OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Peter Kelly (pmk@post.com) | 4 * (C) 2001 Peter Kelly (pmk@post.com) |
5 * (C) 2001 Dirk Mueller (mueller@kde.org) | 5 * (C) 2001 Dirk Mueller (mueller@kde.org) |
6 * (C) 2007 David Smith (catfish.man@gmail.com) | 6 * (C) 2007 David Smith (catfish.man@gmail.com) |
7 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012, 2013 Apple Inc.
All rights reserved. | 7 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012, 2013 Apple Inc.
All rights reserved. |
8 * (C) 2007 Eric Seidel (eric@webkit.org) | 8 * (C) 2007 Eric Seidel (eric@webkit.org) |
9 * | 9 * |
10 * This library is free software; you can redistribute it and/or | 10 * This library is free software; you can redistribute it and/or |
(...skipping 1021 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1032 // Returns true is the given attribute is an event handler. | 1032 // Returns true is the given attribute is an event handler. |
1033 // We consider an event handler any attribute that begins with "on". | 1033 // We consider an event handler any attribute that begins with "on". |
1034 // It is a simple solution that has the advantage of not requiring any | 1034 // It is a simple solution that has the advantage of not requiring any |
1035 // code or configuration change if a new event handler is defined. | 1035 // code or configuration change if a new event handler is defined. |
1036 | 1036 |
1037 static inline bool isEventHandlerAttribute(const Attribute& attribute) | 1037 static inline bool isEventHandlerAttribute(const Attribute& attribute) |
1038 { | 1038 { |
1039 return attribute.name().namespaceURI().isNull() && attribute.name().localNam
e().startsWith("on"); | 1039 return attribute.name().namespaceURI().isNull() && attribute.name().localNam
e().startsWith("on"); |
1040 } | 1040 } |
1041 | 1041 |
1042 bool Element::isJavaScriptURLAttribute(const Attribute& attribute) | 1042 bool Element::isJavaScriptURLAttribute(const Attribute& attribute) const |
1043 { | 1043 { |
1044 if (!isURLAttribute(attribute)) | 1044 return isURLAttribute(attribute) && protocolIsJavaScript(stripLeadingAndTrai
lingHTMLSpaces(attribute.value())); |
1045 return false; | |
1046 if (!protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(attribute.value(
)))) | |
1047 return false; | |
1048 return true; | |
1049 } | 1045 } |
1050 | 1046 |
1051 bool Element::isJavaScriptAttribute(const Attribute& attribute) | 1047 void Element::stripScriptingAttributes(Vector<Attribute>& attributeVector) const |
1052 { | |
1053 if (isEventHandlerAttribute(attribute)) | |
1054 return true; | |
1055 if (isJavaScriptURLAttribute(attribute)) | |
1056 return true; | |
1057 return false; | |
1058 } | |
1059 | |
1060 void Element::stripJavaScriptAttributes(Vector<Attribute>& attributeVector) | |
1061 { | 1048 { |
1062 size_t destination = 0; | 1049 size_t destination = 0; |
1063 for (size_t source = 0; source < attributeVector.size(); ++source) { | 1050 for (size_t source = 0; source < attributeVector.size(); ++source) { |
1064 if (isJavaScriptAttribute(attributeVector[source])) | 1051 if (isEventHandlerAttribute(attributeVector[source]) |
| 1052 || isJavaScriptURLAttribute(attributeVector[source]) |
| 1053 || isHTMLContentAttribute(attributeVector[source])) |
1065 continue; | 1054 continue; |
1066 | 1055 |
1067 if (source != destination) | 1056 if (source != destination) |
1068 attributeVector[destination] = attributeVector[source]; | 1057 attributeVector[destination] = attributeVector[source]; |
1069 | 1058 |
1070 ++destination; | 1059 ++destination; |
1071 } | 1060 } |
1072 attributeVector.shrink(destination); | 1061 attributeVector.shrink(destination); |
1073 } | 1062 } |
1074 | 1063 |
(...skipping 2050 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3125 return 0; | 3114 return 0; |
3126 } | 3115 } |
3127 | 3116 |
3128 Attribute* UniqueElementData::attributeItem(unsigned index) | 3117 Attribute* UniqueElementData::attributeItem(unsigned index) |
3129 { | 3118 { |
3130 ASSERT_WITH_SECURITY_IMPLICATION(index < length()); | 3119 ASSERT_WITH_SECURITY_IMPLICATION(index < length()); |
3131 return &m_attributeVector.at(index); | 3120 return &m_attributeVector.at(index); |
3132 } | 3121 } |
3133 | 3122 |
3134 } // namespace WebCore | 3123 } // namespace WebCore |
OLD | NEW |