Skip to content

Commit

Permalink
Review feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
otherdaniel committed Sep 13, 2024
1 parent 52e0a99 commit fad7841
Showing 1 changed file with 32 additions and 39 deletions.
71 changes: 32 additions & 39 deletions index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ The <dfn for="Document" export>parseHTMLUnsafe</dfn>(|html|, |options|) method s
1. [=Parse HTML from a string=] given |document| and |compliantHTML|.
1. Let |sanitizer| be the result of calling [=get a sanitizer instance from options=]
with |options|.
1. Call [=sanitize=] on |document|'s [=tree/root|root node=] with |sanitizer|.
1. Call [=sanitize=] on |document|'s [=tree/root|root node=] with |sanitizer| and false.
1. Return |document|.

</div>
Expand All @@ -211,7 +211,7 @@ The <dfn for="Document" export>parseHTML</dfn>(|html|, |options|) method steps a
1. [=Parse HTML from a string=] given |document| and |html|.
1. Let |sanitizer| be the result of calling [=get a sanitizer instance from options=]
with |options|.
1. Call [=sanitize=] on |document|'s [=tree/root|root node=] with |sanitizer|.
1. Call [=sanitize=] on |document|'s [=tree/root|root node=] with |sanitizer| and true.
1. Return |document|.

</div>
Expand All @@ -228,35 +228,35 @@ dictionary SetHTMLOptions {
</pre>

The {{Sanitizer}} configuration object encapsulates a filter configuration.
The same config can be used with both safe or unsafe methods. The intent is
The same config can be used with both safe or unsafe methods, where the safe
methods perform an implicit {{removeUnsafe}} operation. The intent is
that one (or a few) configurations will be built-up early on in a page's
lifetime, and can then be used whenever needed. This allows implementations
to pre-process configurations.

The configuration object is also query-able and can return
configuration dictionaries,
in both safe and unsafe variants. This allows a
page to query and predict what effect a given configuration will have, or
to build a new configuration based on an existing one.
The configuration object can be queried to return a configuration dictionary.
It can also be modified directly.

<pre class=idl>
[Exposed=(Window,Worker)]
interface Sanitizer {
constructor(optional SanitizerConfig config = {});

// Query configurations:
// Query configuration:
SanitizerConfig get();
SanitizerConfig getUnsafe();

// Modifying a Sanitizer:
undefined element(SanitizerElementNamespaceWithAttributes element);
// Modify a Sanitizer's lists and fields:
undefined allowElement(SanitizerElementNamespaceWithAttributes element);
undefined removeElement(SanitizerElement element);
undefined replaceWithChildren(SanitizerElement element);
undefined replaceWithChildrenElement(SanitizerElement element);
undefined allowAttribute(SanitizerAttribute attribute);
undefined removeAttribute(SanitizerAttribute attribute);
undefined setComment(boolean allow);
undefined setDataAttributes(boolean allow);
undefined setOtherMarkup(boolean allow);

// Remove markup that executes script. May modify multiple lists:
undefined removeUnsafe();
};
</pre>

Expand All @@ -274,20 +274,12 @@ Issue: This abandons all error handling, because setting a config will
<div algorithm>
The <dfn for="Sanitizer" export>get</dfn>() method steps are:

1. Return the result of calling [=safeify=] on the result of
[=Sanitizer/getUnsafe=].

</div>

<div algorithm>
The <dfn for="Sanitizer" export>getUnsafe</dfn>() method steps are:

1. Return the value of [=this=]'s [=internal slot=].

</div>

<div algorithm>
The <dfn for="Sanitizer" export>element</dfn>(|element|) method steps are:
The <dfn for="Sanitizer" export>allowElement</dfn>(|element|) method steps are:

1. Let |name| be the result of [=canonicalize a sanitizer name=] |element| with [=HTML namespace=] as the default namespace.
1. [=list/Append=] |name| to [=this=]'s [=internal slot=]'s {{SanitizerConfig/elements}} list.
Expand All @@ -311,7 +303,7 @@ The <dfn for="Sanitizer" export>removeElement</dfn>(|element|) method steps are:


<div algorithm>
The <dfn for="Sanitizer" export>replaceWithChildren</dfn>(|element|) method steps are:
The <dfn for="Sanitizer" export>replaceWithChildrenElement</dfn>(|element|) method steps are:

1. Let |name| be the result of [=canonicalize a sanitizer name=] |element| with [=HTML namespace=] as the default namespace.
1. [=list/Append=] |name| from [=this=]'s [=internal slot=]'s
Expand All @@ -329,7 +321,6 @@ The <dfn for="Sanitizer" export>allowAttribute</dfn>(|attribute|) method steps a
{{SanitizerConfig/attributes}}.
1. [=list/Remove=] |name| from [=this=]'s [=internal slot=]'s {{SanitizerConfig/removeAttributes}}.

</div>
</div>

<div algorithm>
Expand Down Expand Up @@ -363,6 +354,14 @@ The <dfn for="Sanitizer" export>setOtherMarkup</dfn>(|allow|) method steps are:

</div>

<div algorithm>
The <dfn for="Sanitizer" export>removeUnsafe</dfn>() method steps are:

1. Update [=this=]'s [=internal slot=] with the result of calling [=remove unsafe=]
on [=this=]'s [=internal slot=].

</div>

## The Configuration Dictionary ## {#config}

<pre class=idl>
Expand Down Expand Up @@ -445,7 +444,7 @@ For the main <dfn>sanitize</dfn> operation, using a {{ParentNode}} |node|, a
{{Sanitizer}} |sanitizer| and a [=boolean=] |safe|, run these steps:

1. Let |config| be the value of |sanitizer|'s [=internal slot=].
1. If |safe|, let |config| be the result of calling [=safeify=] on |config|.
1. If |safe|, let |config| be the result of calling [=remove unsafe=] on |config|.
1. Call [=sanitize core=] on |node|, |config|, and |safe| (as value for
handling javascript navigation urls).

Expand Down Expand Up @@ -516,7 +515,14 @@ template contents). It consistes of these steps:
## Configuration Processing ## {#configuration-processing}

<div algorithm>
To <dfn for="SanitizerConfig">safeify</dfn> a |config|, do this:

Note: While this algorithm is called [=remove unsafe=], we use
<a href="#security-considerations">the term "unsafe" strictly in the sense
of this spec</a>, to denote content that will
execute JavaScript when inserted into the document. In other words, this
method will remove oportunities for XSS.

To <dfn for="SanitizerConfig">remove unsafe</dfn> from a |config|, do this:

1. [=Assert=]: The [=built-in safe baseline config=] has
{{SanitizerConfig/removeElements}} and {{SanitizerConfig/removeAttributes}}
Expand Down Expand Up @@ -586,19 +592,6 @@ if there exists an |entry| of |list| that is an [=ordered map=], and where

</div>

<div algorithm>
Set difference (or set subtraction) is a clone of a set A, but with all members
removed that occur in a set B:
To compute the <dfn for="set">difference</dfn> of two [=ordered sets=] |A| and |B|:

1. Let |set| be a new [=ordered set=].
1. [=list/iterate|For each=] |item| of |A|:
1. If |B| does not [=set/contain=] |item|, then [=set/append=] |item|
to |set|.
1. Return |set|.

</div>

<div algorithm>
Equality for [=ordered sets=] is equality of its members, but without
regard to order:
Expand Down

0 comments on commit fad7841

Please sign in to comment.