1 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 : /* vim: set ts=2 sw=2 et tw=80: */
3 : /* ***** BEGIN LICENSE BLOCK *****
4 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 : *
6 : * The contents of this file are subject to the Mozilla Public License Version
7 : * 1.1 (the "License"); you may not use this file except in compliance with
8 : * the License. You may obtain a copy of the License at
9 : * http://www.mozilla.org/MPL/
10 : *
11 : * Software distributed under the License is distributed on an "AS IS" basis,
12 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13 : * for the specific language governing rights and limitations under the
14 : * License.
15 : *
16 : * The Original Code is mozilla.org HTML Sanitizer code.
17 : *
18 : * The Initial Developer of the Original Code is
19 : * Ben Bucksch <mozilla@bucksch.org>.
20 : * Portions created by the Initial Developer are Copyright (C) 2002
21 : * the Initial Developer. All Rights Reserved.
22 : *
23 : * Contributor(s):
24 : * Netscape
25 : *
26 : * Alternatively, the contents of this file may be used under the terms of
27 : * either of the GNU General Public License Version 2 or later (the "GPL"),
28 : * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
29 : * in which case the provisions of the GPL or the LGPL are applicable instead
30 : * of those above. If you wish to allow use of your version of this file only
31 : * under the terms of either the GPL or the LGPL, and not to allow others to
32 : * use your version of this file under the terms of the MPL, indicate your
33 : * decision by deleting the provisions above and replace them with the notice
34 : * and other provisions required by the GPL or the LGPL. If you do not delete
35 : * the provisions above, a recipient may use your version of this file under
36 : * the terms of any one of the MPL, the GPL or the LGPL.
37 : *
38 : * ***** END LICENSE BLOCK ***** */
39 :
40 : /*
41 : * A serializer and content sink that removes potentially insecure or
42 : * otherwise dangerous or offending HTML (eg for display of HTML
43 : * e-mail attachments or something).
44 : */
45 :
46 : #ifndef mozSanitizingSerializer_h__
47 : #define mozSanitizingSerializer_h__
48 :
49 : #include "mozISanitizingSerializer.h"
50 : #include "nsIContentSerializer.h"
51 : #include "nsIHTMLContentSink.h"
52 : #include "nsHTMLTags.h"
53 : #include "nsCOMPtr.h"
54 : #include "nsIParserService.h"
55 : #include "nsIContent.h"
56 : #include "nsIAtom.h"
57 : #include "nsString.h"
58 : #include "nsIParser.h"
59 : #include "nsHashtable.h"
60 :
61 : class mozSanitizingHTMLSerializer : public nsIContentSerializer,
62 : public nsIHTMLContentSink,
63 : public mozISanitizingHTMLSerializer
64 : {
65 : public:
66 : mozSanitizingHTMLSerializer();
67 : virtual ~mozSanitizingHTMLSerializer();
68 : static bool ReleaseProperties(nsHashKey* key, void* data, void* closure);
69 :
70 : NS_DECL_ISUPPORTS
71 :
72 : // nsIContentSerializer
73 : NS_IMETHOD Init(PRUint32 flags, PRUint32 dummy, const char* aCharSet,
74 : bool aIsCopying, bool aIsWholeDocument);
75 :
76 : NS_IMETHOD AppendText(nsIContent* aText, PRInt32 aStartOffset,
77 : PRInt32 aEndOffset, nsAString& aStr);
78 0 : NS_IMETHOD AppendCDATASection(nsIContent* aCDATASection,
79 : PRInt32 aStartOffset, PRInt32 aEndOffset,
