Platform/HTML5 sanitizer: Difference between revisions
< Platform
Jump to navigation
Jump to search
| Line 14: | Line 14: | ||
* If styles are disabled, drop style elements and their contents. | * If styles are disabled, drop style elements and their contents. | ||
* If styles are enabled, sanitize the content of style elements. | * If styles are enabled, sanitize the content of style elements. | ||
* Add the controls attribute to the video and audio elements (if it isn't there already). | |||
==Open Questions== | ==Open Questions== | ||
Revision as of 11:50, 11 January 2011
Gecko Requirements
- Allow a setting for enabling styles.
- Allow a setting for enabling comments. See bug 572642
- Have a white list of elements.
- Have a white list of attributes. The attributes don't depend on the element they are on.
- Have a list of attributes that take URLs. Drop the attributes when they have prohibited URLs (after trimming whitespace from the value).
- Resolve relative URLs into absolute ones using a per fragment base URL. (Is this correct for Gecko reqs?)
- Why is whitespace trimmed before the security check?
- However, allow any URL in the src attribute on the img element, because imgs are safe.
- Why risk this?
- If styles are allowed, sanitize style attribute values. If styles aren't allowed, drop the style attribute.
- Always drop script elements and their contents.
- If styles are disabled, drop style elements and their contents.
- If styles are enabled, sanitize the content of style elements.
- Add the controls attribute to the video and audio elements (if it isn't there already).
Open Questions
- Can stylistic SVG attributes have values that need to be sanitized?
- Should element whitelisting take place after the tree builder algorithm so that the namespace of the element is known?
- Likely yes.
Non-Gecko Requirements
- Allow form-related elements to be toggled on and off in the white list.