parser/html/nsIParserUtils.idl

   1 /* This Source Code Form is subject to the terms of the Mozilla Public
   2  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
   3  * You can obtain one at http://mozilla.org/MPL/2.0/. */
   4
   5 #include "nsISupports.idl"
   6
   7 interface nsIDOMElement;
   8 interface nsIDOMDocumentFragment;
   9 interface nsIURI;
  10
  11 /**
  12  * Non-Web HTML parser functionality to Firefox extensions and XULRunner apps.
  13  * Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc.
  14  * directly instead.
  15  */
  16 [scriptable, uuid(a1101145-0025-411e-8873-fdf57bf28128)]
  17 interface nsIParserUtils : nsISupports
  18 {
  19
  20   /**
  21    * Flag for sanitizer: Allow comment nodes.
  22    */
  23   const unsigned long SanitizerAllowComments = (1 << 0);
  24
  25   /**
  26    * Flag for sanitizer: Allow <style> and style="" (with contents sanitized
  27    * in case of -moz-binding). Note! If -moz-binding is absent, properties
  28    * that might be XSS risks in other Web engines are preserved!
  29    */
  30   const unsigned long SanitizerAllowStyle = (1 << 1);
  31
  32   /**
  33    * Flag for sanitizer: Only allow cid: URLs for embedded content.
  34    *
  35    * At present, sanitizing CSS backgrounds, etc., is not supported, so setting
  36    * this together with SanitizerAllowStyle doesn't make sense.
  37    *
  38    * At present, sanitizing CSS syntax in SVG presentational attributes is not
  39    * supported, so this option flattens out SVG.
  40    */
  41   const unsigned long SanitizerCidEmbedsOnly = (1 << 2);
  42
  43   /**
  44    * Flag for sanitizer: Drop non-CSS presentational HTML elements and
  45    * attributes, such as <font>, <center> and bgcolor="".
  46    */
  47   const unsigned long SanitizerDropNonCSSPresentation = (1 << 3);
  48
  49   /**
  50    * Flag for sanitizer: Drop forms and form controls (excluding
  51    * fieldset/legend).
  52    */
  53   const unsigned long SanitizerDropForms = (1 << 4);
  54
  55   /**
  56    * Flag for sanitizer: Drop <img>, <video>, <audio> and <source> and flatten
  57    * out SVG.
  58    */
  59   const unsigned long SanitizerDropMedia = (1 << 5);
  60
  61   /**
  62    * Parses a string into an HTML document, sanitizes the document and
  63    * returns the result serialized to a string.
  64    *
  65    * The sanitizer is designed to protect against XSS when sanitized content
  66    * is inserted into a different-origin context without an iframe-equivalent
  67    * sandboxing mechanism.
  68    *
  69    * By default, the sanitizer doesn't try to avoid leaking information that
  70    * the content was viewed to third parties. That is, by default, e.g.
  71    * <img src> pointing to an HTTP server potentially controlled by a third
  72    * party is not removed. To avoid ambient information leakage upon loading
  73    * the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that
  74    * case, <a href> links (and similar) to other content are preserved, so an
  75    * explicit user action (following a link) after the content has been loaded
  76    * can still leak information.
  77    *
  78    * By default, non-dangerous non-CSS presentational HTML elements and
  79    * attributes or forms are not removed. To remove these, use
  80    * SanitizerDropNonCSSPresentation and/or SanitizerDropForms.
  81    *
  82    * By default, comments and CSS is removed. To preserve comments, use
  83    * SanitizerAllowComments. To preserve <style> and style="", use
  84    * SanitizerAllowStyle. -moz-binding is removed from <style> and style="" if
  85    * present. In this case, properties that Gecko doesn't recognize can get
  86    * removed as a side effect. Note! If -moz-binding is not present, <style>
  87    * and style="" and SanitizerAllowStyle is specified, the sanitized content
  88    * may still be XSS dangerous if loaded into a non-Gecko Web engine!
  89    *
  90    * @param src the HTML source to parse (C++ callers are allowed but not
  91    *            required to use the same string for the return value.)
  92    * @param flags sanitization option flags defined above
  93    */
  94   AString sanitize(in AString src, in unsigned long flags);
  95
  96   /**
  97    * Convert HTML to plain text.
  98    *
  99    * @param src the HTML source to parse (C++ callers are allowed but not
 100    *            required to use the same string for the return value.)
 101    * @param flags conversion option flags defined in nsIDocumentEncoder
 102    * @param wrapCol number of characters per line; 0 for no auto-wrapping
 103    */
 104   AString convertToPlainText(in AString src,
 105                              in unsigned long flags,
 106                              in unsigned long wrapCol);
 107
 108   /**
 109    * Parses markup into a sanitized document fragment.
 110    *
 111    * @param fragment the input markup
 112    * @param flags sanitization option flags defined above
 113    * @param isXML true if |fragment| is XML and false if HTML
 114    * @param baseURI the base URL for this fragment
 115    * @param element the context node for the fragment parsing algorithm
 116    */
 117   nsIDOMDocumentFragment parseFragment(in AString fragment,
 118                                        in unsigned long flags,
 119                                        in boolean isXML,
 120                                        in nsIURI baseURI,
 121                                        in nsIDOMElement element);
 122
 123 };
 124
 125 %{ C++
 126 #define NS_PARSERUTILS_CONTRACTID \
 127     "@mozilla.org/parserutils;1"
 128 #define NS_PARSERUTILS_CID  \
 129 { 0xaf7b24cb, 0x893f, 0x41bb, { 0x96, 0x1f, 0x5a, 0x69, 0x38, 0x8e, 0x27, 0xc3 } }
 130 %}