summaryrefslogtreecommitdiffstats
path: root/parser/html/nsIParserUtils.idl
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--parser/html/nsIParserUtils.idl141
1 files changed, 141 insertions, 0 deletions
diff --git a/parser/html/nsIParserUtils.idl b/parser/html/nsIParserUtils.idl
new file mode 100644
index 0000000000..a8027a83fb
--- /dev/null
+++ b/parser/html/nsIParserUtils.idl
@@ -0,0 +1,141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIURI;
+
+webidl DocumentFragment;
+webidl Element;
+
+/**
+ * Non-Web HTML parser functionality to Firefox extensions and XULRunner apps.
+ * Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc.
+ * directly instead.
+ */
+[builtinclass, scriptable, uuid(a1101145-0025-411e-8873-fdf57bf28128)]
+interface nsIParserUtils : nsISupports
+{
+ /**
+ * Flag for sanitizer: Allow comment nodes.
+ */
+ const unsigned long SanitizerAllowComments = (1 << 0);
+
+ /**
+ * Flag for sanitizer: Allow <style> and style="" (with contents sanitized
+ * in case of -moz-binding). Note! If -moz-binding is absent, properties
+ * that might be XSS risks in other Web engines are preserved!
+ */
+ const unsigned long SanitizerAllowStyle = (1 << 1);
+
+ /**
+ * Flag for sanitizer: Only allow cid: URLs for embedded content.
+ *
+ * At present, sanitizing CSS backgrounds, etc., is not supported, so setting
+ * this together with SanitizerAllowStyle doesn't make sense.
+ *
+ * At present, sanitizing CSS syntax in SVG presentational attributes is not
+ * supported, so this option flattens out SVG.
+ */
+ const unsigned long SanitizerCidEmbedsOnly = (1 << 2);
+
+ /**
+ * Flag for sanitizer: Drop non-CSS presentational HTML elements and
+ * attributes, such as <font>, <center> and bgcolor="".
+ */
+ const unsigned long SanitizerDropNonCSSPresentation = (1 << 3);
+
+ /**
+ * Flag for sanitizer: Drop forms and form controls (excluding
+ * fieldset/legend).
+ */
+ const unsigned long SanitizerDropForms = (1 << 4);
+
+ /**
+ * Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten
+ * out SVG.
+ */
+ const unsigned long SanitizerDropMedia = (1 << 5);
+
+ /**
+ * Flag for sanitizer: Log messages to the console for everything that gets
+ * sanitized
+ */
+ const unsigned long SanitizerLogRemovals = (1 << 6);
+
+ /**
+ * Parses a string into an HTML document, sanitizes the document and
+ * returns the result serialized to a string.
+ *
+ * The sanitizer is designed to protect against XSS when sanitized content
+ * is inserted into a different-origin context without an iframe-equivalent
+ * sandboxing mechanism.
+ *
+ * By default, the sanitizer doesn't try to avoid leaking information that
+ * the content was viewed to third parties. That is, by default, e.g.
+ * <img src> pointing to an HTTP server potentially controlled by a third
+ * party is not removed. To avoid ambient information leakage upon loading
+ * the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that
+ * case, <a href> links (and similar) to other content are preserved, so an
+ * explicit user action (following a link) after the content has been loaded
+ * can still leak information.
+ *
+ * By default, non-dangerous non-CSS presentational HTML elements and
+ * attributes or forms are not removed. To remove these, use
+ * SanitizerDropNonCSSPresentation and/or SanitizerDropForms.
+ *
+ * By default, comments and CSS is removed. To preserve comments, use
+ * SanitizerAllowComments. To preserve <style> and style="", use
+ * SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if
+ * present. In this case, properties that Gecko doesn't recognize can get
+ * removed as a side effect. Note! If -moz-binding is not present, <style>
+ * and style="" and SanitizerAllowStyle is specified, the sanitized content
+ * may still be XSS dangerous if loaded into a non-Gecko Web engine!
+ *
+ * @param src the HTML source to parse (C++ callers are allowed but not
+ * required to use the same string for the return value.)
+ * @param flags sanitization option flags defined above
+ */
+ AString sanitize(in AString src, in unsigned long flags);
+
+ /**
+ * Removes conditional CSS (@media / etc) from the input string.
+ */
+ AString removeConditionalCSS(in AString src);
+
+ /**
+ * Convert HTML to plain text.
+ *
+ * @param src the HTML source to parse (C++ callers are allowed but not
+ * required to use the same string for the return value.)
+ * @param flags conversion option flags defined in nsIDocumentEncoder
+ * @param wrapCol number of characters per line; 0 for no auto-wrapping
+ */
+ AString convertToPlainText(in AString src,
+ in unsigned long flags,
+ in unsigned long wrapCol);
+
+ /**
+ * Parses markup into a sanitized document fragment.
+ *
+ * @param fragment the input markup
+ * @param flags sanitization option flags defined above
+ * @param isXML true if |fragment| is XML and false if HTML
+ * @param baseURI the base URL for this fragment
+ * @param element the context node for the fragment parsing algorithm
+ */
+ DocumentFragment parseFragment(in AString fragment,
+ in unsigned long flags,
+ in boolean isXML,
+ in nsIURI baseURI,
+ in Element element);
+
+};
+
+%{ C++
+#define NS_PARSERUTILS_CONTRACTID \
+ "@mozilla.org/parserutils;1"
+#define NS_PARSERUTILS_CID \
+{ 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } }
+%}