diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /parser/html/nsIParserUtils.idl | |
parent | Initial commit. (diff) | |
download | firefox-upstream/124.0.1.tar.xz firefox-upstream/124.0.1.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'parser/html/nsIParserUtils.idl')
-rw-r--r-- | parser/html/nsIParserUtils.idl | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/parser/html/nsIParserUtils.idl b/parser/html/nsIParserUtils.idl new file mode 100644 index 0000000000..a8027a83fb --- /dev/null +++ b/parser/html/nsIParserUtils.idl @@ -0,0 +1,141 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIURI; + +webidl DocumentFragment; +webidl Element; + +/** + * Non-Web HTML parser functionality to Firefox extensions and XULRunner apps. + * Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc. + * directly instead. + */ +[builtinclass, scriptable, uuid(a1101145-0025-411e-8873-fdf57bf28128)] +interface nsIParserUtils : nsISupports +{ + /** + * Flag for sanitizer: Allow comment nodes. + */ + const unsigned long SanitizerAllowComments = (1 << 0); + + /** + * Flag for sanitizer: Allow <style> and style="" (with contents sanitized + * in case of -moz-binding). Note! If -moz-binding is absent, properties + * that might be XSS risks in other Web engines are preserved! + */ + const unsigned long SanitizerAllowStyle = (1 << 1); + + /** + * Flag for sanitizer: Only allow cid: URLs for embedded content. + * + * At present, sanitizing CSS backgrounds, etc., is not supported, so setting + * this together with SanitizerAllowStyle doesn't make sense. + * + * At present, sanitizing CSS syntax in SVG presentational attributes is not + * supported, so this option flattens out SVG. + */ + const unsigned long SanitizerCidEmbedsOnly = (1 << 2); + + /** + * Flag for sanitizer: Drop non-CSS presentational HTML elements and + * attributes, such as <font>, <center> and bgcolor="". + */ + const unsigned long SanitizerDropNonCSSPresentation = (1 << 3); + + /** + * Flag for sanitizer: Drop forms and form controls (excluding + * fieldset/legend). + */ + const unsigned long SanitizerDropForms = (1 << 4); + + /** + * Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten + * out SVG. + */ + const unsigned long SanitizerDropMedia = (1 << 5); + + /** + * Flag for sanitizer: Log messages to the console for everything that gets + * sanitized + */ + const unsigned long SanitizerLogRemovals = (1 << 6); + + /** + * Parses a string into an HTML document, sanitizes the document and + * returns the result serialized to a string. + * + * The sanitizer is designed to protect against XSS when sanitized content + * is inserted into a different-origin context without an iframe-equivalent + * sandboxing mechanism. + * + * By default, the sanitizer doesn't try to avoid leaking information that + * the content was viewed to third parties. That is, by default, e.g. + * <img src> pointing to an HTTP server potentially controlled by a third + * party is not removed. To avoid ambient information leakage upon loading + * the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that + * case, <a href> links (and similar) to other content are preserved, so an + * explicit user action (following a link) after the content has been loaded + * can still leak information. + * + * By default, non-dangerous non-CSS presentational HTML elements and + * attributes or forms are not removed. To remove these, use + * SanitizerDropNonCSSPresentation and/or SanitizerDropForms. + * + * By default, comments and CSS is removed. To preserve comments, use + * SanitizerAllowComments. To preserve <style> and style="", use + * SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if + * present. In this case, properties that Gecko doesn't recognize can get + * removed as a side effect. Note! If -moz-binding is not present, <style> + * and style="" and SanitizerAllowStyle is specified, the sanitized content + * may still be XSS dangerous if loaded into a non-Gecko Web engine! + * + * @param src the HTML source to parse (C++ callers are allowed but not + * required to use the same string for the return value.) + * @param flags sanitization option flags defined above + */ + AString sanitize(in AString src, in unsigned long flags); + + /** + * Removes conditional CSS (@media / etc) from the input string. + */ + AString removeConditionalCSS(in AString src); + + /** + * Convert HTML to plain text. + * + * @param src the HTML source to parse (C++ callers are allowed but not + * required to use the same string for the return value.) + * @param flags conversion option flags defined in nsIDocumentEncoder + * @param wrapCol number of characters per line; 0 for no auto-wrapping + */ + AString convertToPlainText(in AString src, + in unsigned long flags, + in unsigned long wrapCol); + + /** + * Parses markup into a sanitized document fragment. + * + * @param fragment the input markup + * @param flags sanitization option flags defined above + * @param isXML true if |fragment| is XML and false if HTML + * @param baseURI the base URL for this fragment + * @param element the context node for the fragment parsing algorithm + */ + DocumentFragment parseFragment(in AString fragment, + in unsigned long flags, + in boolean isXML, + in nsIURI baseURI, + in Element element); + +}; + +%{ C++ +#define NS_PARSERUTILS_CONTRACTID \ + "@mozilla.org/parserutils;1" +#define NS_PARSERUTILS_CID \ +{ 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } } +%} |