parser/html/nsIParserUtils.idl
author Csoregi Natalia <ncsoregi@mozilla.com>
Thu, 25 Oct 2018 01:26:25 +0300
changeset 442871 2ab590b3ed3f6534c07bae569ec3c84311b1e82b
parent 416004 7f3223b376bb4f473b44e8d3d504df58b70652a0
child 475212 020c8c871c0d3b3920fe95935cfef06501976c0f
permissions -rw-r--r--
Backed out changeset 7b87be447ed8 (bug 1499821) for bustages on nsTransferable.h. CLOSED TREE

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

interface nsIURI;

webidl DocumentFragment;
webidl Element;

/**
 * Non-Web HTML parser functionality to Firefox extensions and XULRunner apps. 
 * Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc.
 * directly instead.
 */
[scriptable, uuid(a1101145-0025-411e-8873-fdf57bf28128)]
interface nsIParserUtils : nsISupports
{

  /**
   * Flag for sanitizer: Allow comment nodes.
   */
  const unsigned long SanitizerAllowComments = (1 << 0);

  /**
   * Flag for sanitizer: Allow <style> and style="" (with contents sanitized
   * in case of -moz-binding). Note! If -moz-binding is absent, properties
   * that might be XSS risks in other Web engines are preserved!
   */
  const unsigned long SanitizerAllowStyle = (1 << 1);

  /**
   * Flag for sanitizer: Only allow cid: URLs for embedded content.
   *
   * At present, sanitizing CSS backgrounds, etc., is not supported, so setting 
   * this together with SanitizerAllowStyle doesn't make sense.
   *
   * At present, sanitizing CSS syntax in SVG presentational attributes is not
   * supported, so this option flattens out SVG.
   */
  const unsigned long SanitizerCidEmbedsOnly = (1 << 2);

  /**
   * Flag for sanitizer: Drop non-CSS presentational HTML elements and 
   * attributes, such as <font>, <center> and bgcolor="".
   */
  const unsigned long SanitizerDropNonCSSPresentation = (1 << 3);

  /**
   * Flag for sanitizer: Drop forms and form controls (excluding 
   * fieldset/legend).
   */
  const unsigned long SanitizerDropForms = (1 << 4);

  /**
   * Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten
   * out SVG.
   */
  const unsigned long SanitizerDropMedia = (1 << 5);

  /**
   * Flag for sanitizer: Log messages to the console for everything that gets
   * sanitized
   */
  const unsigned long SanitizerLogRemovals = (1 << 6);

  /**
   * Parses a string into an HTML document, sanitizes the document and 
   * returns the result serialized to a string.
   *
   * The sanitizer is designed to protect against XSS when sanitized content
   * is inserted into a different-origin context without an iframe-equivalent
   * sandboxing mechanism.
   *
   * By default, the sanitizer doesn't try to avoid leaking information that 
   * the content was viewed to third parties. That is, by default, e.g. 
   * <img src> pointing to an HTTP server potentially controlled by a third 
   * party is not removed. To avoid ambient information leakage upon loading
   * the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that 
   * case, <a href> links (and similar) to other content are preserved, so an
   * explicit user action (following a link) after the content has been loaded
   * can still leak information.
   *
   * By default, non-dangerous non-CSS presentational HTML elements and 
   * attributes or forms are not removed. To remove these, use 
   * SanitizerDropNonCSSPresentation and/or SanitizerDropForms.
   *
   * By default, comments and CSS is removed. To preserve comments, use
   * SanitizerAllowComments. To preserve <style> and style="", use 
   * SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if
   * present. In this case, properties that Gecko doesn't recognize can get 
   * removed as a side effect. Note! If -moz-binding is not present, <style>
   * and style="" and SanitizerAllowStyle is specified, the sanitized content
   * may still be XSS dangerous if loaded into a non-Gecko Web engine!
   *
   * @param src the HTML source to parse (C++ callers are allowed but not
   *            required to use the same string for the return value.)
   * @param flags sanitization option flags defined above
   */
  AString sanitize(in AString src, in unsigned long flags);

  /**
   * Convert HTML to plain text.
   *
   * @param src the HTML source to parse (C++ callers are allowed but not
   *            required to use the same string for the return value.)
   * @param flags conversion option flags defined in nsIDocumentEncoder
   * @param wrapCol number of characters per line; 0 for no auto-wrapping
   */
  AString convertToPlainText(in AString src,
                             in unsigned long flags,
                             in unsigned long wrapCol);

  /**
   * Parses markup into a sanitized document fragment.
   *
   * @param fragment the input markup
   * @param flags sanitization option flags defined above
   * @param isXML true if |fragment| is XML and false if HTML
   * @param baseURI the base URL for this fragment
   * @param element the context node for the fragment parsing algorithm
   */
  DocumentFragment parseFragment(in AString fragment,
				 in unsigned long flags,
				 in boolean isXML,
				 in nsIURI baseURI,
				 in Element element);

};

%{ C++
#define NS_PARSERUTILS_CONTRACTID \
    "@mozilla.org/parserutils;1"
#define NS_PARSERUTILS_CID  \
{ 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } }
%}