"Fossies" - the Fresh Open Source Software Archive

Member "firefox-69.0.1/parser/html/nsIParserUtils.idl" (17 Sep 2019, 5176 Bytes) of package /linux/www/firefox-69.0.1.source.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) IDL source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "nsIParserUtils.idl": 60.7.2_vs_68.0.

    1 /* This Source Code Form is subject to the terms of the Mozilla Public
    2  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
    3  * You can obtain one at http://mozilla.org/MPL/2.0/. */
    4 
    5 #include "nsISupports.idl"
    6 
    7 interface nsIURI;
    8 
    9 webidl DocumentFragment;
   10 webidl Element;
   11 
   12 /**
   13  * Non-Web HTML parser functionality to Firefox extensions and XULRunner apps.
   14  * Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc.
   15  * directly instead.
   16  */
   17 [scriptable, uuid(a1101145-0025-411e-8873-fdf57bf28128)]
   18 interface nsIParserUtils : nsISupports
   19 {
   20 
   21   /**
   22    * Flag for sanitizer: Allow comment nodes.
   23    */
   24   const unsigned long SanitizerAllowComments = (1 << 0);
   25 
   26   /**
   27    * Flag for sanitizer: Allow <style> and style="" (with contents sanitized
   28    * in case of -moz-binding). Note! If -moz-binding is absent, properties
   29    * that might be XSS risks in other Web engines are preserved!
   30    */
   31   const unsigned long SanitizerAllowStyle = (1 << 1);
   32 
   33   /**
   34    * Flag for sanitizer: Only allow cid: URLs for embedded content.
   35    *
   36    * At present, sanitizing CSS backgrounds, etc., is not supported, so setting
   37    * this together with SanitizerAllowStyle doesn't make sense.
   38    *
   39    * At present, sanitizing CSS syntax in SVG presentational attributes is not
   40    * supported, so this option flattens out SVG.
   41    */
   42   const unsigned long SanitizerCidEmbedsOnly = (1 << 2);
   43 
   44   /**
   45    * Flag for sanitizer: Drop non-CSS presentational HTML elements and
   46    * attributes, such as <font>, <center> and bgcolor="".
   47    */
   48   const unsigned long SanitizerDropNonCSSPresentation = (1 << 3);
   49 
   50   /**
   51    * Flag for sanitizer: Drop forms and form controls (excluding
   52    * fieldset/legend).
   53    */
   54   const unsigned long SanitizerDropForms = (1 << 4);
   55 
   56   /**
   57    * Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten
   58    * out SVG.
   59    */
   60   const unsigned long SanitizerDropMedia = (1 << 5);
   61 
   62   /**
   63    * Flag for sanitizer: Log messages to the console for everything that gets
   64    * sanitized
   65    */
   66   const unsigned long SanitizerLogRemovals = (1 << 6);
   67 
   68   /**
   69    * Parses a string into an HTML document, sanitizes the document and
   70    * returns the result serialized to a string.
   71    *
   72    * The sanitizer is designed to protect against XSS when sanitized content
   73    * is inserted into a different-origin context without an iframe-equivalent
   74    * sandboxing mechanism.
   75    *
   76    * By default, the sanitizer doesn't try to avoid leaking information that
   77    * the content was viewed to third parties. That is, by default, e.g.
   78    * <img src> pointing to an HTTP server potentially controlled by a third
   79    * party is not removed. To avoid ambient information leakage upon loading
   80    * the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that
   81    * case, <a href> links (and similar) to other content are preserved, so an
   82    * explicit user action (following a link) after the content has been loaded
   83    * can still leak information.
   84    *
   85    * By default, non-dangerous non-CSS presentational HTML elements and
   86    * attributes or forms are not removed. To remove these, use
   87    * SanitizerDropNonCSSPresentation and/or SanitizerDropForms.
   88    *
   89    * By default, comments and CSS is removed. To preserve comments, use
   90    * SanitizerAllowComments. To preserve <style> and style="", use
   91    * SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if
   92    * present. In this case, properties that Gecko doesn't recognize can get
   93    * removed as a side effect. Note! If -moz-binding is not present, <style>
   94    * and style="" and SanitizerAllowStyle is specified, the sanitized content
   95    * may still be XSS dangerous if loaded into a non-Gecko Web engine!
   96    *
   97    * @param src the HTML source to parse (C++ callers are allowed but not
   98    *            required to use the same string for the return value.)
   99    * @param flags sanitization option flags defined above
  100    */
  101   AString sanitize(in AString src, in unsigned long flags);
  102 
  103   /**
  104    * Convert HTML to plain text.
  105    *
  106    * @param src the HTML source to parse (C++ callers are allowed but not
  107    *            required to use the same string for the return value.)
  108    * @param flags conversion option flags defined in nsIDocumentEncoder
  109    * @param wrapCol number of characters per line; 0 for no auto-wrapping
  110    */
  111   AString convertToPlainText(in AString src,
  112                              in unsigned long flags,
  113                              in unsigned long wrapCol);
  114 
  115   /**
  116    * Parses markup into a sanitized document fragment.
  117    *
  118    * @param fragment the input markup
  119    * @param flags sanitization option flags defined above
  120    * @param isXML true if |fragment| is XML and false if HTML
  121    * @param baseURI the base URL for this fragment
  122    * @param element the context node for the fragment parsing algorithm
  123    */
  124   DocumentFragment parseFragment(in AString fragment,
  125                  in unsigned long flags,
  126                  in boolean isXML,
  127                  in nsIURI baseURI,
  128                  in Element element);
  129 
  130 };
  131 
  132 %{ C++
  133 #define NS_PARSERUTILS_CONTRACTID \
  134     "@mozilla.org/parserutils;1"
  135 #define NS_PARSERUTILS_CID  \
  136 { 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } }
  137 %}