diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..220bdb4 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,11 @@ +sudo: false +language: python +python: + - "2.7" +install: + - git clone https://github.com/tabatkins/bikeshed.git + - pip install --editable bikeshed + - bikeshed update +script: + # Invoke bikeshed here, at your own leisure. E.g.: + - bikeshed spec diff --git a/index.html b/index.html deleted file mode 100644 index e71f76a..0000000 --- a/index.html +++ /dev/null @@ -1,1866 +0,0 @@ - - - - Sanitize Untrusted HTML - - - - - - - - - - - -
-

-

Sanitize Untrusted HTML

-

A Collection of Interesting Ideas,

-
-
-
Editor: -
(Google Inc.) -
-
-
- -
-
-
-

Abstract

-

This document specifies a set of APIs which allow developers to take untrusted - -strings of HTML, and sanitize them for safe insertion into a document’s DOM.

-
-
- -
-

1. Introduction

-

This section is not normative.

-

Web applications often need to work with strings of HTML on the client side, -perhaps as part of a client-side templating solution, perhaps as part of -rendering user generated content, etc. It is difficult to do so in a safe way, -however; the naive approach of joining strings together and stuffing them into -an Element's innerHTML is fraught with risk, as that can and -will cause JavaScript execution in a number of unexpected ways.

-

Libraries like [DOMPURIFY] attempt to manage this problem by carefully -parsing and sanitizing strings before insertion by constructing a DOM and -walking its members through a white-list. This has proven to be a fragile -approach, as the parsing APIs exposed to the web don’t always map in -reasonable ways to the browser’s behavior when actually rendering a string as -HTML in the "real" DOM. Moreover, the libraries need to keep on top of -browsers' changing behavior over time; things that once were safe may turn -into time-bombs based on new platform-level features.

-

The browser, on the other, has an fairly good idea of when it is going to -execute code. We can improve upon the userspace libraries by teaching the -browser how to render HTML from an arbitrary string in a safe manner, and do -so in a way that is much more likely to be maintained and updated along with -the browser’s own changing parser implementation. This document outlines an -API which aims to do just that.

-

1.1. Goals

- -

1.2. Examples

-
let s = new Sanitizer({
-  tags: ['a', 'b', ...],
-  attributes: ['c', 'd', 'e', ...],
-  ...
-});
-s.toString("&lt;img src=x onerror=alert(1)//&gt;"); // returns <code data-opaque bs-autolink-syntax='`<img src=&quot;x&quot;>`'>&lt;img src="x"></code>
-s.toFragment("&lt;img src=x onerror=alert(1)//&gt;"); // returns a <code data-opaque bs-autolink-syntax='`DocumentFragment`'>DocumentFragment</code>
-
-

2. Framework

-

Blah, blah, blah.

-
dictionary SanitizerConfig {
-  sequence<DOMString> tags;
-  sequence<DOMString> attributes;
-  // ...
-  // More things from https://github.com/cure53/DOMPurify/blob/master/src/purify.js#L224 
-};
-
-[Constructor(optional SanitizerConfig config), Exposed=(Window)]
-interface Sanitizer {
-  DOMString toString(DOMString input);
-  DocumentFragment toFragment(DOMString input);
-
-  // And maybe?
-  static DOMString sanitizeToString(DOMString input, optional SanitizerConfig config);
-  static DocumentFragment sanitizeToFragment(DOMString input, optional SanitizerConfig config);
-};
-
-

3. Acknowledgements

-

Cure53’s [DOMPURIFY] is a clear inspiration for the API this document -describes, as is Internet Explorer’s window.toStaticHTML().

-
- -

Index

-

Terms defined by this specification

- - - - - - -

Terms defined by reference

- -

References

-

Normative References

-
-
[DOM] -
Anne van Kesteren. DOM Standard. Living Standard. URL: https://dom.spec.whatwg.org/ -
[DOM-Parsing] -
Travis Leithead. DOM Parsing and Serialization. 17 May 2016. WD. URL: https://www.w3.org/TR/DOM-Parsing/ -
[WebIDL] -
Cameron McCormack; Boris Zbarsky; Tobie Langel. Web IDL. 15 December 2016. ED. URL: https://heycam.github.io/webidl/ -
-

Informative References

-
-
[DOMPURIFY] -
DOMPurify. URL: https://github.com/cure53/DOMPurify -
-

IDL Index

-
dictionary SanitizerConfig {
-  sequence<DOMString> tags;
-  sequence<DOMString> attributes;
-  // ...
-  // More things from https://github.com/cure53/DOMPurify/blob/master/src/purify.js#L224 
-};
-
-[Constructor(optional SanitizerConfig config), Exposed=(Window)]
-interface Sanitizer {
-  DOMString toString(DOMString input);
-  DocumentFragment toFragment(DOMString input);
-
-  // And maybe?
-  static DOMString sanitizeToString(DOMString input, optional SanitizerConfig config);
-  static DocumentFragment sanitizeToFragment(DOMString input, optional SanitizerConfig config);
-};
-
-
- - \ No newline at end of file