Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(567)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tools/dom/src/NodeValidatorBuilder.dart

Issue 1236413002: Make sure NodeValidator uriAttributes aren't passed as attributes (Closed) Base URL: git@github.com:dart-lang/sdk.git@master
Patch Set: And regenerate libraries after formatting Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a 2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file. 3 // BSD-style license that can be found in the LICENSE file.
4 4
5 part of dart.dom.html; 5 part of dart.dom.html;
6 6
7 7
8 /** 8 /**
9 * Class which helps construct standard node validation policies. 9 * Class which helps construct standard node validation policies.
10 * 10 *
(...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after
252 return _validators.any((v) => v.allowsElement(element)); 252 return _validators.any((v) => v.allowsElement(element));
253 } 253 }
254 254
255 bool allowsAttribute(Element element, String attributeName, String value) { 255 bool allowsAttribute(Element element, String attributeName, String value) {
256 return _validators.any( 256 return _validators.any(
257 (v) => v.allowsAttribute(element, attributeName, value)); 257 (v) => v.allowsAttribute(element, attributeName, value));
258 } 258 }
259 } 259 }
260 260
261 class _SimpleNodeValidator implements NodeValidator { 261 class _SimpleNodeValidator implements NodeValidator {
262 final Set<String> allowedElements; 262 final Set<String> allowedElements = new Set<String>();
263 final Set<String> allowedAttributes; 263 final Set<String> allowedAttributes = new Set<String>();
264 final Set<String> allowedUriAttributes; 264 final Set<String> allowedUriAttributes = new Set<String>();
265 final UriPolicy uriPolicy; 265 final UriPolicy uriPolicy;
266 266
267 factory _SimpleNodeValidator.allowNavigation(UriPolicy uriPolicy) { 267 factory _SimpleNodeValidator.allowNavigation(UriPolicy uriPolicy) {
268 return new _SimpleNodeValidator(uriPolicy, 268 return new _SimpleNodeValidator(uriPolicy,
269 allowedElements: [ 269 allowedElements: const [
270 'A', 270 'A',
271 'FORM'], 271 'FORM'],
272 allowedAttributes: [ 272 allowedAttributes: const [
273 'A::accesskey', 273 'A::accesskey',
274 'A::coords', 274 'A::coords',
275 'A::hreflang', 275 'A::hreflang',
276 'A::name', 276 'A::name',
277 'A::shape', 277 'A::shape',
278 'A::tabindex', 278 'A::tabindex',
279 'A::target', 279 'A::target',
280 'A::type', 280 'A::type',
281 'FORM::accept', 281 'FORM::accept',
282 'FORM::autocomplete', 282 'FORM::autocomplete',
283 'FORM::enctype', 283 'FORM::enctype',
284 'FORM::method', 284 'FORM::method',
285 'FORM::name', 285 'FORM::name',
286 'FORM::novalidate', 286 'FORM::novalidate',
287 'FORM::target', 287 'FORM::target',
288 ], 288 ],
289 allowedUriAttributes: [ 289 allowedUriAttributes: const [
290 'A::href', 290 'A::href',
291 'FORM::action', 291 'FORM::action',
292 ]); 292 ]);
293 } 293 }
294 294
295 factory _SimpleNodeValidator.allowImages(UriPolicy uriPolicy) { 295 factory _SimpleNodeValidator.allowImages(UriPolicy uriPolicy) {
296 return new _SimpleNodeValidator(uriPolicy, 296 return new _SimpleNodeValidator(uriPolicy,
297 allowedElements: [ 297 allowedElements: const [
298 'IMG' 298 'IMG'
299 ], 299 ],
300 allowedAttributes: [ 300 allowedAttributes: const [
301 'IMG::align', 301 'IMG::align',
302 'IMG::alt', 302 'IMG::alt',
303 'IMG::border', 303 'IMG::border',
304 'IMG::height', 304 'IMG::height',
305 'IMG::hspace', 305 'IMG::hspace',
306 'IMG::ismap', 306 'IMG::ismap',
307 'IMG::name', 307 'IMG::name',
308 'IMG::usemap', 308 'IMG::usemap',
309 'IMG::vspace', 309 'IMG::vspace',
310 'IMG::width', 310 'IMG::width',
311 ], 311 ],
312 allowedUriAttributes: [ 312 allowedUriAttributes: const [
313 'IMG::src', 313 'IMG::src',
314 ]); 314 ]);
315 } 315 }
316 316
317 factory _SimpleNodeValidator.allowTextElements() { 317 factory _SimpleNodeValidator.allowTextElements() {
318 return new _SimpleNodeValidator(null, 318 return new _SimpleNodeValidator(null,
319 allowedElements: [ 319 allowedElements: const [
320 'B', 320 'B',
321 'BLOCKQUOTE', 321 'BLOCKQUOTE',
322 'BR', 322 'BR',
323 'EM', 323 'EM',
324 'H1', 324 'H1',
325 'H2', 325 'H2',
326 'H3', 326 'H3',
327 'H4', 327 'H4',
328 'H5', 328 'H5',
329 'H6', 329 'H6',
330 'HR', 330 'HR',
331 'I', 331 'I',
332 'LI', 332 'LI',
333 'OL', 333 'OL',
334 'P', 334 'P',
335 'SPAN', 335 'SPAN',
336 'UL', 336 'UL',
337 ]); 337 ]);
338 } 338 }
339 339
340 /** 340 /**
341 * Elements must be uppercased tag names. For example `'IMG'`. 341 * Elements must be uppercased tag names. For example `'IMG'`.
