include "core/svg/SVGAnimatedBoolean.h"
29 #include "core/svg/animation/SVGSMILElement.h" 29 #include "core/svg/animation/SVGSMILElement.h"
30 #include "platform/animation/UnitBezier.h" 30 #include "platform/animation/UnitBezier.h"
31 #include "wtf/Functional.h" 31 #include "wtf/Functional.h"
32 #include "wtf/Vector.h"
32 33
33 namespace blink { 34 namespace blink {
34 35
35 class ExceptionState; 36 class ExceptionState;
36 37
37 enum AnimationMode { 38 enum AnimationMode {
38 NoAnimation, 39 NoAnimation,
39 FromToAnimation, 40 FromToAnimation,
40 FromByAnimation, 41 FromByAnimation,
41 ToAnimation, 42 ToAnimation,
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after
161 162
162 virtual void setTargetElement(SVGElement*) override; 163 virtual void setTargetElement(SVGElement*) override;
163 virtual void setAttributeName(const QualifiedName&) override; 164 virtual void setAttributeName(const QualifiedName&) override;
164 165
165 bool hasInvalidCSSAttributeType() const { return m_hasInvalidCSSAttributeTyp e; } 166 bool hasInvalidCSSAttributeType() const { return m_hasInvalidCSSAttributeTyp e; }
166 167
167 virtual void updateAnimationMode(); 168 virtual void updateAnimationMode();
168 void setAnimationMode(AnimationMode animationMode) { m_animationMode = anima tionMode; } 169 void setAnimationMode(AnimationMode animationMode) { m_animationMode = anima tionMode; }
169 void setCalcMode(CalcMode calcMode) { m_calcMode = calcMode; } 170 void setCalcMode(CalcMode calcMode) { m_calcMode = calcMode; }
170 171
172 // Parses a list of values as specified by SVG, stripping leading
173 // and trailing whitespace, and places them in result. If the
174 // format of the string is not valid, parseValues empties result
175 // and returns false. See
176 // http://www.w3.org/TR/SVG/animate.html#ValuesAttribute .
177 static bool parseValues(const String&, Vector<String>& result);
178
171 private: 179 private:
172 virtual bool isValid() const override final { return SVGTests::isValid(docum ent()); } 180 virtual bool isValid() const override final { return SVGTests::isValid(docum ent()); }
173 181
174 virtual void animationAttributeChanged() override; 182 virtual void animationAttributeChanged() override;
175 void setAttributeType(const AtomicString&); 183 void setAttributeType(const AtomicString&);
176 184
177 void checkInvalidCSSAttributeType(); 185 void checkInvalidCSSAttributeType();
178 186
179 virtual bool calculateToAtEndOfDurationValue(const String& toAtEndOfDuration String) = 0; 187 virtual bool calculateToAtEndOfDurationValue(const String& toAtEndOfDuration String) = 0;
180 virtual bool calculateFromAndToValues(const String& fromString, const String & toString) = 0; 188 virtual bool calculateFromAndToValues(const String& fromString, const String & toString) = 0;
(...skipping 26 matching lines...) Expand all
207 String m_lastValuesAnimationFrom; 215 String m_lastValuesAnimationFrom;
208 String m_lastValuesAnimationTo; 216 String m_lastValuesAnimationTo;
209 bool m_hasInvalidCSSAttributeType; 217 bool m_hasInvalidCSSAttributeType;
210 CalcMode m_calcMode; 218 CalcMode m_calcMode;
211 AnimationMode m_animationMode; 219 AnimationMode m_animationMode;
212 }; 220 };
213 221
214 } // namespace blink 222 } // namespace blink
215 223
216 #endif // SVGAnimationElement_h 224 #endif // SVGAnimationElement_h
OLDNEW
« no previous file with comments | « Source/core/svg/SVGAnimateElement.cpp ('k') | Source/core/svg/SVGAnimationElement.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698