| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 /** | 5 /** |
| 6 * Parse a very small subset of HTML. This ensures that insecure HTML / | 6 * Parse a very small subset of HTML. This ensures that insecure HTML / |
| 7 * javascript cannot be injected into the new tab page. | 7 * javascript cannot be injected into the new tab page. |
| 8 * @param {string} s The string to parse. | 8 * @param {string} s The string to parse. |
| 9 * @param {Array<string>=} opt_extraTags Optional extra allowed tags. | 9 * @param {Array<string>=} opt_extraTags Optional extra allowed tags. |
| 10 * @param {Object<function(Node, string):boolean>=} opt_extraAttrs | 10 * @param {Object<function(Node, string):boolean>=} opt_extraAttrs |
| 11 * Optional extra allowed attributes (all tags are run through these). | 11 * Optional extra allowed attributes (all tags are run through these). |
| 12 * @throws {Error} In case of non supported markup. | 12 * @throws {Error} In case of non supported markup. |
| 13 * @return {DocumentFragment} A document fragment containing the DOM tree. | 13 * @return {DocumentFragment} A document fragment containing the DOM tree. |
| 14 */ | 14 */ |
| 15 var parseHtmlSubset = (function() { | 15 var parseHtmlSubset = (function() { |
| 16 'use strict'; | 16 'use strict'; |
| 17 | 17 |
| 18 var allowedAttributes = { | 18 var allowedAttributes = { |
| 19 'href': function(node, value) { | 19 'href': function(node, value) { |
| 20 // Only allow a[href] starting with chrome:// and https:// | 20 // Only allow a[href] starting with chrome:// and https:// |
| 21 return node.tagName == 'A' && (value.indexOf('chrome://') == 0 || | 21 return node.tagName == 'A' && (value.indexOf('chrome://') == 0 || |
| 22 value.indexOf('https://') == 0); | 22 value.indexOf('https://') == 0); |
| 23 }, | 23 }, |
| 24 'target': function(node, value) { | 24 'target': function(node, value) { |
| 25 // Allow a[target] but reset the value to "". | 25 // Only allow a[target='_blank']. |
| 26 if (node.tagName != 'A') | 26 // TODO(dbeam): are there valid use cases for target != '_blank'? |
| 27 return false; | 27 return node.tagName == 'A' && value == '_blank'; |
| 28 node.setAttribute('target', ''); | 28 }, |
| 29 return true; | |
| 30 } | |
| 31 }; | 29 }; |
| 32 | 30 |
| 33 /** | 31 /** |
| 34 * Whitelist of tag names allowed in parseHtmlSubset. | 32 * Whitelist of tag names allowed in parseHtmlSubset. |
| 35 * @type {!Array<string>} | 33 * @type {!Array<string>} |
| 36 * @const | 34 * @const |
| 37 */ | 35 */ |
| 38 var allowedTags = ['A', 'B', 'STRONG']; | 36 var allowedTags = ['A', 'B', 'STRONG']; |
| 39 | 37 |
| 40 /** @param {...Object} var_args Objects to merge. */ | 38 /** @param {...Object} var_args Objects to merge. */ |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 96 case Node.TEXT_NODE: | 94 case Node.TEXT_NODE: |
| 97 break; | 95 break; |
| 98 | 96 |
| 99 default: | 97 default: |
| 100 throw Error('Node type ' + node.nodeType + ' is not supported'); | 98 throw Error('Node type ' + node.nodeType + ' is not supported'); |
| 101 } | 99 } |
| 102 }); | 100 }); |
| 103 return df; | 101 return df; |
| 104 }; | 102 }; |
| 105 })(); | 103 })(); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1907653002:
WebUI: allow target="_blank" by default in parseHtmlSubset(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master