OLD | NEW |
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 part of dart.dom.html; | 5 part of dart.dom.html; |
6 | 6 |
7 | 7 |
8 /** | 8 /** |
9 * Class which helps construct standard node validation policies. | 9 * Class which helps construct standard node validation policies. |
10 * | 10 * |
(...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
252 return _validators.any((v) => v.allowsElement(element)); | 252 return _validators.any((v) => v.allowsElement(element)); |
253 } | 253 } |
254 | 254 |
255 bool allowsAttribute(Element element, String attributeName, String value) { | 255 bool allowsAttribute(Element element, String attributeName, String value) { |
256 return _validators.any( | 256 return _validators.any( |
257 (v) => v.allowsAttribute(element, attributeName, value)); | 257 (v) => v.allowsAttribute(element, attributeName, value)); |
258 } | 258 } |
259 } | 259 } |
260 | 260 |
261 class _SimpleNodeValidator implements NodeValidator { | 261 class _SimpleNodeValidator implements NodeValidator { |
262 final Set<String> allowedElements; | 262 final Set<String> allowedElements = new Set<String>(); |
263 final Set<String> allowedAttributes; | 263 final Set<String> allowedAttributes = new Set<String>(); |
264 final Set<String> allowedUriAttributes; | 264 final Set<String> allowedUriAttributes = new Set<String>(); |
265 final UriPolicy uriPolicy; | 265 final UriPolicy uriPolicy; |
266 | 266 |
267 factory _SimpleNodeValidator.allowNavigation(UriPolicy uriPolicy) { | 267 factory _SimpleNodeValidator.allowNavigation(UriPolicy uriPolicy) { |
268 return new _SimpleNodeValidator(uriPolicy, | 268 return new _SimpleNodeValidator(uriPolicy, |
269 allowedElements: [ | 269 allowedElements: const [ |
270 'A', | 270 'A', |
271 'FORM'], | 271 'FORM'], |
272 allowedAttributes: [ | 272 allowedAttributes: const [ |
273 'A::accesskey', | 273 'A::accesskey', |
274 'A::coords', | 274 'A::coords', |
275 'A::hreflang', | 275 'A::hreflang', |
276 'A::name', | 276 'A::name', |
277 'A::shape', | 277 'A::shape', |
278 'A::tabindex', | 278 'A::tabindex', |
279 'A::target', | 279 'A::target', |
280 'A::type', | 280 'A::type', |
281 'FORM::accept', | 281 'FORM::accept', |
282 'FORM::autocomplete', | 282 'FORM::autocomplete', |
283 'FORM::enctype', | 283 'FORM::enctype', |
284 'FORM::method', | 284 'FORM::method', |
285 'FORM::name', | 285 'FORM::name', |
286 'FORM::novalidate', | 286 'FORM::novalidate', |
287 'FORM::target', | 287 'FORM::target', |
288 ], | 288 ], |
289 allowedUriAttributes: [ | 289 allowedUriAttributes: const [ |
290 'A::href', | 290 'A::href', |
291 'FORM::action', | 291 'FORM::action', |
292 ]); | 292 ]); |
293 } | 293 } |
294 | 294 |
295 factory _SimpleNodeValidator.allowImages(UriPolicy uriPolicy) { | 295 factory _SimpleNodeValidator.allowImages(UriPolicy uriPolicy) { |
296 return new _SimpleNodeValidator(uriPolicy, | 296 return new _SimpleNodeValidator(uriPolicy, |
297 allowedElements: [ | 297 allowedElements: const [ |
298 'IMG' | 298 'IMG' |
299 ], | 299 ], |
300 allowedAttributes: [ | 300 allowedAttributes: const [ |
301 'IMG::align', | 301 'IMG::align', |
302 'IMG::alt', | 302 'IMG::alt', |
303 'IMG::border', | 303 'IMG::border', |
304 'IMG::height', | 304 'IMG::height', |
305 'IMG::hspace', | 305 'IMG::hspace', |
306 'IMG::ismap', | 306 'IMG::ismap', |
307 'IMG::name', | 307 'IMG::name', |
308 'IMG::usemap', | 308 'IMG::usemap', |
309 'IMG::vspace', | 309 'IMG::vspace', |
310 'IMG::width', | 310 'IMG::width', |
311 ], | 311 ], |
312 allowedUriAttributes: [ | 312 allowedUriAttributes: const [ |
313 'IMG::src', | 313 'IMG::src', |
314 ]); | 314 ]); |
315 } | 315 } |
316 | 316 |
317 factory _SimpleNodeValidator.allowTextElements() { | 317 factory _SimpleNodeValidator.allowTextElements() { |
