File: sanitizer_api.cc

package info (click to toggle)
chromium 138.0.7204.183-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,908 kB
  • sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (112 lines) | stat: -rw-r--r-- 4,415 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "third_party/blink/renderer/core/sanitizer/sanitizer_api.h"

#include "third_party/blink/renderer/bindings/core/v8/v8_set_html_options.h"
#include "third_party/blink/renderer/bindings/core/v8/v8_set_html_unsafe_options.h"
#include "third_party/blink/renderer/bindings/core/v8/v8_union_sanitizer_sanitizerconfig_sanitizerpresets.h"
#include "third_party/blink/renderer/core/dom/container_node.h"
#include "third_party/blink/renderer/core/dom/element.h"
#include "third_party/blink/renderer/core/html_names.h"
#include "third_party/blink/renderer/core/sanitizer/sanitizer.h"
#include "third_party/blink/renderer/core/sanitizer/sanitizer_builtins.h"
#include "third_party/blink/renderer/core/svg_names.h"

namespace blink {

// Note: SanitizerSafeInternal and SanitizerUnsafeInternal are mostly identical.
//   But because SetHTMLOptions and SetHTMLUnsafeOptions are unrelated types (as
//   far as C++ is concerned) they cannot easily be merged.

void SanitizerAPI::SanitizeSafeInternal(ContainerNode* element,
                                        SetHTMLOptions* options,
                                        ExceptionState& exception_state) {
  if (exception_state.HadException()) {
    element->setTextContent("");
    return;
  }

  if (element->IsElementNode()) {
    const Element* real_element = To<Element>(element);
    if (real_element->TagQName() == html_names::kScriptTag ||
        real_element->TagQName() == svg_names::kScriptTag) {
      element->setTextContent("");
      return;
    }
  }

  const Sanitizer* sanitizer = nullptr;
  if (!options || !options->hasSanitizer()) {
    // Default case: No dictionary, or dictionary without 'sanitizer' member.
    sanitizer = Sanitizer::Create(nullptr, /*safe*/ true, exception_state);
  } else {
    if (options->sanitizer()->IsSanitizer()) {
      // We already got a sanitizer.
      sanitizer = options->sanitizer()->GetAsSanitizer();
    } else if (options->sanitizer()->IsSanitizerConfig()) {
      // We need to create a Sanitizer from a given config.
      sanitizer =
          Sanitizer::Create(options->sanitizer()->GetAsSanitizerConfig(),
                            /*safe*/ true, exception_state);
    } else if (options->sanitizer()->IsSanitizerPresets()) {
      // Create a Sanitizer from a "preset" string.
      sanitizer = Sanitizer::Create(
          options->sanitizer()->GetAsSanitizerPresets().AsEnum(),
          exception_state);
    } else {
      // Default case: Dictionary with 'sanitizer' member but no (valid) value.
      sanitizer = Sanitizer::Create(nullptr, /*safe*/ true, exception_state);
    }
  }

  if (exception_state.HadException()) {
    return;
  }

  CHECK(sanitizer);
  sanitizer->SanitizeSafe(element);
}

void SanitizerAPI::SanitizeUnsafeInternal(ContainerNode* element,
                                          SetHTMLUnsafeOptions* options,
                                          ExceptionState& exception_state) {
  if (exception_state.HadException()) {
    element->setTextContent("");
    return;
  }

  const Sanitizer* sanitizer = nullptr;
  if (!options || !options->hasSanitizer()) {
    // Default case: No dictionary, or dictionary without 'sanitizer' member.
    sanitizer = Sanitizer::Create(nullptr, /*safe*/ false, exception_state);
  } else {
    if (options->sanitizer()->IsSanitizer()) {
      // We already got a sanitizer.
      sanitizer = options->sanitizer()->GetAsSanitizer();
    } else if (options->sanitizer()->IsSanitizerConfig()) {
      // We need to create a Sanitizer from a given config.
      sanitizer =
          Sanitizer::Create(options->sanitizer()->GetAsSanitizerConfig(),
                            /*safe*/ false, exception_state);
    } else if (options->sanitizer()->IsSanitizerPresets()) {
      // Create a Sanitizer from a "preset" string.
      sanitizer = Sanitizer::Create(
          options->sanitizer()->GetAsSanitizerPresets().AsEnum(),
          exception_state);
    } else {
      // Default case: Dictionary with 'sanitizer' member but not (valid) value.
      sanitizer = Sanitizer::Create(nullptr, /*safe*/ false, exception_state);
    }
  }

  if (exception_state.HadException()) {
    return;
  }

  CHECK(sanitizer);
  sanitizer->SanitizeUnsafe(element);
}

}  // namespace blink