scrubber.js
No description.

File Location

/goog/labs/html/scrubber.js


Public Protected Private

Enumerations

Global Functions

goog.labs.html.scrubber.balance(html) string
Balances tags in trusted HTML.
Arguments:
html : string
a string of HTML
Returns: string  the input but with an end-tag for each non-void start tag and only for non-void start tags, and with start and end tags nesting properly.
code »
goog.labs.html.scrubber.balance_(htmlTokens) !Array.<string>
Ensures that there are end-tags for all and only for non-void start tags.
Arguments:
htmlTokens : Array.<string>
an array of HTML tokens as returned by goog.labs.html.scrubber.lex.
Returns: !Array.<string>  the input array modified in place to have some tokens removed.
code »
goog.labs.html.scrubber.filterAttrs_(attrsTextgenericAttrWhitelisttagSpecificAttrWhitelist) string
Parses attribute names and values out of a tag body and applies the attribute white-list to produce a tag body containing only safe attributes.
Arguments:
attrsText : string
the text of a tag between the end of the tag name and the beginning of the tag end marker, so " foo bar='baz'" for the tag <tag foo bar='baz'/>.
genericAttrWhitelist : Object.<string, goog.labs.html.AttributeRewriter>
a whitelist of attribute transformations for attributes that are allowed on any element.
tagSpecificAttrWhitelist : Object.<string, goog.labs.html.AttributeRewriter>
a whitelist of attribute transformations for attributes that are allowed on the element started by the tag whose body is tagBody.
Returns: string  a tag-body that consists only of safe attributes.
code »
goog.labs.html.scrubber.filter_(tagWhitelistattrWhitelisthtmlTokens) !Array.<string>
Replaces tags not on the white-list with empty text nodes, dropping all attributes, and drops other non-text nodes such as comments.
Arguments:
tagWhitelist : !Object.<string, boolean>
a set of lower-case tag names following the convention established by goog.object.createSet.
attrWhitelist : !Object.<string, Object.<strin>, goog.labs.html.AttributeRewriter>> >
maps lower-case tag names and the special string "*" to functions from decoded attribute values to sanitized values or null to indicate that the attribute is not allowed with that value. For example, if attrWhitelist['a']['href'] is defined then it is used to sanitize the value of the link's URL. If attrWhitelist['*']['id'] is defined, and attrWhitelist['div']['id'] is not, then the former is used to sanitize any id attribute on a <div> element.
htmlTokens : !Array.<string>
an array of HTML tokens as returned by goog.labs.html.scrubber.lex_.
Returns: !Array.<string>  the input array modified in place to have some tokens removed.
code »
goog.labs.html.scrubber.lex_(html) !Array.<string>
Returns an array of HTML tokens including tags, text nodes and comments. "Special" elements, like <script>...</script> whose bodies cannot include nested elements, are returned as single tokens.
Arguments:
html : string
a string of HTML
Returns: !Array.<stringNo description.
code »
goog.labs.html.scrubber.pickElementsToClose_(lowerCaseTagNameisCloseTagopenElementStack) number
Picks which open HTML elements to close.
Arguments:
lowerCaseTagName : string
The name of the tag.
isCloseTag : boolean
True for a </tagname> tag.
openElementStack : Array.<string>
The names of elements that have been opened and not subsequently closed.
Returns: number  the length of openElementStack after closing any tags that need to be closed.
code »
goog.labs.html.scrubber.readOwnProperty_(ok) *
No description.
Arguments:
o : !Object
the object
k : !string
a key into o
Returns: *  No description.
code »
goog.labs.html.scrubber.render_(htmlTokens) string
Normalizes HTML tokens and concatenates them into a string.
Arguments:
htmlTokens : Array.<string>
an array of HTML tokens as returned by goog.labs.html.scrubber.lex.
Returns: string  a string of HTML.
code »
goog.labs.html.scrubber.filterAttrs_&rewriter()
No description.
code »
goog.labs.html.scrubber.scrub(tagWhitelistattrWhitelisthtml) string
Replaces tags not on the white-list with empty text nodes, dropping all attributes, and drops other non-text nodes such as comments.
Arguments:
tagWhitelist : !Object.<string, boolean>
a set of lower-case tag names following the convention established by goog.object.createSet.
attrWhitelist : !Object.<string, Object.<strin>, goog.labs.html.AttributeRewriter>>
maps lower-case tag names and the special string "*" to functions from decoded attribute values to sanitized values or null to indicate that the attribute is not allowed with that value. For example, if attrWhitelist['a']['href'] is defined then it is used to sanitize the value of the link's URL. If attrWhitelist['*']['id'] is defined, and attrWhitelist['div']['id'] is not, then the former is used to sanitize any id attribute on a <div> element.
html : string
a string of HTML
Returns: string  the input but with potentially dangerous tokens removed.
code »

Directory html

File Reference