Path: blob/trunk/third_party/closure/goog/html/sanitizer/unsafe.js
2868 views
// Copyright 2016 The Closure Library Authors. All Rights Reserved.1//2// Licensed under the Apache License, Version 2.0 (the "License");3// you may not use this file except in compliance with the License.4// You may obtain a copy of the License at5//6// http://www.apache.org/licenses/LICENSE-2.07//8// Unless required by applicable law or agreed to in writing, software9// distributed under the License is distributed on an "AS-IS" BASIS,10// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.11// See the License for the specific language governing permissions and12// limitations under the License.1314/**15* @fileoverview Potentially unsafe API for the HTML sanitizer.16*17* The HTML sanitizer enforces a default a safe policy, and also limits how the18* policy can be relaxed, so that developers cannot misconfigure it and19* introduce vulnerabilities.20*21* This file extends the HTML sanitizer's capabilities with potentially unsafe22* configuration options, such as the ability to extend the tag whitelist (e.g.23* to support web components).24*25* @supported IE 10+, Chrome 26+, Firefox 22+, Safari 7.1+, Opera 15+26* @visibility {//closure/goog/html/sanitizer:approved_for_unsafe_config}27*/2829goog.provide('goog.html.sanitizer.unsafe');3031goog.require('goog.asserts');32goog.require('goog.html.sanitizer.HtmlSanitizer.Builder');33goog.require('goog.string');34goog.require('goog.string.Const');353637/**38* Extends the tag whitelist with the list of tags provided.39*40* IMPORTANT: Uses of this method must be carefully security-reviewed to ensure41* that the new tags do not introduce untrusted code execution or unsanctioned42* network activity.43*44* @param {!goog.string.Const} justification A constant string explaining why45* the addition of these tags to the whitelist is safe. May include a46* security review ticket number.47* @param {!goog.html.sanitizer.HtmlSanitizer.Builder} builder The builder48* whose tag whitelist should be extended.49* @param {!Array<string>} tags A list of additional tags to allow through the50* sanitizer. Note that if the tag is also present in the blacklist,51* its addition to the whitelist has no effect. The tag names are52* case-insensitive.53* @return {!goog.html.sanitizer.HtmlSanitizer.Builder}54*/55goog.html.sanitizer.unsafe.alsoAllowTags = function(56justification, builder, tags) {57goog.asserts.assertString(58goog.string.Const.unwrap(justification), 'must provide justification');59goog.asserts.assert(60!goog.string.isEmptyOrWhitespace(goog.string.Const.unwrap(justification)),61'must provide non-empty justification');62return builder.alsoAllowTagsPrivateDoNotAccessOrElse(tags);63};6465/**66* Installs custom attribute policies for the attributes provided in the list.67* This can be used either on non-whitelisted attributes, effectively extending68* the attribute whitelist, or on attributes that are whitelisted and already69* have a policy, to override their policies.70*71* IMPORTANT: Uses of this method must be carefully security-reviewed to ensure72* that the new tags do not introduce untrusted code execution or unsanctioned73* network activity.74*75* @param {!goog.string.Const} justification A constant string explaining why76* the addition of these attributes to the whitelist is safe. May include a77* security review ticket number.78* @param {!goog.html.sanitizer.HtmlSanitizer.Builder} builder The builder79* whose attribute whitelist should be extended.80* @param {!Array<(string|!goog.html.sanitizer.HtmlSanitizerAttributePolicy)>}81* attrs A list of attributes whose policy should be overridden. Attributes82* can come in of two forms:83* - string: allow all values and just trim whitespaces for this attribute84* on all tags.85* - HtmlSanitizerAttributePolicy: allows specifying a policy for a86* particular tag. The tagName can be '*', which means all tags. If no87* policy is passed, the default is allow all values and just trim88* whitespaces.89* The tag and attribute names are case-insensitive.90* @return {!goog.html.sanitizer.HtmlSanitizer.Builder}91*/92goog.html.sanitizer.unsafe.alsoAllowAttributes = function(93justification, builder, attrs) {94goog.asserts.assertString(95goog.string.Const.unwrap(justification), 'must provide justification');96goog.asserts.assert(97!goog.string.isEmptyOrWhitespace(goog.string.Const.unwrap(justification)),98'must provide non-empty justification');99return builder.alsoAllowAttributesPrivateDoNotAccessOrElse(attrs);100};101102103/**104* Turns off sanitization of TEMPLATE tag descendants. The output is still105* safe to consume as a whole, but clients need to handle the contents of106* TEMPLATE nodes carefully, hence its definition in the unsafe package.107*108* Note that this only applies to descendants of unsanitized template tags, not109* to the tag itself, which must be manually added to the whitelist and removed110* from the blacklist.111*112* IMPORTANT: Uses of this method must be carefully security-reviewed to ensure113* that the new tags do not introduce untrusted code execution or unsanctioned114* network activity.115*116* @param {!goog.string.Const} justification A constant string explaining why117* the templates should not be sanitized, and why this is safe. May include118* a security review ticket number.119* @param {!goog.html.sanitizer.HtmlSanitizer.Builder} builder The builder120* whose template tag descendants should not be sanitized.121* @return {!goog.html.sanitizer.HtmlSanitizer.Builder}122* @throws {Error} Thrown if the browser does not support TEMPLATE tags.123* In this case, careful post-sanitization handling wouldn't matter.124*/125goog.html.sanitizer.unsafe.keepUnsanitizedTemplateContents = function(126justification, builder) {127goog.asserts.assertString(128goog.string.Const.unwrap(justification), 'must provide justification');129goog.asserts.assert(130!goog.string.isEmptyOrWhitespace(goog.string.Const.unwrap(justification)),131'must provide non-empty justification');132return builder.keepUnsanitizedTemplateContentsPrivateDoNotAccessOrElse();133};134135136