318 return new _SimpleNodeValidator(null, | 318 return new _SimpleNodeValidator(null, |
319 allowedElements: [ | 319 allowedElements: const [ |
320 'B', | 320 'B', |
321 'BLOCKQUOTE', | 321 'BLOCKQUOTE', |
322 'BR', | 322 'BR', |
323 'EM', | 323 'EM', |
324 'H1', | 324 'H1', |
325 'H2', | 325 'H2', |
326 'H3', | 326 'H3', |
327 'H4', | 327 'H4', |
328 'H5', | 328 'H5', |
329 'H6', | 329 'H6', |
330 'HR', | 330 'HR', |
331 'I', | 331 'I', |
332 'LI', | 332 'LI', |
333 'OL', | 333 'OL', |
334 'P', | 334 'P', |
335 'SPAN', | 335 'SPAN', |
336 'UL', | 336 'UL', |
337 ]); | 337 ]); |
338 } | 338 } |
339 | 339 |
340 /** | 340 /** |
341 * Elements must be uppercased tag names. For example `'IMG'`. | 341 * Elements must be uppercased tag names. For example `'IMG'`. |
342 * Attributes must be uppercased tag name followed by :: followed by | 342 * Attributes must be uppercased tag name followed by :: followed by |
343 * lowercase attribute name. For example `'IMG:src'`. | 343 * lowercase attribute name. For example `'IMG:src'`. |
344 */ | 344 */ |
345 _SimpleNodeValidator(this.uriPolicy, | 345 _SimpleNodeValidator(this.uriPolicy, |
346 {Iterable<String> allowedElements, Iterable<String> allowedAttributes, | 346 {Iterable<String> allowedElements, Iterable<String> allowedAttributes, |
347 Iterable<String> allowedUriAttributes}): | 347 Iterable<String> allowedUriAttributes}) { |
348 this.allowedElements = allowedElements != null ? | 348 this.allowedElements.addAll(allowedElements ?? const []); |
349 new Set.from(allowedElements) : new Set(), | 349 allowedAttributes = allowedAttributes ?? const []; |
350 this.allowedAttributes = allowedAttributes != null ? | 350 allowedUriAttributes = allowedUriAttributes ?? const []; |
351 new Set.from(allowedAttributes) : new Set(), | 351 var legalAttributes = allowedAttributes.where( |
352 this.allowedUriAttributes = allowedUriAttributes != null ? | 352 (x) => !_Html5NodeValidator._uriAttributes.contains(x)); |
353 new Set.from(allowedUriAttributes) : new Set(); | 353 var extraUriAttributes = allowedAttributes.where( |
| 354 (x) => _Html5NodeValidator._uriAttributes.contains(x)); |
| 355 this.allowedAttributes.addAll(legalAttributes); |
| 356 this.allowedUriAttributes.addAll(allowedUriAttributes); |
| 357 this.allowedUriAttributes.addAll(extraUriAttributes); |
| 358 } |
354 | 359 |
355 bool allowsElement(Element element) { | 360 bool allowsElement(Element element) { |
356 return allowedElements.contains(element.tagName); | 361 return allowedElements.contains(element.tagName); |
357 } | 362 } |
358 | 363 |
359 bool allowsAttribute(Element element, String attributeName, String value) { | 364 bool allowsAttribute(Element element, String attributeName, String value) { |
360 var tagName = element.tagName; | 365 var tagName = element.tagName; |
361 if (allowedUriAttributes.contains('$tagName::$attributeName')) { | 366 if (allowedUriAttributes.contains('$tagName::$attributeName')) { |
362 return uriPolicy.allowsUri(value); | 367 return uriPolicy.allowsUri(value); |
363 } else if (allowedUriAttributes.contains('*::$attributeName')) { | 368 } else if (allowedUriAttributes.contains('*::$attributeName')) { |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
466 return false; | 471 return false; |
467 } | 472 } |
468 | 473 |
469 bool allowsAttribute(Element element, String attributeName, String value) { | 474 bool allowsAttribute(Element element, String attributeName, String value) { |
470 if (attributeName == 'is' || attributeName.startsWith('on')) { | 475 if (attributeName == 'is' || attributeName.startsWith('on')) { |
471 return false; | 476 return false; |
472 } | 477 } |
473 return allowsElement(element); | 478 return allowsElement(element); |
474 } | 479 } |
475 } | 480 } |
OLD | NEW |