Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(159)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tools/dom/src/Html5NodeValidator.dart

Issue 16374007: First rev of Safe DOM (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart
Patch Set: Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « tools/dom/scripts/systemhtml.py ('k') | tools/dom/src/NodeValidatorBuilder.dart » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // DO NOT EDIT- this file is generated from running tool/generator.sh.
2
3 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file
4 // for details. All rights reserved. Use of this source code is governed by a
5 // BSD-style license that can be found in the LICENSE file.
6
7 part of dart.dom.html;
8
9 /**
10 * A Dart DOM validator generated from Caja whitelists.
11 *
12 * This contains a whitelist of known HTML tagNames and attributes and will only
13 * accept known good values.
14 *
15 * See also:
16 *
17 * * <https://code.google.com/p/google-caja/wiki/CajaWhitelists>
18 */
19 class _Html5NodeValidator implements NodeValidator {
20
21 static final Set<String> _allowedElements = new Set.from([
22 'A',
23 'ABBR',
24 'ACRONYM',
25 'ADDRESS',
26 'AREA',
27 'ARTICLE',
28 'ASIDE',
29 'AUDIO',
30 'B',
31 'BDI',
32 'BDO',
33 'BIG',
34 'BLOCKQUOTE',
35 'BR',
36 'BUTTON',
37 'CANVAS',
38 'CAPTION',
39 'CENTER',
40 'CITE',
41 'CODE',
42 'COL',
43 'COLGROUP',
44 'COMMAND',
45 'DATA',
46 'DATALIST',
47 'DD',
48 'DEL',
49 'DETAILS',
50 'DFN',
51 'DIR',
52 'DIV',
53 'DL',
54 'DT',
55 'EM',
56 'FIELDSET',
57 'FIGCAPTION',
58 'FIGURE',
59 'FONT',
60 'FOOTER',
61 'FORM',
62 'H1',
63 'H2',
64 'H3',
65 'H4',
66 'H5',
67 'H6',
68 'HEADER',
69 'HGROUP',
70 'HR',
71 'I',
72 'IFRAME',
73 'IMG',
74 'INPUT',
75 'INS',
76 'KBD',
77 'LABEL',
78 'LEGEND',
79 'LI',
80 'MAP',
81 'MARK',
82 'MENU',
83 'METER',
84 'NAV',
85 'NOBR',
86 'OL',
87 'OPTGROUP',
88 'OPTION',
89 'OUTPUT',
90 'P',
91 'PRE',
92 'PROGRESS',
93 'Q',
94 'S',
95 'SAMP',
96 'SECTION',
97 'SELECT',
98 'SMALL',
99 'SOURCE',
100 'SPAN',
101 'STRIKE',
102 'STRONG',
103 'SUB',
104 'SUMMARY',
105 'SUP',
106 'TABLE',
107 'TBODY',
108 'TD',
109 'TEXTAREA',
110 'TFOOT',
111 'TH',
112 'THEAD',
113 'TIME',
114 'TR',
115 'TRACK',
116 'TT',
117 'U',
118 'UL',
119 'VAR',
120 'VIDEO',
121 'WBR',
122 ]);
123
124 static const _standardAttributes = const <String>[
125 '*::class',
126 '*::dir',
127 '*::draggable',
128 '*::hidden',
129 '*::id',
130 '*::inert',
131 '*::itemprop',
132 '*::itemref',
133 '*::itemscope',
134 '*::lang',
135 '*::spellcheck',
136 '*::title',
137 '*::translate',
138 'A::accesskey',
139 'A::coords',
140 'A::hreflang',
141 'A::name',
142 'A::shape',
143 'A::tabindex',
144 'A::target',
145 'A::type',
146 'AREA::accesskey',
147 'AREA::alt',
148 'AREA::coords',
149 'AREA::nohref',
150 'AREA::shape',
151 'AREA::tabindex',
152 'AREA::target',
153 'AUDIO::controls',
154 'AUDIO::loop',
155 'AUDIO::mediagroup',
156 'AUDIO::muted',
157 'AUDIO::preload',
158 'BDO::dir',
159 'BODY::alink',
160 'BODY::bgcolor',
161 'BODY::link',
162 'BODY::text',
163 'BODY::vlink',
164 'BR::clear',
165 'BUTTON::accesskey',
166 'BUTTON::disabled',
167 'BUTTON::name',
168 'BUTTON::tabindex',
169 'BUTTON::type',
