/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "nsISupports.idl" interface nsIURI; webidl DocumentFragment; webidl Element; /** * Non-Web HTML parser functionality to Firefox extensions and XULRunner apps. * Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc. * directly instead. */ [builtinclass, scriptable, uuid(a1101145-0025-411e-8873-fdf57bf28128)] interface nsIParserUtils : nsISupports { /** * Flag for sanitizer: Allow comment nodes. */ const unsigned long SanitizerAllowComments = (1 << 0); /** * Flag for sanitizer: Allow <style> and style="" (with contents sanitized * in case of -moz-binding). Note! If -moz-binding is absent, properties * that might be XSS risks in other Web engines are preserved! */ const unsigned long SanitizerAllowStyle = (1 << 1); /** * Flag for sanitizer: Only allow cid: URLs for embedded content. * * At present, sanitizing CSS backgrounds, etc., is not supported, so setting * this together with SanitizerAllowStyle doesn't make sense. * * At present, sanitizing CSS syntax in SVG presentational attributes is not * supported, so this option flattens out SVG. */ const unsigned long SanitizerCidEmbedsOnly = (1 << 2); /** * Flag for sanitizer: Drop non-CSS presentational HTML elements and * attributes, such as <font>, <center> and bgcolor="". */ const unsigned long SanitizerDropNonCSSPresentation = (1 << 3); /** * Flag for sanitizer: Drop forms and form controls (excluding * fieldset/legend). */ const unsigned long SanitizerDropForms = (1 << 4); /** * Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten * out SVG. */ const unsigned long SanitizerDropMedia = (1 << 5); /** * Flag for sanitizer: Log messages to the console for everything that gets * sanitized */ const unsigned long SanitizerLogRemovals = (1 << 6); /** * Parses a string into an HTML document, sanitizes the document and * returns the result serialized to a string. * * The sanitizer is designed to protect against XSS when sanitized content * is inserted into a different-origin context without an iframe-equivalent * sandboxing mechanism. * * By default, the sanitizer doesn't try to avoid leaking information that * the content was viewed to third parties. That is, by default, e.g. * <img src> pointing to an HTTP server potentially controlled by a third * party is not removed. To avoid ambient information leakage upon loading * the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that * case, <a href> links (and similar) to other content are preserved, so an * explicit user action (following a link) after the content has been loaded * can still leak information. * * By default, non-dangerous non-CSS presentational HTML elements and * attributes or forms are not removed. To remove these, use * SanitizerDropNonCSSPresentation and/or SanitizerDropForms. * * By default, comments and CSS is removed. To preserve comments, use * SanitizerAllowComments. To preserve <style> and style="", use * SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if * present. In this case, properties that Gecko doesn't recognize can get * removed as a side effect. Note! If -moz-binding is not present, <style> * and style="" and SanitizerAllowStyle is specified, the sanitized content * may still be XSS dangerous if loaded into a non-Gecko Web engine! * * @param src the HTML source to parse (C++ callers are allowed but not * required to use the same string for the return value.) * @param flags sanitization option flags defined above */ AString sanitize(in AString src, in unsigned long flags); /** * Removes conditional CSS (@media / etc) from the input string. */ AString removeConditionalCSS(in AString src); /** * Convert HTML to plain text. * * @param src the HTML source to parse (C++ callers are allowed but not * required to use the same string for the return value.) * @param flags conversion option flags defined in nsIDocumentEncoder * @param wrapCol number of characters per line; 0 for no auto-wrapping */ AString convertToPlainText(in AString src, in unsigned long flags, in unsigned long wrapCol); /** * Parses markup into a sanitized document fragment. * * @param fragment the input markup * @param flags sanitization option flags defined above * @param isXML true if |fragment| is XML and false if HTML * @param baseURI the base URL for this fragment * @param element the context node for the fragment parsing algorithm */ DocumentFragment parseFragment(in AString fragment, in unsigned long flags, in boolean isXML, in nsIURI baseURI, in Element element); }; %{ C++ #define NS_PARSERUTILS_CONTRACTID \ "@mozilla.org/parserutils;1" #define NS_PARSERUTILS_CID \ { 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } } %}