-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitizer built-ins document #244
Open
otherdaniel
wants to merge
6
commits into
WICG:main
Choose a base branch
from
otherdaniel:lists
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
f499f7d
Initial draft.
otherdaniel 4ff9fd5
Add attributes
otherdaniel 94a6ef7
Rework attributes. More standards references.
otherdaniel c2f6465
Complete ARIA attributes.
otherdaniel 8ba0ee6
Review feedback.
otherdaniel 48aebd1
Try empty -json file to fix preview.
otherdaniel File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
/.project | ||
/out | ||
/*.ninja* | ||
/builtins/safe-default-configuration.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,147 @@ | ||
{ | ||
"removeElements": [ | ||
{ | ||
"namespace": "http://www.w3.org/1999/xhtml", | ||
"name": "script" | ||
}, | ||
{ | ||
"namespace": "http://www.w3.org/2000/svg", | ||
"name": "script" | ||
} | ||
], | ||
"removeAttributes": [ | ||
"onabort", | ||
"onactivate", | ||
"onafterprint", | ||
"onanimationend", | ||
"onanimationiteration", | ||
"onanimationstart", | ||
"onauxclick", | ||
"onbeforecopy", | ||
"onbeforecut", | ||
"onbeforeinput", | ||
"onbeforepaste", | ||
"onbeforeprint", | ||
"onbeforetoggle", | ||
"onbeforeunload", | ||
"onbegin", | ||
"onblur", | ||
"oncancel", | ||
"oncanplay", | ||
"oncanplaythrough", | ||
"onchange", | ||
"onclick", | ||
"onclose", | ||
"oncontentvisibilityautostatechange", | ||
"oncontextlost", | ||
"oncontextmenu", | ||
"oncontextrestored", | ||
"oncopy", | ||
"oncuechange", | ||
"oncut", | ||
"ondblclick", | ||
"ondismiss", | ||
"ondrag", | ||
"ondragend", | ||
"ondragenter", | ||
"ondragleave", | ||
"ondragover", | ||
"ondragstart", | ||
"ondrop", | ||
"ondurationchange", | ||
"onemptied", | ||
"onend", | ||
"onended", | ||
"onerror", | ||
"onfocus", | ||
"onfocusin", | ||
"onfocusout", | ||
"onformdata", | ||
"ongotpointercapture", | ||
"onhashchange", | ||
"oninput", | ||
"oninvalid", | ||
"onkeydown", | ||
"onkeypress", | ||
"onkeyup", | ||
"onlanguagechange", | ||
"onload", | ||
"onloadeddata", | ||
"onloadedmetadata", | ||
"onloadstart", | ||
"onlostpointercapture", | ||
"onmessage", | ||
"onmessageerror", | ||
"onmousedown", | ||
"onmouseenter", | ||
"onmouseleave", | ||
"onmousemove", | ||
"onmouseout", | ||
"onmouseover", | ||
"onmouseup", | ||
"onmousewheel", | ||
"onmove", | ||
"onoffline", | ||
"ononline", | ||
"onorientationchange", | ||
"onoverscroll", | ||
"onpagehide", | ||
"onpageshow", | ||
"onpaste", | ||
"onpause", | ||
"onplay", | ||
"onplaying", | ||
"onpointercancel", | ||
"onpointerdown", | ||
"onpointerenter", | ||
"onpointerleave", | ||
"onpointermove", | ||
"onpointerout", | ||
"onpointerover", | ||
"onpointerrawupdate", | ||
"onpointerup", | ||
"onpopstate", | ||
"onprogress", | ||
"onratechange", | ||
"onrepeat", | ||
"onreset", | ||
"onresize", | ||
"onresolve", | ||
"onscroll", | ||
"onscrollend", | ||
"onscrollsnapchange", | ||
"onscrollsnapchanging", | ||
"onsearch", | ||
"onsecuritypolicyviolation", | ||
"onseeked", | ||
"onseeking", | ||
"onselect", | ||
"onselectionchange", | ||
"onselectstart", | ||
"onshow", | ||
"onslotchange", | ||
"onstalled", | ||
"onstorage", | ||
"onsubmit", | ||
"onsuspend", | ||
"ontimeupdate", | ||
"ontimezonechange", | ||
"ontoggle", | ||
"ontouchcancel", | ||
"ontouchend", | ||
"ontouchmove", | ||
"ontouchstart", | ||
"ontransitionend", | ||
"onunload", | ||
"onvalidationstatuschange", | ||
"onvolumechange", | ||
"onwaiting", | ||
"onwebkitanimationend", | ||
"onwebkitanimationiteration", | ||
"onwebkitanimationstart", | ||
"onwebkitfullscreenchange", | ||
"onwebkitfullscreenerror", | ||
"onwebkittransitionend", | ||
"onwheel" | ||
] | ||
} |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Sanitizer API - Build configuration dictionary from text file. | ||
|
||
import json | ||
import argparse | ||
import sys | ||
|
||
def main(): | ||
parser = argparse.ArgumentParser() | ||
parser.add_argument("--input", type=argparse.FileType('r'), required=True) | ||
parser.add_argument("--out", type=argparse.FileType('w'), required=True) | ||
args = parser.parse_args() | ||
|
||
try: | ||
lines = args.input.read() | ||