170 'BUTTON::value',
171 'CANVAS::height',
172 'CANVAS::width',
173 'CAPTION::align',
174 'COL::align',
175 'COL::char',
176 'COL::charoff',
177 'COL::span',
178 'COL::valign',
179 'COL::width',
180 'COLGROUP::align',
181 'COLGROUP::char',
182 'COLGROUP::charoff',
183 'COLGROUP::span',
184 'COLGROUP::valign',
185 'COLGROUP::width',
186 'COMMAND::checked',
187 'COMMAND::command',
188 'COMMAND::disabled',
189 'COMMAND::label',
190 'COMMAND::radiogroup',
191 'COMMAND::type',
192 'DATA::value',
193 'DEL::datetime',
194 'DETAILS::open',
195 'DIR::compact',
196 'DIV::align',
197 'DL::compact',
198 'FIELDSET::disabled',
199 'FONT::color',
200 'FONT::face',
201 'FONT::size',
202 'FORM::accept',
203 'FORM::autocomplete',
204 'FORM::enctype',
205 'FORM::method',
206 'FORM::name',
207 'FORM::novalidate',
208 'FORM::target',
209 'FRAME::name',
210 'H1::align',
211 'H2::align',
212 'H3::align',
213 'H4::align',
214 'H5::align',
215 'H6::align',
216 'HR::align',
217 'HR::noshade',
218 'HR::size',
219 'HR::width',
220 'HTML::version',
221 'IFRAME::align',
222 'IFRAME::frameborder',
223 'IFRAME::height',
224 'IFRAME::marginheight',
225 'IFRAME::marginwidth',
226 'IFRAME::width',
227 'IMG::align',
228 'IMG::alt',
229 'IMG::border',
230 'IMG::height',
231 'IMG::hspace',
232 'IMG::ismap',
233 'IMG::name',
234 'IMG::usemap',
235 'IMG::vspace',
236 'IMG::width',
237 'INPUT::accept',
238 'INPUT::accesskey',
239 'INPUT::align',
240 'INPUT::alt',
241 'INPUT::autocomplete',
242 'INPUT::checked',
243 'INPUT::disabled',
244 'INPUT::inputmode',
245 'INPUT::ismap',
246 'INPUT::list',
247 'INPUT::max',
248 'INPUT::maxlength',
249 'INPUT::min',
250 'INPUT::multiple',
251 'INPUT::name',
252 'INPUT::placeholder',
253 'INPUT::readonly',
254 'INPUT::required',
255 'INPUT::size',
256 'INPUT::step',
257 'INPUT::tabindex',
258 'INPUT::type',
259 'INPUT::usemap',
260 'INPUT::value',
261 'INS::datetime',
262 'KEYGEN::disabled',
263 'KEYGEN::keytype',
264 'KEYGEN::name',
265 'LABEL::accesskey',
266 'LABEL::for',
267 'LEGEND::accesskey',
268 'LEGEND::align',
269 'LI::type',
270 'LI::value',
271 'LINK::sizes',
272 'MAP::name',
273 'MENU::compact',
274 'MENU::label',
275 'MENU::type',
276 'METER::high',
277 'METER::low',
278 'METER::max',
279 'METER::min',
280 'METER::value',
281 'OBJECT::typemustmatch',
282 'OL::compact',
283 'OL::reversed',
284 'OL::start',
285 'OL::type',
286 'OPTGROUP::disabled',
287 'OPTGROUP::label',
288 'OPTION::disabled',
289 'OPTION::label',
290 'OPTION::selected',
291 'OPTION::value',
292 'OUTPUT::for',
293 'OUTPUT::name',
294 'P::align',
295 'PRE::width',
296 'PROGRESS::max',
297 'PROGRESS::min',
298 'PROGRESS::value',
299 'SELECT::autocomplete',
300 'SELECT::disabled',
301 'SELECT::multiple',
302 'SELECT::name',
303 'SELECT::required',
304 'SELECT::size',
305 'SELECT::tabindex',
306 'SOURCE::type',
307 'TABLE::align',
308 'TABLE::bgcolor',
309 'TABLE::border',
310 'TABLE::cellpadding',
311 'TABLE::cellspacing',
312 'TABLE::frame',
313 'TABLE::rules',
314 'TABLE::summary',
315 'TABLE::width',
316 'TBODY::align',
317 'TBODY::char',
318 'TBODY::charoff',
319 'TBODY::valign',
320 'TD::abbr',
321 'TD::align',
322 'TD::axis',
323 'TD::bgcolor',
324 'TD::char',
