summaryrefslogtreecommitdiffstats
path: root/dom/security/sanitizer/Sanitizer.cpp
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--dom/security/sanitizer/Sanitizer.cpp187
1 files changed, 187 insertions, 0 deletions
diff --git a/dom/security/sanitizer/Sanitizer.cpp b/dom/security/sanitizer/Sanitizer.cpp
new file mode 100644
index 0000000000..9d087523ff
--- /dev/null
+++ b/dom/security/sanitizer/Sanitizer.cpp
@@ -0,0 +1,187 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "BindingDeclarations.h"
+#include "mozilla/dom/BindingUtils.h"
+#include "mozilla/dom/DocumentFragment.h"
+#include "mozilla/dom/SanitizerBinding.h"
+#include "nsContentUtils.h"
+#include "nsGenericHTMLElement.h"
+#include "nsTreeSanitizer.h"
+#include "Sanitizer.h"
+
+namespace mozilla::dom {
+
+NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(Sanitizer, mGlobal)
+
+NS_IMPL_CYCLE_COLLECTING_ADDREF(Sanitizer)
+NS_IMPL_CYCLE_COLLECTING_RELEASE(Sanitizer)
+
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(Sanitizer)
+ NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY
+ NS_INTERFACE_MAP_ENTRY(nsISupports)
+NS_INTERFACE_MAP_END
+
+JSObject* Sanitizer::WrapObject(JSContext* aCx,
+ JS::Handle<JSObject*> aGivenProto) {
+ return Sanitizer_Binding::Wrap(aCx, this, aGivenProto);
+}
+
+/* static */
+already_AddRefed<Sanitizer> Sanitizer::New(nsIGlobalObject* aGlobal,
+ const SanitizerConfig& aOptions,
+ ErrorResult& aRv) {
+ nsTreeSanitizer treeSanitizer(nsIParserUtils::SanitizerAllowStyle);
+ treeSanitizer.WithWebSanitizerOptions(aGlobal, aOptions, aRv);
+ if (aRv.Failed()) {
+ return nullptr;
+ }
+
+ RefPtr<Sanitizer> sanitizer =
+ new Sanitizer(aGlobal, std::move(treeSanitizer));
+ return sanitizer.forget();
+}
+
+/* static */
+already_AddRefed<Sanitizer> Sanitizer::Constructor(
+ const GlobalObject& aGlobal, const SanitizerConfig& aOptions,
+ ErrorResult& aRv) {
+ nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports());
+ return New(global, aOptions, aRv);
+}
+
+/* static */
+already_AddRefed<DocumentFragment> Sanitizer::InputToNewFragment(
+ const mozilla::dom::DocumentFragmentOrDocument& aInput, ErrorResult& aRv) {
+ // turns an DocumentFragmentOrDocument into a new DocumentFragment for
+ // internal use with nsTreeSanitizer
+
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal);
+ if (!window || !window->GetDoc()) {
+ // FIXME: Should we throw another exception?
+ aRv.Throw(NS_ERROR_FAILURE);
+ return nullptr;
+ }
+
+ // We need to create a new docfragment based on the input
+ // and can't use a live document (possibly with mutation observershandlers)
+ nsAutoString innerHTML;
+ if (aInput.IsDocumentFragment()) {
+ RefPtr<DocumentFragment> inFragment = &aInput.GetAsDocumentFragment();
+ inFragment->GetInnerHTML(innerHTML);
+ } else if (aInput.IsDocument()) {
+ RefPtr<Document> doc = &aInput.GetAsDocument();
+ nsCOMPtr<Element> docElement = doc->GetDocumentElement();
+ if (docElement) {
+ docElement->GetInnerHTML(innerHTML, IgnoreErrors());
+ }
+ }
+ if (innerHTML.IsEmpty()) {
+ AutoTArray<nsString, 1> params = {};
+ LogLocalizedString("SanitizerRcvdNoInput", params,
+ nsIScriptError::warningFlag);
+
+ RefPtr<DocumentFragment> emptyFragment =
+ window->GetDoc()->CreateDocumentFragment();
+ return emptyFragment.forget();
+ }
+ // Create an inert HTML document, loaded as data.
