Issue 6498123: Replace host innerHTML with our own HTML5-compliant serializer.

Issue 6498123: Replace host innerHTML with our own HTML5-compliant serializer. (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
11 years, 8 months ago by kpreid2

Modified:
11 years, 6 months ago

Reviewers:
felix8a

CC:
caja-discuss-undisclosed_googlegroups.com, MarkM, ihab.awad, Jasvir, metaweta, MikeSamuel, felix8a

Base URL:
http://google-caja.googlecode.com/svn/trunk/

Visibility:
Public.

Description

Our previous strategy to provide a innerHTML getter was to invoke the browser's, then sanitize the output. This strategy cannot implement foreign node protection, since whether a node is foreign depends on its object identity, which is not available starting from an innerHTML string. Therefore, it is replaced by our own implementation working off the tame nodes (and therefore unable to provide excess authority over regular DOM traversal), and operating according to the HTML5 specification's HTML fragment serialization algorithm. @r5144

Patch Set 1 #

Total comments: 8

Patch Set 2 : Replace host innerHTML with our own HTML5-compliant serializer. #

Patch Set 3 : Replace host innerHTML with our own HTML5-compliant serializer. #

Patch Set 4 : Replace host innerHTML with our own HTML5-compliant serializer. #

Created: 11 years, 7 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+198 lines, -71 lines)			Patch
M	src/com/google/caja/plugin/domado.js	View	1 2 3	3 chunks	+136 lines, -68 lines	0 comments	Download
M	tests/com/google/caja/plugin/browser-test-case.js	View	1 2 3	2 chunks	+6 lines, -0 lines	0 comments	Download
M	tests/com/google/caja/plugin/es53-test-domado-dom-guest.html	View	1 2 3	1 chunk	+43 lines, -0 lines	0 comments	Download
M	tests/com/google/caja/plugin/es53-test-domado-foreign-guest.html	View	1 2 3	4 chunks	+13 lines, -3 lines	0 comments	Download

Messages

Total messages: 6

Expand All Messages | Collapse All Messages

felix8a

https://codereview.appspot.com/6498123/diff/1/src/com/google/caja/plugin/domado.js File src/com/google/caja/plugin/domado.js (right): https://codereview.appspot.com/6498123/diff/1/src/com/google/caja/plugin/domado.js#newcode1827 src/com/google/caja/plugin/domado.js:1827: if (/["'>=]/.test(aName)) { this test seems inadequate, like spaces ...

11 years, 8 months ago (2012-09-13 21:00:17 UTC) #2

kpreid2

Patch Set 2 incorporates your feedback. https://codereview.appspot.com/6498123/diff/1/src/com/google/caja/plugin/domado.js File src/com/google/caja/plugin/domado.js (right): https://codereview.appspot.com/6498123/diff/1/src/com/google/caja/plugin/domado.js#newcode1827 src/com/google/caja/plugin/domado.js:1827: if (/["'>=]/.test(aName)) { ...

11 years, 8 months ago (2012-09-13 21:37:49 UTC) #3

Patch Set 2 incorporates your feedback.

https://codereview.appspot.com/6498123/diff/1/src/com/google/caja/plugin/doma...
File src/com/google/caja/plugin/domado.js (right):

https://codereview.appspot.com/6498123/diff/1/src/com/google/caja/plugin/doma...
src/com/google/caja/plugin/domado.js:1827: if (/["'>=]/.test(aName)) {
On 2012/09/13 21:00:18, felix8a wrote:
> this test seems inadequate, like spaces are also problematic in attribute
names.
> why have the test at all? innerHTML is not guaranteed to produce sensible
> results from nonsensical dom trees, and it seems to me that reading .innerHTML
> should never throw an error.

Agreed. Removed the test.

https://codereview.appspot.com/6498123/diff/1/src/com/google/caja/plugin/doma...
src/com/google/caja/plugin/domado.js:1867: if (tameCurrent.firstChild.nodeType
=== 3 &&
On 2012/09/13 21:00:18, felix8a wrote:
> firstChild might be null

Done.

https://codereview.appspot.com/6498123/diff/1/src/com/google/caja/plugin/doma...
src/com/google/caja/plugin/domado.js:1905: throw new Error('Internal: HTML
fragment serialization '
On 2012/09/13 21:00:18, felix8a wrote:
> I'd prefer silently ignoring unexpected node types, but don't feel strongly
> about this.

Changed to console.error and ignore.

https://codereview.appspot.com/6498123/diff/1/tests/com/google/caja/plugin/es...
File tests/com/google/caja/plugin/es53-test-domado-foreign-guest.html (right):

https://codereview.appspot.com/6498123/diff/1/tests/com/google/caja/plugin/es...
tests/com/google/caja/plugin/es53-test-domado-foreign-guest.html:119: if (parent
&& 'innerHTML' in parent) {
On 2012/09/13 21:00:18, felix8a wrote:
> how about put this part of the test in testExternalForeign and
> testEmbeddedForeign, without the conditional

Changed the test to be a parameter to testForeign. I don't want to make it
harder to update the tests if we get a third foreign test case (e.g. foreign w/
no parent vs foreign w/ outside-vdoc parent).

felix8a

this now conflicts with virtual element changes in domado.js on trunk, could you please update ...

11 years, 7 months ago (2012-10-12 22:40:47 UTC) #5

kpreid2

11 years, 7 months ago (2012-10-12 22:49:08 UTC) #6

On 2012/10/12 22:40:47, felix8a wrote:
> this now conflicts with virtual element changes in domado.js on trunk, could
you
> please update it?

Updated.

Expand All Messages | Collapse All Messages