chrome/browser/resources/shared/js/parse_html_subset.js - Issue 9318017: [NTP4] Redesign of notification promo.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/resources/shared/js/parse_html_subset.js

Issue 9318017: [NTP4] Redesign of notification promo. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: rebase Created 8 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/resources/shared/js/parse_html_subset.js

diff --git a/chrome/browser/resources/shared/js/parse_html_subset.js b/chrome/browser/resources/shared/js/parse_html_subset.js

index eecf6eecacac7354e037935a5462347e6395b807..53be9c8158fb257848a2c5230a2ce7507df13cf8 100644

--- a/chrome/browser/resources/shared/js/parse_html_subset.js

+++ b/chrome/browser/resources/shared/js/parse_html_subset.js

@@ -1,3 +1,9 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+'use strict';

/**

* Whitelist of tag names allowed in parseHtmlSubset.

* @type {[string]}

@@ -22,17 +28,33 @@ var allowedAttributes = {

return false;

node.setAttribute('target', '');

return true;

- }

+ },

+};

/**

* Parse a very small subset of HTML. This ensures that insecure HTML /

* javascript cannot be injected into the new tab page.

* @param {string} s The string to parse.

+ * @param {array=} extraTags Extra allowed tags.

+ * @param {object=} extraAttrs Extra allowed attributes (all tags are run

+ * through these).

* @throws {Error} In case of non supported markup.

* @return {DocumentFragment} A document fragment containing the DOM tree.

-function parseHtmlSubset(s) {

+function parseHtmlSubset(s, extraTags, extraAttrs) {

+ function merge() {

+ var clone = {};

+ for (var i = 0; i < arguments.length; ++i) {

+ if (typeof arguments[i] == 'object') {

+ for (var key in arguments[i]) {

+ if (arguments[i].hasOwnProperty(key))

+ clone[key] = arguments[i][key];

+ }

+ return clone;

+ }

function walk(n, f) {

f(n);

for (var i = 0; i < n.childNodes.length; i++) {

@@ -41,17 +63,20 @@ function parseHtmlSubset(s) {

}

function assertElement(node) {

- if (allowedTags.indexOf(node.tagName) == -1)

+ if (tags.indexOf(node.tagName) == -1)

throw Error(node.tagName + ' is not supported');

}

function assertAttribute(attrNode, node) {

var n = attrNode.nodeName;

var v = attrNode.nodeValue;

- if (!allowedAttributes.hasOwnProperty(n) || !allowedAttributes[n](node, v))

+ if (!attrs.hasOwnProperty(n) || !attrs[n](node, v))

throw Error(node.tagName + '[' + n + '="' + v + '"] is not supported');

}

+ var tags = allowedTags.concat(extraTags);

+ var attrs = merge(allowedAttributes, extraAttrs);

var r = document.createRange();

r.selectNode(document.body);

// This does not execute any scripts.

@@ -61,7 +86,7 @@ function parseHtmlSubset(s) {

case Node.ELEMENT_NODE:

assertElement(node);

var attrs = node.attributes;

- for (var i = 0; i < attrs.length; i++) {

+ for (var i = 0; i < attrs.length; ++i) {

assertAttribute(attrs[i], node);

}

break;

« no previous file with comments | « chrome/browser/resources/shared/js/cr/ui/card_slider.js ('k') | no next file » | no next file with comments »