325 'TD::charoff',
326 'TD::colspan',
327 'TD::headers',
328 'TD::height',
329 'TD::nowrap',
330 'TD::rowspan',
331 'TD::scope',
332 'TD::valign',
333 'TD::width',
334 'TEXTAREA::accesskey',
335 'TEXTAREA::autocomplete',
336 'TEXTAREA::cols',
337 'TEXTAREA::disabled',
338 'TEXTAREA::inputmode',
339 'TEXTAREA::name',
340 'TEXTAREA::placeholder',
341 'TEXTAREA::readonly',
342 'TEXTAREA::required',
343 'TEXTAREA::rows',
344 'TEXTAREA::tabindex',
345 'TEXTAREA::wrap',
346 'TFOOT::align',
347 'TFOOT::char',
348 'TFOOT::charoff',
349 'TFOOT::valign',
350 'TH::abbr',
351 'TH::align',
352 'TH::axis',
353 'TH::bgcolor',
354 'TH::char',
355 'TH::charoff',
356 'TH::colspan',
357 'TH::headers',
358 'TH::height',
359 'TH::nowrap',
360 'TH::rowspan',
361 'TH::scope',
362 'TH::valign',
363 'TH::width',
364 'THEAD::align',
365 'THEAD::char',
366 'THEAD::charoff',
367 'THEAD::valign',
368 'TR::align',
369 'TR::bgcolor',
370 'TR::char',
371 'TR::charoff',
372 'TR::valign',
373 'TRACK::default',
374 'TRACK::kind',
375 'TRACK::label',
376 'TRACK::srclang',
377 'UL::compact',
378 'UL::type',
379 'VIDEO::controls',
380 'VIDEO::height',
381 'VIDEO::loop',
382 'VIDEO::mediagroup',
383 'VIDEO::muted',
384 'VIDEO::preload',
385 'VIDEO::width',
386 ];
387
388 static const _uriAttributes = const <String>[
389 'A::href',
390 'AREA::href',
391 'BLOCKQUOTE::cite',
392 'BODY::background',
393 'COMMAND::icon',
394 'DEL::cite',
395 'FORM::action',
396 'IMG::src',
397 'INPUT::src',
398 'INS::cite',
399 'Q::cite',
400 'VIDEO::poster',
401 ];
402
403 final UriPolicy uriPolicy;
404
405 static final Map<String, Function> _attributeValidators = {};
406
407 /**
408 * All known URI attributes will be validated against the UriPolicy, if
409 * [uriPolicy] is null then a default UriPolicy will be used.
410 */
411 _Html5NodeValidator({UriPolicy uriPolicy})
412 :uriPolicy = uriPolicy != null ? uriPolicy : new UriPolicy() {
413
414 if (_attributeValidators.isEmpty) {
415 for (var attr in _standardAttributes) {
416 _attributeValidators[attr] = _standardAttributeValidator;
417 }
418
419 for (var attr in _uriAttributes) {
420 _attributeValidators[attr] = _uriAttributeValidator;
421 }
422 }
423 }
424
425 bool allowsElement(Element element) {
426 return _allowedElements.contains(element.tagName);
427 }
428
429 bool allowsAttribute(Element element, String attributeName, String value) {
430 var tagName = element.tagName;
431 var validator = _attributeValidators['$tagName::$attributeName'];
432 if (validator == null) {
433 validator = _attributeValidators['*::$attributeName'];
434 }
435 if (validator == null) {
436 return false;
437 }
438 return validator(element, attributeName, value, this);
439 }
440
441 static bool _standardAttributeValidator(Element element, String attributeName,
442 String value, _Html5NodeValidator context) {
443 return true;
444 }
445
446 static bool _uriAttributeValidator(Element element, String attributeName,
447 String value, _Html5NodeValidator context) {
448 return context.uriPolicy.allowsUri(value);
449 }
450 }
OLDNEW
« no previous file with comments | « tools/dom/scripts/systemhtml.py ('k') | tools/dom/src/NodeValidatorBuilder.dart » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698