Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitizer built-ins document #244

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Sanitizer built-ins document #244

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
f499f7d
Initial draft.
otherdaniel Nov 28, 2024
4ff9fd5
Add attributes
otherdaniel Dec 12, 2024
94a6ef7
Rework attributes. More standards references.
otherdaniel Dec 13, 2024
c2f6465
Complete ARIA attributes.
otherdaniel Dec 13, 2024
8ba0ee6
Review feedback.
otherdaniel Dec 18, 2024
48aebd1
Try empty -json file to fix preview.
otherdaniel Dec 18, 2024
2ea2510
Review feedback: Reference event content handlers; add remove elements
otherdaniel Jan 8, 2025
d84fe5f
Fix pr-push-yml
otherdaniel Jan 8, 2025
74bfa58
Fix pr-push-yml even harder.
otherdaniel Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .github/workflows/pr-push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Generate safe-default-configuration.json
run: python builtins/safe-default-configuration.py --input builtins/safe-default-configuration.txt --out builtins/safe-default-configuration.json
- uses: w3c/spec-prod@v2
with:
GH_PAGES_BRANCH: gh-pages
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
/.project
/out
/*.ninja*
/builtins/safe-default-configuration.json
147 changes: 147 additions & 0 deletions builtins/safe-baseline-configuration.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,147 @@
{
"removeElements": [
{
"namespace": "http://www.w3.org/1999/xhtml",
"name": "script"
},
{
"namespace": "http://www.w3.org/2000/svg",
"name": "script"
}
otherdaniel marked this conversation as resolved.
Show resolved Hide resolved
],
"removeAttributes": [
"onabort",
"onactivate",
"onafterprint",
"onanimationend",
"onanimationiteration",
"onanimationstart",
"onauxclick",
"onbeforecopy",
"onbeforecut",
"onbeforeinput",
"onbeforepaste",
"onbeforeprint",
"onbeforetoggle",
"onbeforeunload",
"onbegin",
"onblur",
"oncancel",
"oncanplay",
"oncanplaythrough",
"onchange",
"onclick",
"onclose",
"oncontentvisibilityautostatechange",
"oncontextlost",
"oncontextmenu",
"oncontextrestored",
"oncopy",
"oncuechange",
"oncut",
"ondblclick",
"ondismiss",
"ondrag",
"ondragend",
"ondragenter",
"ondragleave",
"ondragover",
"ondragstart",
"ondrop",
"ondurationchange",
"onemptied",
"onend",
"onended",
"onerror",
"onfocus",
"onfocusin",
"onfocusout",
"onformdata",
"ongotpointercapture",
"onhashchange",
"oninput",
"oninvalid",
"onkeydown",
"onkeypress",
"onkeyup",
"onlanguagechange",
"onload",
"onloadeddata",
"onloadedmetadata",
"onloadstart",
"onlostpointercapture",
"onmessage",
"onmessageerror",
"onmousedown",
"onmouseenter",
"onmouseleave",
"onmousemove",
"onmouseout",
"onmouseover",
"onmouseup",
"onmousewheel",
"onmove",
"onoffline",
"ononline",
"onorientationchange",
"onoverscroll",
"onpagehide",
"onpageshow",
"onpaste",
"onpause",
"onplay",
"onplaying",
"onpointercancel",
"onpointerdown",
"onpointerenter",
"onpointerleave",
"onpointermove",
"onpointerout",
"onpointerover",
"onpointerrawupdate",
"onpointerup",
"onpopstate",
"onprogress",
"onratechange",
"onrepeat",
"onreset",
"onresize",
"onresolve",
"onscroll",
"onscrollend",
"onscrollsnapchange",
"onscrollsnapchanging",
"onsearch",
"onsecuritypolicyviolation",
"onseeked",
"onseeking",
"onselect",
"onselectionchange",
"onselectstart",
"onshow",
"onslotchange",
"onstalled",
"onstorage",
"onsubmit",
"onsuspend",
"ontimeupdate",
"ontimezonechange",
"ontoggle",
"ontouchcancel",
"ontouchend",
"ontouchmove",
"ontouchstart",
"ontransitionend",
"onunload",
"onvalidationstatuschange",
"onvolumechange",
"onwaiting",
"onwebkitanimationend",
"onwebkitanimationiteration",
"onwebkitanimationstart",
"onwebkitfullscreenchange",
"onwebkitfullscreenerror",
"onwebkittransitionend",
"onwheel"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What should we do here? In spec purity terms, I believe we should stick to those in the HTML standard and make a big note that many engines support non-standardized and add them as a hint or such?
But In reality, I can see this going wrong.