342 * Attributes must be uppercased tag name followed by :: followed by 342 * Attributes must be uppercased tag name followed by :: followed by
343 * lowercase attribute name. For example `'IMG:src'`. 343 * lowercase attribute name. For example `'IMG:src'`.
344 */ 344 */
345 _SimpleNodeValidator(this.uriPolicy, 345 _SimpleNodeValidator(this.uriPolicy,
346 {Iterable<String> allowedElements, Iterable<String> allowedAttributes, 346 {Iterable<String> allowedElements, Iterable<String> allowedAttributes,
347 Iterable<String> allowedUriAttributes}): 347 Iterable<String> allowedUriAttributes}) {
348 this.allowedElements = allowedElements != null ? 348 this.allowedElements.addAll(allowedElements ?? const []);
349 new Set.from(allowedElements) : new Set(), 349 allowedAttributes = allowedAttributes ?? const [];
350 this.allowedAttributes = allowedAttributes != null ? 350 allowedUriAttributes = allowedUriAttributes ?? const [];
351 new Set.from(allowedAttributes) : new Set(), 351 var legalAttributes = allowedAttributes.where(
352 this.allowedUriAttributes = allowedUriAttributes != null ? 352 (x) => !_Html5NodeValidator._uriAttributes.contains(x));
353 new Set.from(allowedUriAttributes) : new Set(); 353 var extraUriAttributes = allowedAttributes.where(
354 (x) => _Html5NodeValidator._uriAttributes.contains(x));
355 this.allowedAttributes.addAll(legalAttributes);
356 this.allowedUriAttributes.addAll(allowedUriAttributes);
357 this.allowedUriAttributes.addAll(extraUriAttributes);
358 }
354 359
355 bool allowsElement(Element element) { 360 bool allowsElement(Element element) {
356 return allowedElements.contains(element.tagName); 361 return allowedElements.contains(element.tagName);
357 } 362 }
358 363
359 bool allowsAttribute(Element element, String attributeName, String value) { 364 bool allowsAttribute(Element element, String attributeName, String value) {
360 var tagName = element.tagName; 365 var tagName = element.tagName;
361 if (allowedUriAttributes.contains('$tagName::$attributeName')) { 366 if (allowedUriAttributes.contains('$tagName::$attributeName')) {
362 return uriPolicy.allowsUri(value); 367 return uriPolicy.allowsUri(value);
363 } else if (allowedUriAttributes.contains('*::$attributeName')) { 368 } else if (allowedUriAttributes.contains('*::$attributeName')) {
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after
466 return false; 471 return false;
467 } 472 }
468 473
469 bool allowsAttribute(Element element, String attributeName, String value) { 474 bool allowsAttribute(Element element, String attributeName, String value) {
470 if (attributeName == 'is' || attributeName.startsWith('on')) { 475 if (attributeName == 'is' || attributeName.startsWith('on')) {
471 return false; 476 return false;
472 } 477 }
473 return allowsElement(element); 478 return allowsElement(element);
474 } 479 }
475 } 480 }
OLDNEW
« no previous file with comments | « tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698