Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(133)

Side by Side Diff: tools/dom/src/Validators.dart

Issue 1348173002: Dartium JS Enabled take 2 (Closed) Base URL: https://github.com/dart-lang/sdk.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « tools/dom/src/NodeValidatorBuilder.dart ('k') | tools/dom/src/WrappedList.dart » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a 2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file. 3 // BSD-style license that can be found in the LICENSE file.
4 4
5 part of dart.dom.html; 5 part of dart.dom.html;
6 6
7 7
8 /** 8 /**
9 * Interface used to validate that only accepted elements and attributes are 9 * Interface used to validate that only accepted elements and attributes are
10 * allowed while parsing HTML strings into DOM nodes. 10 * allowed while parsing HTML strings into DOM nodes.
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
65 * 65 *
66 * This method needs to walk the entire tree and either remove elements and 66 * This method needs to walk the entire tree and either remove elements and
67 * attributes which are not recognized as safe or throw an exception which 67 * attributes which are not recognized as safe or throw an exception which
68 * will mark the entire tree as unsafe. 68 * will mark the entire tree as unsafe.
69 */ 69 */
70 void sanitizeTree(Node node); 70 void sanitizeTree(Node node);
71 71
72 /** 72 /**
73 * A sanitizer for trees that we trust. It does no validation and allows 73 * A sanitizer for trees that we trust. It does no validation and allows
74 * any elements. It is also more efficient, since it can pass the text 74 * any elements. It is also more efficient, since it can pass the text
75 * directly through to the underlying APIs without creating a document 75 * directly through to the underlying APIs without creating a document
76 * fragment to be sanitized. 76 * fragment to be sanitized.
77 */ 77 */
78 static const trusted = const _TrustedHtmlTreeSanitizer(); 78 static const trusted = const _TrustedHtmlTreeSanitizer();
79 } 79 }
80 80
81 /** 81 /**
82 * A sanitizer for trees that we trust. It does no validation and allows 82 * A sanitizer for trees that we trust. It does no validation and allows
83 * any elements. 83 * any elements.
84 */ 84 */
85 class _TrustedHtmlTreeSanitizer implements NodeTreeSanitizer { 85 class _TrustedHtmlTreeSanitizer implements NodeTreeSanitizer {
86 const _TrustedHtmlTreeSanitizer(); 86 const _TrustedHtmlTreeSanitizer();
87 87
88 sanitizeTree(Node node) {} 88 sanitizeTree(Node node) {}
89 } 89 }
90 90
91 /** 91 /**
92 * Defines the policy for what types of uris are allowed for particular 92 * Defines the policy for what types of uris are allowed for particular
93 * attribute values. 93 * attribute values.
94 * 94 *
95 * This can be used to provide custom rules such as allowing all http:// URIs 95 * This can be used to provide custom rules such as allowing all http:// URIs
96 * for image attributes but only same-origin URIs for anchor tags. 96 * for image attributes but only same-origin URIs for anchor tags.
97 */ 97 */
98 abstract class UriPolicy { 98 abstract class UriPolicy {
99 /** 99 /**
100 * Constructs the default UriPolicy which is to only allow Uris to the same 100 * Constructs the default UriPolicy which is to only allow Uris to the same
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
134 } 134 }
135 135
136 136
137 class _ThrowsNodeValidator implements NodeValidator { 137 class _ThrowsNodeValidator implements NodeValidator {
138 final NodeValidator validator; 138 final NodeValidator validator;
139 139
140 _ThrowsNodeValidator(this.validator) {} 140 _ThrowsNodeValidator(this.validator) {}
141 141
142 bool allowsElement(Element element) { 142 bool allowsElement(Element element) {
143 if (!validator.allowsElement(element)) { 143 if (!validator.allowsElement(element)) {
144 throw new ArgumentError(element.tagName); 144 throw new ArgumentError(element._safeTagName);
145 } 145 }
146 return true; 146 return true;
147 } 147 }
148 148
149 bool allowsAttribute(Element element, String attributeName, String value) { 149 bool allowsAttribute(Element element, String attributeName, String value) {
150 if (!validator.allowsAttribute(element, attributeName, value)) { 150 if (!validator.allowsAttribute(element, attributeName, value)) {
151 throw new ArgumentError('${element.tagName}[$attributeName="$value"]'); 151 throw new ArgumentError('${element._safeTagName}[$attributeName="$value"]' );
152 } 152 }
153 } 153 }
154 } 154 }
155 155
156 156
157 /** 157 /**
158 * Standard tree sanitizer which validates a node tree against the provided 158 * Standard tree sanitizer which validates a node tree against the provided
159 * validator and removes any nodes or attributes which are not allowed. 159 * validator and removes any nodes or attributes which are not allowed.
160 */ 160 */
161 class _ValidatingTreeSanitizer implements NodeTreeSanitizer { 161 class _ValidatingTreeSanitizer implements NodeTreeSanitizer {
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
206 try { 206 try {
207 // If getting/indexing attributes throws, count that as corrupt. 207 // If getting/indexing attributes throws, count that as corrupt.
208 attrs = element.attributes; 208 attrs = element.attributes;
209 isAttr = attrs['is']; 209 isAttr = attrs['is'];
210 corrupted = Element._hasCorruptedAttributes(element); 210 corrupted = Element._hasCorruptedAttributes(element);
211 } catch(e) {} 211 } catch(e) {}
212 var elementText = 'element unprintable'; 212 var elementText = 'element unprintable';
213 try { 213 try {
214 elementText = element.toString(); 214 elementText = element.toString();
215 } catch(e) {} 215 } catch(e) {}
216 var elementTagName = 'element tag unavailable'; 216 var elementTagName = element._safeTagName;
217 try {
218 elementTagName = element.tagName;
219 } catch(e) {}
220 _sanitizeElement(element, parent, corrupted, elementText, elementTagName, 217 _sanitizeElement(element, parent, corrupted, elementText, elementTagName,
221 attrs, isAttr); 218 attrs, isAttr);
222 } 219 }
223 220
224 /// Having done basic sanity checking on the element, and computed the 221 /// Having done basic sanity checking on the element, and computed the
225 /// important attributes we want to check, remove it if it's not valid 222 /// important attributes we want to check, remove it if it's not valid
226 /// or not allowed, either as a whole or particular attributes. 223 /// or not allowed, either as a whole or particular attributes.
227 void _sanitizeElement(Element element, Node parent, bool corrupted, 224 void _sanitizeElement(Element element, Node parent, bool corrupted,
228 String text, String tag, Map attrs, String isAttr) { 225 String text, String tag, Map attrs, String isAttr) {
229 if (false != corrupted) { 226 if (false != corrupted) {
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
276 case Node.COMMENT_NODE: 273 case Node.COMMENT_NODE:
277 case Node.DOCUMENT_FRAGMENT_NODE: 274 case Node.DOCUMENT_FRAGMENT_NODE:
278 case Node.TEXT_NODE: 275 case Node.TEXT_NODE:
279 case Node.CDATA_SECTION_NODE: 276 case Node.CDATA_SECTION_NODE:
280 break; 277 break;
281 default: 278 default:
282 _removeNode(node, parent); 279 _removeNode(node, parent);
283 } 280 }
284 } 281 }
285 } 282 }
OLDNEW
« no previous file with comments | « tools/dom/src/NodeValidatorBuilder.dart ('k') | tools/dom/src/WrappedList.dart » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698