diff --git a/index.bs b/index.bs
index 0f58238..e758d55 100644
--- a/index.bs
+++ b/index.bs
@@ -121,7 +121,7 @@ markup, and an optional configuration.
@@ -148,7 +148,7 @@ partial interface Element {
@@ -178,7 +178,7 @@ The {{Document}} interface gains two new methods which parse an entire {{Documen
@@ -222,8 +222,12 @@ The family of {{Element/setHTML()}}-like methods all accept an options
dictionary. Right now, only one member of this dictionary is defined:
+enum SanitizerPresets { "default" };
dictionary SetHTMLOptions {
- (Sanitizer or SanitizerConfig) sanitizer = {};
+ (Sanitizer or SanitizerConfig or SanitizerPresets) sanitizer = "default";
+};
+dictionary SetHTMLUnsafeOptions {
+ (Sanitizer or SanitizerConfig or SanitizerPresets) sanitizer = {};
};
@@ -242,7 +246,7 @@ It can also be modified directly.
[Exposed=(Window,Worker)]
interface Sanitizer {
- constructor(optional SanitizerConfig configuration = {});
+ constructor(optional (SanitizerConfig or SanitizerPresets) configuration = "default");
// Query configuration:
SanitizerConfig get();
@@ -261,15 +265,15 @@ interface Sanitizer {
};
-Note: {{Sanitizer}} will likely get an additional method:
-
`[NewObject] static Sanitizer getDefault();`
-
A {{Sanitizer}} has an associated configuration, a {{SanitizerConfig}}.
The constructor(|configuration|)
method steps are:
+1. If |configuration| is a {{SanitizerPresets}} [=string=], then:
+ 1. [=Assert=]: |configuration| [=is=] {{SanitizerPresets/default}}.
+ 1. Set |configuration| to the [=built-in safe default configuration=].
1. Let |valid| be the return value of [=set a configuration|setting=] |configuration| on [=this=].
1. If |valid| is false, then throw a {{TypeError}}.
@@ -373,25 +377,30 @@ To set and filter HTML, given an {{Element}} or {{DocumentFragment}}
-To get a sanitizer instance from options for
-an options dictionary |options|, do:
+To get a sanitizer instance from options from
+a [=dictionary=] |options|, do:
-1. [=Assert=]: |options| is a [=dictionary=].
-1. If |options|["`sanitizer`"] doesn't [=map/exist=], then:
- 1. Let |result| be a new {{Sanitizer}} instance.
- 1. Let |setConfigurationResult| be the result of [=set a configuration=]
- with an empty [=dictionary=] on |result|.
- 1. [=Assert=]: The |setConfigurationResult| is true.
- 1. Return |result|.
-1. [=Assert=]: |options|["`sanitizer`"] is either a {{Sanitizer}} instance
+Note: This algorithm works for both {{SetHTMLOptions}} and
+ {{SetHTMLUnsafeOptions}}. They only differ in the defaults.
+
+1. Let |sanitizerSpec| be "{{SanitizerPresets/default}}".
+1. If |options|["{{SetHTMLOptions/sanitizer}}"] [=map/exists=], then:
+ 1. Set |sanitizerSpec| to |options|["{{SetHTMLOptions/sanitizer}}"]
+1. [=Assert=]: |sanitizerSpec| is either a {{Sanitizer}} instance,
+ a [=string=] which is a {{SanitizerPresets}} member, or a [=dictionary=].
+1. If |sanitizerSpec| is a [=string=]:
+ 1. [=Assert=]: |sanitizerSpec| [=is=] "{{SanitizerPresets/default}}"
+ 1. Set |sanitizerSpec| to the [=built-in safe default configuration=].
+1. [=Assert=]: |sanitizerSpec| is either a {{Sanitizer}} instance,
or a [=dictionary=].
-1. If |options|["`sanitizer`"] is a {{Sanitizer}} instance:
- Then return |options|["`sanitizer`"].
-1. [=Assert=]: |options|["`sanitizer`"] is a [=dictionary=].
-1. Let |result| be a new {{Sanitizer}} instance.
-1. Call [=set a configuration=] with |options|["`sanitizer`"].
-1. If [=set a configuration=] returned false, [=throw=] a {{TypeError}}.
-1. Otherwise, return |result|.
+1. If |sanitizerSpec| is a [=dictionary=]:
+ 1. Let |sanitizer| be a new {{Sanitizer}} instance.
+ 1. Let |setConfigurationResult| be the result of [=set a configuration=]
+ with |sanitizerSpec| on |sanitizer|.
+ 1. If |setConfigurationResult| is false, [=throw=] a {{TypeError}}.
+ 1. Set |sanitizerSpec| to |sanitizer|.
+1. [=Assert=]: |sanitizerSpec| is a {{Sanitizer}} instance.
+1. Return |sanitizerSpec|.
@@ -462,7 +471,7 @@ template contents). It consistes of these steps:
[=Attr/namespace=] is `null` and
|configuration|["{{SanitizerConfig/dataAttributes}}"] is true
1. If |handleJavascriptNavigationUrls| and «[|elementName|, |attrName|]» matches an entry in the
- [=navigating URL attributes list=], and if |attribute|'s [=protocol=] is
+ [=built-in navigating URL attributes list=], and if |attribute|'s [=protocol=] is
"`javascript:`":
1. Then remove |attribute| from |child|.
@@ -702,26 +711,17 @@ regard to order:
## Defaults ## {#sanitization-defaults}
-There are four builtins:
+There are three builtins:
* The [=built-in safe default configuration=],
-* the [=built-in unsafe default configuration=],
* the [=built-in safe baseline configuration=], and
-* the [=navigating URL attributes list=].
-
-The built-in safe default configuration is the same as the [=built-in safe baseline configuration=].
-
-ISSUE(233): Determine if this actually holds.
-
+* the [=built-in navigating URL attributes list=].
-The built-in unsafe default configuration is meant to allow anything.
-It is as follows:
+The built-in safe default configuration is as follows:
```
{
- allow: [],
- removeElements: [],
- attributes: [],
- removeAttributes: [],
+ elements: [ ... ],
+ attributes: [ ... ],
}
```
@@ -738,7 +738,7 @@ script-content, and nothing else. It is as follows:
```
-The navigating URL attributes list, for which "`javascript:`"
+The built-in navigating URL attributes list, for which "`javascript:`"
navigations are "unsafe", are as follows:
«[