mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-03 02:25:34 +00:00
16170f25a6
DONTBUILD because this is just whitespace cleanup. I found the files to fix up here using this command: grep -r ' ' * 2>/dev/null | grep -v "other-licenses" | grep "idl:" I replaced the tab characters with however many spaces seemed consistent with the indentation in the surrounding code (and did some minor space-indentation cleanup in contextual lines to preserve alignment, in a few cases). Differential Revision: https://phabricator.services.mozilla.com/D160577
142 lines
5.3 KiB
Plaintext
142 lines
5.3 KiB
Plaintext
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
interface nsIURI;
|
|
|
|
webidl DocumentFragment;
|
|
webidl Element;
|
|
|
|
/**
|
|
* Non-Web HTML parser functionality to Firefox extensions and XULRunner apps.
|
|
* Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc.
|
|
* directly instead.
|
|
*/
|
|
[builtinclass, scriptable, uuid(a1101145-0025-411e-8873-fdf57bf28128)]
|
|
interface nsIParserUtils : nsISupports
|
|
{
|
|
/**
|
|
* Flag for sanitizer: Allow comment nodes.
|
|
*/
|
|
const unsigned long SanitizerAllowComments = (1 << 0);
|
|
|
|
/**
|
|
* Flag for sanitizer: Allow <style> and style="" (with contents sanitized
|
|
* in case of -moz-binding). Note! If -moz-binding is absent, properties
|
|
* that might be XSS risks in other Web engines are preserved!
|
|
*/
|
|
const unsigned long SanitizerAllowStyle = (1 << 1);
|
|
|
|
/**
|
|
* Flag for sanitizer: Only allow cid: URLs for embedded content.
|
|
*
|
|
* At present, sanitizing CSS backgrounds, etc., is not supported, so setting
|
|
* this together with SanitizerAllowStyle doesn't make sense.
|
|
*
|
|
* At present, sanitizing CSS syntax in SVG presentational attributes is not
|
|
* supported, so this option flattens out SVG.
|
|
*/
|
|
const unsigned long SanitizerCidEmbedsOnly = (1 << 2);
|
|
|
|
/**
|
|
* Flag for sanitizer: Drop non-CSS presentational HTML elements and
|
|
* attributes, such as <font>, <center> and bgcolor="".
|
|
*/
|
|
const unsigned long SanitizerDropNonCSSPresentation = (1 << 3);
|
|
|
|
/**
|
|
* Flag for sanitizer: Drop forms and form controls (excluding
|
|
* fieldset/legend).
|
|
*/
|
|
const unsigned long SanitizerDropForms = (1 << 4);
|
|
|
|
/**
|
|
* Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten
|
|
* out SVG.
|
|
*/
|
|
const unsigned long SanitizerDropMedia = (1 << 5);
|
|
|
|
/**
|
|
* Flag for sanitizer: Log messages to the console for everything that gets
|
|
* sanitized
|
|
*/
|
|
const unsigned long SanitizerLogRemovals = (1 << 6);
|
|
|
|
/**
|
|
* Parses a string into an HTML document, sanitizes the document and
|
|
* returns the result serialized to a string.
|
|
*
|
|
* The sanitizer is designed to protect against XSS when sanitized content
|
|
* is inserted into a different-origin context without an iframe-equivalent
|
|
* sandboxing mechanism.
|
|
*
|
|
* By default, the sanitizer doesn't try to avoid leaking information that
|
|
* the content was viewed to third parties. That is, by default, e.g.
|
|
* <img src> pointing to an HTTP server potentially controlled by a third
|
|
* party is not removed. To avoid ambient information leakage upon loading
|
|
* the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that
|
|
* case, <a href> links (and similar) to other content are preserved, so an
|
|
* explicit user action (following a link) after the content has been loaded
|
|
* can still leak information.
|
|
*
|
|
* By default, non-dangerous non-CSS presentational HTML elements and
|
|
* attributes or forms are not removed. To remove these, use
|
|
* SanitizerDropNonCSSPresentation and/or SanitizerDropForms.
|
|
*
|
|
* By default, comments and CSS is removed. To preserve comments, use
|
|
* SanitizerAllowComments. To preserve <style> and style="", use
|
|
* SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if
|
|
* present. In this case, properties that Gecko doesn't recognize can get
|
|
* removed as a side effect. Note! If -moz-binding is not present, <style>
|
|
* and style="" and SanitizerAllowStyle is specified, the sanitized content
|
|
* may still be XSS dangerous if loaded into a non-Gecko Web engine!
|
|
*
|
|
* @param src the HTML source to parse (C++ callers are allowed but not
|
|
* required to use the same string for the return value.)
|
|
* @param flags sanitization option flags defined above
|
|
*/
|
|
AString sanitize(in AString src, in unsigned long flags);
|
|
|
|
/**
|
|
* Removes conditional CSS (@media / etc) from the input string.
|
|
*/
|
|
AString removeConditionalCSS(in AString src);
|
|
|
|
/**
|
|
* Convert HTML to plain text.
|
|
*
|
|
* @param src the HTML source to parse (C++ callers are allowed but not
|
|
* required to use the same string for the return value.)
|
|
* @param flags conversion option flags defined in nsIDocumentEncoder
|
|
* @param wrapCol number of characters per line; 0 for no auto-wrapping
|
|
*/
|
|
AString convertToPlainText(in AString src,
|
|
in unsigned long flags,
|
|
in unsigned long wrapCol);
|
|
|
|
/**
|
|
* Parses markup into a sanitized document fragment.
|
|
*
|
|
* @param fragment the input markup
|
|
* @param flags sanitization option flags defined above
|
|
* @param isXML true if |fragment| is XML and false if HTML
|
|
* @param baseURI the base URL for this fragment
|
|
* @param element the context node for the fragment parsing algorithm
|
|
*/
|
|
DocumentFragment parseFragment(in AString fragment,
|
|
in unsigned long flags,
|
|
in boolean isXML,
|
|
in nsIURI baseURI,
|
|
in Element element);
|
|
|
|
};
|
|
|
|
%{ C++
|
|
#define NS_PARSERUTILS_CONTRACTID \
|
|
"@mozilla.org/parserutils;1"
|
|
#define NS_PARSERUTILS_CID \
|
|
{ 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } }
|
|
%}
|