except BaseException as err: | ||
parser.error("Cannot read from --input file.") | ||
|
||
result = { "elements": [], "attributes": [] } | ||
current = [] | ||
for line in lines.split("\n"): | ||
if not line: | ||
pass | ||
elif line.startswith("//"): | ||
pass | ||
elif line.startswith("- "): | ||
current.append({ "name": line[2:], "namespace": None }) | ||
elif line == "[HTML Global]": | ||
current = result["attributes"] | ||
else: | ||
elem = { "name": line, "namespace": "http://www.w3.org/1999/xhtml", | ||
"attributes": [] } | ||
result["elements"].append(elem) | ||
current = elem["attributes"] | ||
|
||
try: | ||
json.dump(result, args.out, indent=2) | ||
except BaseException as err: | ||
parser.error("Cannot write to --out file.") | ||
return 0 | ||
|
||
if __name__ == "__main__": | ||
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,171 @@ | ||
// Document element | ||
// https://html.spec.whatwg.org/#the-root-element | ||
|
||
html | ||
|
||
// Document metadata | ||
// https://html.spec.whatwg.org/#document-metadata | ||
|
||
head | ||
title | ||
|
||
// meta and link, purposely omitted | ||
|
||
// Sections | ||
// https://html.spec.whatwg.org/#sections | ||
|
||
body | ||
article | ||
section | ||
nav | ||
aside | ||
h1 | ||
h2 | ||
h3 | ||
h4 | ||
h5 | ||
h6 | ||
hgroup | ||
header | ||
footer | ||
address | ||
|
||
// Grouping Content | ||
// https://html.spec.whatwg.org/#grouping-content | ||
|
||
p | ||
hr | ||
pre | ||
blockquote | ||
- cite | ||
ol | ||
- reversed | ||
- start | ||
- type | ||
ul | ||
menu | ||
li | ||
- value | ||
dl | ||
dt | ||
dd | ||
figure | ||
figcaption | ||
main | ||
search | ||
div | ||
|
||
// Text-level Semantics | ||
// https://html.spec.whatwg.org/#text-level-semantics ### | ||
|
||
a | ||
- href | ||
- rel | ||
- hreflang | ||
- type | ||
// Purposely omitted: | ||
// - target | ||
// - download | ||
// - referrerpolicy | ||
// - ping | ||
em | ||
strong | ||
small | ||
s | ||
cite | ||
q | ||
dfn | ||
- title | ||
abbr | ||
- title | ||
ruby | ||
rt | ||
rp | ||
data | ||
- value | ||
time | ||
- datetime | ||
code | ||
var | ||
samp | ||
kbd | ||
sub | ||
sup | ||
i | ||
b | ||
u | ||
mark | ||
bdi | ||
- dir | ||
bdo | ||
- dir | ||
span | ||
br | ||
wbr | ||
|
||
// Edits | ||
// https://html.spec.whatwg.org/#edits | ||
|
||
ins | ||
- cite | ||
- datetime | ||
del | ||
- cite | ||
- datetime | ||
|
||
// Embedded content | ||
// https://html.spec.whatwg.org/#embedded-content | ||
// | ||
// Purposely omitted. | ||
|
||
// Tabular Data | ||
// https://html.spec.whatwg.org/#tables | ||
|
||
table | ||
caption | ||
colgroup | ||
- span | ||
col | ||
- span | ||
tbody | ||
thead | ||
tfoot | ||
tr | ||
td | ||
- colspan | ||
- rowspan | ||
- headers | ||
th | ||
- colspan | ||
- rowspan | ||
- headers | ||
- scope | ||
- abbr | ||
|
||
// Forms | ||
// https://html.spec.whatwg.org/#forms | ||
// | ||
// Purposely omitted | ||
|
||
// Interactive Elements | ||
// https://html.spec.whatwg.org/#interactive-elements | ||
// | ||
// Purposly omitted. | ||
|
||
// Scripting | ||
// https://html.spec.whatwg.org/#scripting | ||
// | ||
// Purposely omitted. | ||
|
||
// SVG: TBD | ||
// MathML: TDB | ||
|
||
// HTML global attributes | ||
// | ||
// Selection of attributes. Most are purposely omitted. | ||
|
||
[HTML Global] | ||
- dir | ||
- lang | ||
- title | ||
|
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What should we do here? In spec purity terms, I believe we should stick to those in the HTML standard and make a big note that many engines support non-standardized and add them as a hint or such?
But In reality, I can see this going wrong.
@evilpie: How would we best identify the list of supported event handler attributes in Gecko?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably just check if an attribute is a https://html.spec.whatwg.org/#event-handler-content-attributes. We could then maybe non-normatively list all of them (they're also in an index in HTML). Implementations can do roughly the same thing they do for Trusted Types.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In Gecko, Trusted Types currently uses the EventNameList.h.