@evilpie: How would we best identify the list of supported event handler attributes in Gecko?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably just check if an attribute is a https://html.spec.whatwg.org/#event-handler-content-attributes. We could then maybe non-normatively list all of them (they're also in an index in HTML). Implementations can do roughly the same thing they do for Trusted Types.

Copy link

@evilpie evilpie Dec 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In Gecko, Trusted Types currently uses the EventNameList.h.

Copy link
Collaborator Author

@otherdaniel otherdaniel Jan 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've now removed the list of event handlers, instead adding a rules to remove event-handler-content-attributes. I'm iterating over those, as if they were a list. Not sure if that's legitimate.

I've also added a note and a script that merges in a copy of the event handlers, so it's more easy to see what this does. This should make it easy to modify, and to -- eventually -- just use a list directly derived from the HTML spec text.

Unfortunately, the preview doesn't run the scripts, so that particular bit isn't easy to review.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think iterating over them is okay. We might have to revisit this when upstreaming.

]
}
Empty file added builtins/safe-default-configuration.json
View file
Open in desktop
Empty file.
42 changes: 42 additions & 0 deletions builtins/safe-default-configuration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Sanitizer API - Build configuration dictionary from text file.

import json
import argparse
import sys

def main():
parser = argparse.ArgumentParser()
parser.add_argument("--input", type=argparse.FileType('r'), required=True)
parser.add_argument("--out", type=argparse.FileType('w'), required=True)
args = parser.parse_args()

try:
lines = args.input.read()
except BaseException as err:
parser.error("Cannot read from --input file.")

result = { "elements": [], "attributes": [] }
current = []
for line in lines.split("\n"):
if not line:
pass
elif line.startswith("//"):
pass
elif line.startswith("- "):
current.append({ "name": line[2:], "namespace": None })
elif line == "[HTML Global]":
current = result["attributes"]
else:
elem = { "name": line, "namespace": "http://www.w3.org/1999/xhtml",
"attributes": [] }
result["elements"].append(elem)
current = elem["attributes"]

try:
json.dump(result, args.out, indent=2)
except BaseException as err:
parser.error("Cannot write to --out file.")
return 0

if __name__ == "__main__":
main()
171 changes: 171 additions & 0 deletions builtins/safe-default-configuration.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,171 @@
// Document element
// https://html.spec.whatwg.org/#the-root-element

html

// Document metadata
// https://html.spec.whatwg.org/#document-metadata

head
title

// meta and link, purposely omitted

// Sections
// https://html.spec.whatwg.org/#sections

body
article
section
nav
aside
h1
h2
h3
h4
h5
h6
hgroup
header
footer
address

// Grouping Content
// https://html.spec.whatwg.org/#grouping-content

p
hr
pre
blockquote
- cite
ol
- reversed
- start
- type
ul
menu
li
- value
dl
dt
dd
figure
figcaption
main
search
div

// Text-level Semantics
// https://html.spec.whatwg.org/#text-level-semantics ###

a
- href
- rel
- hreflang
- type
// Purposely omitted:
// - target
// - download
// - referrerpolicy
// - ping
em
strong
small
s
cite
q
dfn
- title
abbr
- title
ruby
rt
rp
data
- value
time
- datetime
code
var
samp
kbd
sub
sup
i
b
u
mark
bdi
- dir
bdo
- dir
span
br
wbr

// Edits
// https://html.spec.whatwg.org/#edits

ins
- cite
- datetime
del
- cite
- datetime

// Embedded content
// https://html.spec.whatwg.org/#embedded-content
//
// Purposely omitted.

// Tabular Data
// https://html.spec.whatwg.org/#tables

table
caption
colgroup
- span
col
- span
tbody
thead
tfoot
tr
td
- colspan
- rowspan
- headers
th
- colspan
- rowspan
- headers
- scope
- abbr

// Forms
// https://html.spec.whatwg.org/#forms
//
// Purposely omitted

// Interactive Elements
// https://html.spec.whatwg.org/#interactive-elements
//
// Purposly omitted.

// Scripting
// https://html.spec.whatwg.org/#scripting
//
// Purposely omitted.

// SVG: TBD
// MathML: TDB

// HTML global attributes
//
// Selection of attributes. Most are purposely omitted.

[HTML Global]
- dir
- lang
- title

Loading
Loading