+ // this ensures we do not cause any requests.
+ RefPtr<Document> emptyDoc =
+ nsContentUtils::CreateInertHTMLDocument(window->GetDoc());
+ if (!emptyDoc) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return nullptr;
+ }
+ // We don't have a context element yet. let's create a mock HTML body element
+ RefPtr<mozilla::dom::NodeInfo> info =
+ emptyDoc->NodeInfoManager()->GetNodeInfo(
+ nsGkAtoms::body, nullptr, kNameSpaceID_XHTML, nsINode::ELEMENT_NODE);
+
+ nsCOMPtr<nsINode> context = NS_NewHTMLBodyElement(
+ info.forget(), mozilla::dom::FromParser::FROM_PARSER_FRAGMENT);
+ RefPtr<DocumentFragment> fragment = nsContentUtils::CreateContextualFragment(
+ context, innerHTML, true /* aPreventScriptExecution */, aRv);
+ if (aRv.Failed()) {
+ aRv.ThrowInvalidStateError("Could not parse input");
+ return nullptr;
+ }
+ return fragment.forget();
+}
+
+already_AddRefed<DocumentFragment> Sanitizer::Sanitize(
+ const mozilla::dom::DocumentFragmentOrDocument& aInput, ErrorResult& aRv) {
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal);
+ if (!window || !window->GetDoc()) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return nullptr;
+ }
+ RefPtr<DocumentFragment> fragment =
+ Sanitizer::InputToNewFragment(aInput, aRv);
+ if (aRv.Failed()) {
+ return nullptr;
+ }
+
+ mTreeSanitizer.Sanitize(fragment);
+ return fragment.forget();
+}
+
+RefPtr<DocumentFragment> Sanitizer::SanitizeFragment(
+ RefPtr<DocumentFragment> aFragment, ErrorResult& aRv) {
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal);
+ if (!window || !window->GetDoc()) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return nullptr;
+ }
+ // FIXME(freddyb)
+ // (how) can we assert that the supplied doc is indeed inert?
+ mTreeSanitizer.Sanitize(aFragment);
+ return aFragment.forget();
+}
+
+/* ------ Logging ------ */
+
+void Sanitizer::LogLocalizedString(const char* aName,
+ const nsTArray<nsString>& aParams,
+ uint32_t aFlags) {
+ uint64_t innerWindowID = 0;
+ bool isPrivateBrowsing = true;
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal);
+ if (window && window->GetDoc()) {
+ auto* doc = window->GetDoc();
+ innerWindowID = doc->InnerWindowID();
+ isPrivateBrowsing = nsContentUtils::IsInPrivateBrowsing(doc);
+ }
+ nsAutoString logMsg;
+ nsContentUtils::FormatLocalizedString(nsContentUtils::eSECURITY_PROPERTIES,
+ aName, aParams, logMsg);
+ LogMessage(logMsg, aFlags, innerWindowID, isPrivateBrowsing);
+}
+
+/* static */
+void Sanitizer::LogMessage(const nsAString& aMessage, uint32_t aFlags,
+ uint64_t aInnerWindowID, bool aFromPrivateWindow) {
+ // Prepending 'Sanitizer' to the outgoing console message
+ nsString message;
+ message.AppendLiteral(u"Sanitizer: ");
+ message.Append(aMessage);
+
+ // Allow for easy distinction in devtools code.
+ constexpr auto category = "Sanitizer"_ns;
+
+ if (aInnerWindowID > 0) {
+ // Send to content console
+ nsContentUtils::ReportToConsoleByWindowID(message, aFlags, category,
+ aInnerWindowID);
+ } else {
+ // Send to browser console
+ nsContentUtils::LogSimpleConsoleError(message, category, aFromPrivateWindow,
+ true /* from chrome context */,
+ aFlags);
+ }
+}
+
+} // namespace mozilla::dom