254
edits
Platform/HTML5 sanitizer: Difference between revisions
Jump to navigation
Jump to search
→Gecko Requirements
(Start page) |
|||
| Line 1: | Line 1: | ||
==Gecko Requirements== | ==Gecko Requirements== | ||
* Allow a setting for enabling styles. | |||
* Allow a setting for enabling comments. See {{bug|572642}} | |||
* Have a white list of elements. | * Have a white list of elements. | ||
* Have a white list of attributes. The attributes don't depend on the element they are on. | * Have a white list of attributes. The attributes don't depend on the element they are on. | ||
* Have a list of attributes that take URLs. Drop the attributes when they have prohibited URLs (after trimming whitespace from the value). | * Have a list of attributes that take URLs. Drop the attributes when they have prohibited URLs (after trimming whitespace from the value). | ||
** | ** Resolve relative URLs into absolute ones using a per fragment base URL. (Is this correct for Gecko reqs?) | ||
** Why is whitespace trimmed before the security check? | ** Why is whitespace trimmed before the security check? | ||
** However, allow any URL in the src attribute on the img element, because imgs are safe. | ** However, allow any URL in the src attribute on the img element, because imgs are safe. | ||
*** Why risk this? | *** Why risk this? | ||
* If styles are allowed, sanitize style attribute values. If styles aren't allowed, drop the style attribute. | |||
* Always drop script elements and their contents. | |||
* If styles are disabled, drop style elements and their contents. | |||
* If styles are enabled, sanitize the content of style elements. | |||
==Open Questions== | |||
* Can stylistic SVG attributes have values that need to be sanitized? | |||
* Should element whitelisting take place after the tree builder algorithm so that the namespace of the element is known? | |||
** Likely yes. | |||
==Non-Gecko Requirements== | ==Non-Gecko Requirements== | ||