1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
3 * You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #include
"nsISupports.idl"
9 webidl DocumentFragment
;
13 * Non-Web HTML parser functionality to Firefox extensions and XULRunner apps.
14 * Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc.
17 [scriptable
, uuid(a1101145
-0025-411e-8873-fdf57bf28128
)]
18 interface nsIParserUtils
: nsISupports
22 * Flag for sanitizer: Allow comment nodes.
24 const unsigned long SanitizerAllowComments
= (1 << 0);
27 * Flag for sanitizer: Allow <style> and style="" (with contents sanitized
28 * in case of -moz-binding). Note! If -moz-binding is absent, properties
29 * that might be XSS risks in other Web engines are preserved!
31 const unsigned long SanitizerAllowStyle
= (1 << 1);
34 * Flag for sanitizer: Only allow cid: URLs for embedded content.
36 * At present, sanitizing CSS backgrounds, etc., is not supported, so setting
37 * this together with SanitizerAllowStyle doesn't make sense.
39 * At present, sanitizing CSS syntax in SVG presentational attributes is not
40 * supported, so this option flattens out SVG.
42 const unsigned long SanitizerCidEmbedsOnly
= (1 << 2);
45 * Flag for sanitizer: Drop non-CSS presentational HTML elements and
46 * attributes, such as <font>, <center> and bgcolor="".
48 const unsigned long SanitizerDropNonCSSPresentation
= (1 << 3);
51 * Flag for sanitizer: Drop forms and form controls (excluding
54 const unsigned long SanitizerDropForms
= (1 << 4);
57 * Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten
60 const unsigned long SanitizerDropMedia
= (1 << 5);
63 * Flag for sanitizer: Log messages to the console for everything that gets
66 const unsigned long SanitizerLogRemovals
= (1 << 6);
69 * Flag for sanitizer: Only CSS conditional rules will be moved,
70 * nothing else will be changed.
71 * Can be combined with flag SanitizerLogRemovals, only.
73 const unsigned long SanitizerRemoveOnlyConditionalCSS
= (1 << 7);
76 * Parses a string into an HTML document, sanitizes the document and
77 * returns the result serialized to a string.
79 * The sanitizer is designed to protect against XSS when sanitized content
80 * is inserted into a different-origin context without an iframe-equivalent
81 * sandboxing mechanism.
83 * By default, the sanitizer doesn't try to avoid leaking information that
84 * the content was viewed to third parties. That is, by default, e.g.
85 * <img src> pointing to an HTTP server potentially controlled by a third
86 * party is not removed. To avoid ambient information leakage upon loading
87 * the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that
88 * case, <a href> links (and similar) to other content are preserved, so an
89 * explicit user action (following a link) after the content has been loaded
90 * can still leak information.
92 * By default, non-dangerous non-CSS presentational HTML elements and
93 * attributes or forms are not removed. To remove these, use
94 * SanitizerDropNonCSSPresentation and/or SanitizerDropForms.
96 * By default, comments and CSS is removed. To preserve comments, use
97 * SanitizerAllowComments. To preserve <style> and style="", use
98 * SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if
99 * present. In this case, properties that Gecko doesn't recognize can get
100 * removed as a side effect. Note! If -moz-binding is not present, <style>
101 * and style="" and SanitizerAllowStyle is specified, the sanitized content
102 * may still be XSS dangerous if loaded into a non-Gecko Web engine!
104 * @param src the HTML source to parse (C++ callers are allowed but not
105 * required to use the same string for the return value.)
106 * @param flags sanitization option flags defined above
108 AString sanitize
(in AString src
, in unsigned long flags
);
111 * Convert HTML to plain text.
113 * @param src the HTML source to parse (C++ callers are allowed but not
114 * required to use the same string for the return value.)
115 * @param flags conversion option flags defined in nsIDocumentEncoder
116 * @param wrapCol number of characters per line; 0 for no auto-wrapping
118 AString convertToPlainText
(in AString src
,
119 in unsigned long flags
,
120 in unsigned long wrapCol
);
123 * Parses markup into a sanitized document fragment.
125 * @param fragment the input markup
126 * @param flags sanitization option flags defined above
127 * @param isXML true if |fragment| is XML and false if HTML
128 * @param baseURI the base URL for this fragment
129 * @param element the context node for the fragment parsing algorithm
131 DocumentFragment parseFragment
(in AString fragment
,
132 in unsigned long flags
,
140 #define NS_PARSERUTILS_CONTRACTID \
141 "@mozilla.org/parserutils;1"
142 #define NS_PARSERUTILS_CID \
143 { 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } }