languages/dart-sdk
languages/dart-sdk
1
0
Fork 0
mirror of https://github.com/dart-lang/sdk synced 2024-07-08 12:06:26 +00:00
Code Issues Projects Releases Wiki Activity

appendHtml and insertAdjacentHtml should be consistently sanitized

Browse Source 
BUG=
R=terry@google.com

Review URL: https://codereview.chromium.org//1081973003

git-svn-id: https://dart.googlecode.com/svn/branches/bleeding_edge/dart@45351 260f80e4-7a28-3924-810f-c04153c831b5
This commit is contained in:
alanknight@google.com 2015-04-22 17:16:01 +00:00
parent 17ecf6b954
commit 7431beaec2
6 changed files with 57 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@ -2,8 +2,14 @@
### Core library changes ### Core library changes
* In dart:html, appendHtml and insertAdjacentHtml now take validator
and treeSanitizer parameters, and the inputs are consistently sanitized.
* List iterators may not throw ConcurrentModificationError as eagerly in
release mode. In checked mode, the modification check is still as eager
as possible.
[r45198](https://code.google.com/p/dart/source/detail?r=45198),
* Update experimental Isolate API: * Update experimental Isolate API:
- Make priorty parameters of `Isolate.ping` and `Isolate.kill` methods - Make priority parameters of `Isolate.ping` and `Isolate.kill` methods
a named parameter. a named parameter.
- Remove the `Isolate.AS_EVENT` priority. - Remove the `Isolate.AS_EVENT` priority.
- Add extra `response` parameter to `Isolate.ping` and - Add extra `response` parameter to `Isolate.ping` and

22
sdk/lib/html/dart2js/html_dart2js.dart
View File

@ -9932,8 +9932,10 @@ class DocumentFragment extends Node implements ParentNode {
* Parses the specified text as HTML and adds the resulting node after the * Parses the specified text as HTML and adds the resulting node after the
* last child of this document fragment. * last child of this document fragment.
*/ */
void appendHtml(String text) { void appendHtml(String text, {NodeValidator validator,
this.append(new DocumentFragment.html(text)); NodeTreeSanitizer, treeSanitizer}) {
this.append(new DocumentFragment.html(text, validator: validator,
treeSanitizer: treeSanitizer));
} }
/** /**
@ -12610,8 +12612,10 @@ abstract class Element extends Node implements GlobalEventHandlers, ParentNode,
* Parses the specified text as HTML and adds the resulting node after the * Parses the specified text as HTML and adds the resulting node after the
* last child of this element. * last child of this element.
*/ */
void appendHtml(String text) { void appendHtml(String text, {NodeValidator validator,
this.insertAdjacentHtml('beforeend', text); NodeTreeSanitizer treeSanitizer}) {
this.insertAdjacentHtml('beforeend', text, validator: validator,
treeSanitizer: treeSanitizer);
} }
/** /**
@ -12890,12 +12894,10 @@ abstract class Element extends Node implements GlobalEventHandlers, ParentNode,
* * [insertAdjacentText] * * [insertAdjacentText]
* * [insertAdjacentElement] * * [insertAdjacentElement]
*/ */
void insertAdjacentHtml(String where, String html) { void insertAdjacentHtml(String where, String html, {NodeValidator validator,
if (JS('bool', '!!#.insertAdjacentHTML', this)) { NodeTreeSanitizer treeSanitizer}) {
_insertAdjacentHtml(where, html); _insertAdjacentNode(where, new DocumentFragment.html(html,
} else { validator: validator, treeSanitizer: treeSanitizer));
_insertAdjacentNode(where, new DocumentFragment.html(html));
}
} }
@JSName('insertAdjacentHTML') @JSName('insertAdjacentHTML')

12
sdk/lib/html/dartium/html_dartium.dart
View File

@ -9409,8 +9409,10 @@ class DocumentFragment extends Node implements ParentNode {
* Parses the specified text as HTML and adds the resulting node after the * Parses the specified text as HTML and adds the resulting node after the
* last child of this document fragment. * last child of this document fragment.
*/ */
void appendHtml(String text) { void appendHtml(String text, {NodeValidator validator,
this.append(new DocumentFragment.html(text)); NodeTreeSanitizer, treeSanitizer}) {
this.append(new DocumentFragment.html(text, validator: validator,
treeSanitizer: treeSanitizer));
} }
/** /**
@ -12252,8 +12254,10 @@ abstract class Element extends Node implements GlobalEventHandlers, ParentNode,
* Parses the specified text as HTML and adds the resulting node after the * Parses the specified text as HTML and adds the resulting node after the
* last child of this element. * last child of this element.
*/ */
void appendHtml(String text) { void appendHtml(String text, {NodeValidator validator,
this.insertAdjacentHtml('beforeend', text); NodeTreeSanitizer treeSanitizer}) {
this.insertAdjacentHtml('beforeend', text, validator: validator,
treeSanitizer: treeSanitizer);
} }
/** /**

18
tests/html/node_validator_important_if_you_suppress_make_the_bug_critical_test.dart
View File

@ -137,6 +137,24 @@ main() {
validateNodeTree(template.content, expectedContent); validateNodeTree(template.content, expectedContent);
}); });
test("appendHtml is sanitized", () {
var html = '<body background="s"></body><div></div>';
document.body.appendHtml('<div id="stuff"></div>');
var stuff = document.querySelector("#stuff");
stuff.appendHtml(html);
expect(stuff.childNodes.length, 1);
stuff.remove();
});
test("documentFragment.appendHtml is sanitized", () {
var html = '<div id="things></div>';
var fragment = new DocumentFragment.html(html);
fragment.appendHtml('<div id="bad"><script></script></div>');
expect(fragment.childNodes.length, 1);
expect(fragment.childNodes[0].id, "bad");
expect(fragment.childNodes[0].childNodes.length, 0);
});
}); });
group('URI_sanitization', () { group('URI_sanitization', () {

6
tools/dom/templates/html/impl/impl_DocumentFragment.darttemplate
View File

@ -93,8 +93,10 @@ $endif
* Parses the specified text as HTML and adds the resulting node after the * Parses the specified text as HTML and adds the resulting node after the
* last child of this document fragment. * last child of this document fragment.
*/ */
void appendHtml(String text) { void appendHtml(String text, {NodeValidator validator,
this.append(new DocumentFragment.html(text)); NodeTreeSanitizer, treeSanitizer}) {
this.append(new DocumentFragment.html(text, validator: validator,
treeSanitizer: treeSanitizer));
} }
/** /**

16
tools/dom/templates/html/impl/impl_Element.darttemplate
View File

@ -727,8 +727,10 @@ $(ANNOTATIONS)$(NATIVESPEC)abstract class $CLASSNAME$EXTENDS$IMPLEMENTS {
* Parses the specified text as HTML and adds the resulting node after the * Parses the specified text as HTML and adds the resulting node after the
* last child of this element. * last child of this element.
*/ */
void appendHtml(String text) { void appendHtml(String text, {NodeValidator validator,
this.insertAdjacentHtml('beforeend', text); NodeTreeSanitizer treeSanitizer}) {
this.insertAdjacentHtml('beforeend', text, validator: validator,
treeSanitizer: treeSanitizer);
} }
/** /**
@ -1018,12 +1020,10 @@ $if DART2JS
* * [insertAdjacentText] * * [insertAdjacentText]
* * [insertAdjacentElement] * * [insertAdjacentElement]
*/ */
void insertAdjacentHtml(String where, String html) { void insertAdjacentHtml(String where, String html, {NodeValidator validator,
if (JS('bool', '!!#.insertAdjacentHTML', this)) { NodeTreeSanitizer treeSanitizer}) {
_insertAdjacentHtml(where, html); _insertAdjacentNode(where, new DocumentFragment.html(html,
} else { validator: validator, treeSanitizer: treeSanitizer));
_insertAdjacentNode(where, new DocumentFragment.html(html));
}
} }
@JSName('insertAdjacentHTML') @JSName('insertAdjacentHTML')