80 : nsAString& aStr)
81 0 : { return NS_OK; }
82 0 : NS_IMETHOD AppendProcessingInstruction(nsIContent* aPI,
83 : PRInt32 aStartOffset,
84 : PRInt32 aEndOffset,
85 : nsAString& aStr)
86 0 : { return NS_OK; }
87 0 : NS_IMETHOD AppendComment(nsIContent* aComment, PRInt32 aStartOffset,
88 : PRInt32 aEndOffset, nsAString& aStr)
89 0 : { return NS_OK; }
90 0 : NS_IMETHOD AppendDoctype(nsIContent *aDoctype, nsAString& aStr)
91 0 : { return NS_OK; }
92 : NS_IMETHOD AppendElementStart(mozilla::dom::Element* aElement,
93 : mozilla::dom::Element* aOriginalElement,
94 : nsAString& aStr);
95 : NS_IMETHOD AppendElementEnd(mozilla::dom::Element* aElement,
96 : nsAString& aStr);
97 : NS_IMETHOD Flush(nsAString& aStr);
98 :
99 : NS_IMETHOD AppendDocumentStart(nsIDocument *aDocument,
100 : nsAString& aStr);
101 :
102 : // nsIContentSink
103 0 : NS_IMETHOD WillParse(void) { return NS_OK; }
104 0 : NS_IMETHOD WillInterrupt(void) { return NS_OK; }
105 0 : NS_IMETHOD WillResume(void) { return NS_OK; }
106 0 : NS_IMETHOD SetParser(nsParserBase* aParser) { return NS_OK; }
107 : NS_IMETHOD OpenContainer(const nsIParserNode& aNode);
108 : NS_IMETHOD CloseContainer(const nsHTMLTag aTag);
109 : NS_IMETHOD AddLeaf(const nsIParserNode& aNode);
110 0 : virtual void FlushPendingNotifications(mozFlushType aType) { }
111 : NS_IMETHOD SetDocumentCharset(nsACString& aCharset);
112 0 : virtual nsISupports *GetTarget() { return nsnull; }
113 :
114 : // nsIHTMLContentSink
115 : NS_IMETHOD OpenHead();
116 : NS_IMETHOD IsEnabled(PRInt32 aTag, bool* aReturn);
117 0 : NS_IMETHOD NotifyTagObservers(nsIParserNode* aNode) { return NS_OK; }
118 0 : NS_IMETHOD BeginContext(PRInt32 aPosition) { return NS_OK; }
119 0 : NS_IMETHOD EndContext(PRInt32 aPosition) { return NS_OK; }
120 0 : NS_IMETHOD DidProcessTokens(void) { return NS_OK; }
121 0 : NS_IMETHOD WillProcessAToken(void) { return NS_OK; }
122 0 : NS_IMETHOD DidProcessAToken(void) { return NS_OK; }
123 :
124 : // nsISanitizingHTMLSerializer
125 : NS_IMETHOD Initialize(nsAString* aOutString,
126 : PRUint32 aFlags, const nsAString& allowedTags);
127 :
128 : protected:
129 : nsresult ParsePrefs(const nsAString& aPref);
130 : nsresult ParseTagPref(const nsCAutoString& tagpref);
131 : bool IsAllowedTag(nsHTMLTag aTag);
132 : bool IsAllowedAttribute(nsHTMLTag aTag, const nsAString& anAttributeName);
133 : nsresult SanitizeAttrValue(nsHTMLTag aTag, const nsAString& attr_name,
134 : nsString& value /*inout*/);
135 : nsresult SanitizeTextNode(nsString& value /*inout*/);
136 : bool IsContainer(PRInt32 aId);
137 : static PRInt32 GetIdForContent(nsIContent* aContent);
138 : nsresult GetParserService(nsIParserService** aParserService);
139 : nsresult DoOpenContainer(PRInt32 aTag);
140 : nsresult DoCloseContainer(PRInt32 aTag);
141 : nsresult DoAddLeaf(PRInt32 aTag, const nsAString& aText);
142 : void Write(const nsAString& aString);
143 :
144 : protected:
145 : PRInt32 mFlags;
146 : PRUint32 mSkipLevel;
147 : nsHashtable mAllowedTags;
148 :
149 : nsRefPtr<mozilla::dom::Element> mElement;
150 : nsAString* mOutputString;
151 : nsIParserNode* mParserNode;
152 : nsCOMPtr<nsIParserService> mParserService;
153 : };
154 :
155 : nsresult
156 : NS_NewSanitizingHTMLSerializer(nsIContentSerializer** aSerializer);
157 :
158 : #endif
|