/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "BindingDeclarations.h"
#include "mozilla/dom/BindingUtils.h"
#include "mozilla/dom/DocumentFragment.h"
#include "mozilla/dom/SanitizerBinding.h"
#include "nsContentUtils.h"
#include "nsGenericHTMLElement.h"
#include "nsTreeSanitizer.h"
#include "Sanitizer.h"
namespace mozilla::dom {
NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(Sanitizer, mGlobal)
NS_IMPL_CYCLE_COLLECTING_ADDREF(Sanitizer)
NS_IMPL_CYCLE_COLLECTING_RELEASE(Sanitizer)
NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(Sanitizer)
NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY
NS_INTERFACE_MAP_ENTRY(nsISupports)
NS_INTERFACE_MAP_END
JSObject* Sanitizer::WrapObject(JSContext* aCx,
JS::Handle<JSObject*> aGivenProto) {
return Sanitizer_Binding::Wrap(aCx,
this, aGivenProto);
}
/* static */
already_AddRefed<Sanitizer> Sanitizer::
New(nsIGlobalObject* aGlobal,
const SanitizerConfig& aOptions,
ErrorResult& aRv) {
nsTreeSanitizer treeSanitizer(nsIParserUtils::SanitizerAllowStyle);
treeSanitizer.WithWebSanitizerOptions(aGlobal, aOptions, aRv);
if (aRv.Failed()) {
return nullptr;
}
RefPtr<Sanitizer> sanitizer =
new Sanitizer(aGlobal, std::move(treeSanitizer));
return sanitizer.forget();
}
/* static */
already_AddRefed<Sanitizer> Sanitizer::Constructor(
const GlobalObject& aGlobal,
const SanitizerConfig& aOptions,
ErrorResult& aRv) {
nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports());
return New(global, aOptions, aRv);
}
/* static */
already_AddRefed<DocumentFragment> Sanitizer::InputToNewFragment(
const mozilla::dom::DocumentFragmentOrDocument& aInput, ErrorResult& aRv) {
// turns an DocumentFragmentOrDocument into a new DocumentFragment for
// internal use with nsTreeSanitizer
nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal);
if (!window || !window->GetDoc()) {
// FIXME: Should we throw another exception?
aRv.
Throw(NS_ERROR_FAILURE);
return nullptr;
}
// We need to create a new docfragment based on the input
// and can't use a live document (possibly with mutation observershandlers)
nsAutoString innerHTML;
if (aInput.IsDocumentFragment()) {
RefPtr<DocumentFragment> inFragment = &aInput.GetAsDocumentFragment();
inFragment->GetInnerHTML(innerHTML);
}
else if (aInput.IsDocument()) {
RefPtr<Document> doc = &aInput.GetAsDocument();
nsCOMPtr<Element> docElement = doc->GetDocumentElement();
if (docElement) {
docElement->GetInnerHTML(innerHTML, IgnoreErrors());
}
}
if (innerHTML.IsEmpty()) {
AutoTArray<nsString, 1> params = {};
LogLocalizedString(
"SanitizerRcvdNoInput", params,
nsIScriptError::warningFlag);
RefPtr<DocumentFragment> emptyFragment =
window->GetDoc()->CreateDocumentFragment();
return emptyFragment.forget();
}
// Create an inert HTML document, loaded as data.
// this ensures we do not cause any requests.
RefPtr<Document> emptyDoc =
nsContentUtils::CreateInertHTMLDocument(window->GetDoc());
if (!emptyDoc) {
aRv.
Throw(NS_ERROR_FAILURE);
return nullptr;
}
// We don't have a context element yet. let's create a mock HTML body element
RefPtr<mozilla::dom::NodeInfo> info =
emptyDoc->NodeInfoManager()->GetNodeInfo(
nsGkAtoms::body, nullptr, kNameSpaceID_XHTML, nsINode::ELEMENT_NODE);
nsCOMPtr<nsINode> context = NS_NewHTMLBodyElement(
info.forget(), mozilla::dom::FromParser::FROM_PARSER_FRAGMENT);
RefPtr<DocumentFragment> fragment = nsContentUtils::CreateContextualFragment(
context, innerHTML,
true /* aPreventScriptExecution */, aRv);
if (aRv.Failed()) {
aRv.ThrowInvalidStateError(
"Could not parse input");
return nullptr;
}
return fragment.forget();
}
already_AddRefed<DocumentFragment> Sanitizer::Sanitize(
const mozilla::dom::DocumentFragmentOrDocument& aInput, ErrorResult& aRv) {
nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal);
if (!window || !window->GetDoc()) {
aRv.
Throw(NS_ERROR_FAILURE);
return nullptr;
}
RefPtr<DocumentFragment> fragment =
Sanitizer::InputToNewFragment(aInput, aRv);
if (aRv.Failed()) {
return nullptr;
}
mTreeSanitizer.Sanitize(fragment);
return fragment.forget();
}
RefPtr<DocumentFragment> Sanitizer::SanitizeFragment(
RefPtr<DocumentFragment> aFragment, ErrorResult& aRv) {
nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal);
if (!window || !window->GetDoc()) {
aRv.
Throw(NS_ERROR_FAILURE);
return nullptr;
}
// FIXME(freddyb)
// (how) can we assert that the supplied doc is indeed inert?
mTreeSanitizer.Sanitize(aFragment);
return aFragment.forget();
}
/* ------ Logging ------ */
void Sanitizer::LogLocalizedString(
const char* aName,
const nsTArray<nsString>& aParams,
uint32_t aFlags) {
uint64_t innerWindowID = 0;
bool isPrivateBrowsing =
true;
nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mGlobal);
if (window && window->GetDoc()) {
auto* doc = window->GetDoc();
innerWindowID = doc->InnerWindowID();
isPrivateBrowsing = doc->IsInPrivateBrowsing();
}
nsAutoString logMsg;
nsContentUtils::FormatLocalizedString(nsContentUtils::eSECURITY_PROPERTIES,
aName, aParams, logMsg);
LogMessage(logMsg, aFlags, innerWindowID, isPrivateBrowsing);
}
/* static */
void Sanitizer::LogMessage(
const nsAString& aMessage, uint32_t aFlags,
uint64_t aInnerWindowID,
bool aFromPrivateWindow) {
// Prepending 'Sanitizer' to the outgoing console message
nsString message;
message.AppendLiteral(u
"Sanitizer: ");
message.Append(aMessage);
// Allow for easy distinction in devtools code.
constexpr
auto category =
"Sanitizer"_ns;
if (aInnerWindowID > 0) {
// Send to content console
nsContentUtils::ReportToConsoleByWindowID(message, aFlags, category,
aInnerWindowID);
}
else {
// Send to browser console
nsContentUtils::LogSimpleConsoleError(message, category, aFromPrivateWindow,
true /* from chrome context */,
aFlags);
}
}
}
// namespace mozilla::dom
