cargdev/angular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(DomSchemaRegistry): detect invalid elements

Browse Source
This commit is contained in:
Victor Berchet
2016-08-23 10:52:40 -07:00
parent 2b20db6c5a
commit 1df69cb4d2
22 changed files with 638 additions and 395 deletions
Download Patch File Download Diff File Expand all files Collapse all files

244
modules/@angular/compiler/src/schema/dom_element_schema_registry.ts
View File

@ -8,13 +8,9 @@
import {CUSTOM_ELEMENTS_SCHEMA, Injectable, NO_ERRORS_SCHEMA, SchemaMetadata, SecurityContext} from '@angular/core';
import {StringMapWrapper} from '../facade/collection';
import {isPresent} from '../facade/lang';
import {SECURITY_SCHEMA} from './dom_security_schema';
import {ElementSchemaRegistry} from './element_schema_registry';
const EVENT = 'event';
const BOOLEAN = 'boolean';
const NUMBER = 'number';
const STRING = 'string';
@ -26,7 +22,7 @@ const OBJECT = 'object';
* ## Overview
*
* Each line represents one kind of element. The `element_inheritance` and properties are joined
* using `element_inheritance|preperties` syntax.
* using `element_inheritance|properties` syntax.
*
* ## Element Inheritance
*
@ -54,7 +50,7 @@ const OBJECT = 'object';
*
* ## Query
*
* The class creates an internal squas representaino which allows to easily answer the query of
* The class creates an internal squas representation which allows to easily answer the query of
* if a given property exist on a given element.
*
* NOTE: We don't yet support querying for types or events.
@ -77,9 +73,9 @@ const OBJECT = 'object';
const SCHEMA: string[] = ([
'*|textContent,%classList,className,id,innerHTML,*beforecopy,*beforecut,*beforepaste,*copy,*cut,*paste,*search,*selectstart,*webkitfullscreenchange,*webkitfullscreenerror,*wheel,outerHTML,#scrollLeft,#scrollTop',
'^*|accessKey,contentEditable,dir,!draggable,!hidden,innerText,lang,*abort,*autocomplete,*autocompleteerror,*beforecopy,*beforecut,*beforepaste,*blur,*cancel,*canplay,*canplaythrough,*change,*click,*close,*contextmenu,*copy,*cuechange,*cut,*dblclick,*drag,*dragend,*dragenter,*dragleave,*dragover,*dragstart,*drop,*durationchange,*emptied,*ended,*error,*focus,*input,*invalid,*keydown,*keypress,*keyup,*load,*loadeddata,*loadedmetadata,*loadstart,*message,*mousedown,*mouseenter,*mouseleave,*mousemove,*mouseout,*mouseover,*mouseup,*mousewheel,*mozfullscreenchange,*mozfullscreenerror,*mozpointerlockchange,*mozpointerlockerror,*paste,*pause,*play,*playing,*progress,*ratechange,*reset,*resize,*scroll,*search,*seeked,*seeking,*select,*selectstart,*show,*stalled,*submit,*suspend,*timeupdate,*toggle,*volumechange,*waiting,*webglcontextcreationerror,*webglcontextlost,*webglcontextrestored,*webkitfullscreenchange,*webkitfullscreenerror,*wheel,outerText,!spellcheck,%style,#tabIndex,title,!translate',
'media|!autoplay,!controls,%crossOrigin,#currentTime,!defaultMuted,#defaultPlaybackRate,!disableRemotePlayback,!loop,!muted,*encrypted,#playbackRate,preload,src,#volume',
':svg:^*|*abort,*autocomplete,*autocompleteerror,*blur,*cancel,*canplay,*canplaythrough,*change,*click,*close,*contextmenu,*cuechange,*dblclick,*drag,*dragend,*dragenter,*dragleave,*dragover,*dragstart,*drop,*durationchange,*emptied,*ended,*error,*focus,*input,*invalid,*keydown,*keypress,*keyup,*load,*loadeddata,*loadedmetadata,*loadstart,*mousedown,*mouseenter,*mouseleave,*mousemove,*mouseout,*mouseover,*mouseup,*mousewheel,*pause,*play,*playing,*progress,*ratechange,*reset,*resize,*scroll,*seeked,*seeking,*select,*show,*stalled,*submit,*suspend,*timeupdate,*toggle,*volumechange,*waiting,%style,#tabIndex',
'abbr,address,article,aside,b,bdi,bdo,cite,code,dd,dfn,dt,em,figcaption,figure,footer,header,i,kbd,main,mark,nav,noscript,rb,rp,rt,rtc,ruby,s,samp,section,small,strong,sub,sup,u,var,wbr^*|accessKey,contentEditable,dir,!draggable,!hidden,innerText,lang,*abort,*beforecopy,*beforecut,*beforepaste,*blur,*cancel,*canplay,*canplaythrough,*change,*click,*close,*contextmenu,*copy,*cuechange,*cut,*dblclick,*drag,*dragend,*dragenter,*dragleave,*dragover,*dragstart,*drop,*durationchange,*emptied,*ended,*error,*focus,*input,*invalid,*keydown,*keypress,*keyup,*load,*loadeddata,*loadedmetadata,*loadstart,*message,*mousedown,*mouseenter,*mouseleave,*mousemove,*mouseout,*mouseover,*mouseup,*mousewheel,*mozfullscreenchange,*mozfullscreenerror,*mozpointerlockchange,*mozpointerlockerror,*paste,*pause,*play,*playing,*progress,*ratechange,*reset,*resize,*scroll,*search,*seeked,*seeking,*select,*selectstart,*show,*stalled,*submit,*suspend,*timeupdate,*toggle,*volumechange,*waiting,*webglcontextcreationerror,*webglcontextlost,*webglcontextrestored,*webkitfullscreenchange,*webkitfullscreenerror,*wheel,outerText,!spellcheck,%style,#tabIndex,title,!translate',
'media^abbr|!autoplay,!controls,%crossOrigin,#currentTime,!defaultMuted,#defaultPlaybackRate,!disableRemotePlayback,!loop,!muted,*encrypted,#playbackRate,preload,src,%srcObject,#volume',
':svg:^abbr|*abort,*blur,*cancel,*canplay,*canplaythrough,*change,*click,*close,*contextmenu,*cuechange,*dblclick,*drag,*dragend,*dragenter,*dragleave,*dragover,*dragstart,*drop,*durationchange,*emptied,*ended,*error,*focus,*input,*invalid,*keydown,*keypress,*keyup,*load,*loadeddata,*loadedmetadata,*loadstart,*mousedown,*mouseenter,*mouseleave,*mousemove,*mouseout,*mouseover,*mouseup,*mousewheel,*pause,*play,*playing,*progress,*ratechange,*reset,*resize,*scroll,*seeked,*seeking,*select,*show,*stalled,*submit,*suspend,*timeupdate,*toggle,*volumechange,*waiting,%style,#tabIndex',
':svg:graphics^:svg:|',
':svg:animation^:svg:|*begin,*end,*repeat',
':svg:geometry^:svg:|',
@ -87,74 +83,75 @@ const SCHEMA: string[] = ([
':svg:gradient^:svg:|',
':svg:textContent^:svg:graphics|',
':svg:textPositioning^:svg:textContent|',
'a|charset,coords,download,hash,host,hostname,href,hreflang,name,password,pathname,ping,port,protocol,referrerpolicy,rel,rev,search,shape,target,text,type,username',
'area|alt,coords,hash,host,hostname,href,!noHref,password,pathname,ping,port,protocol,referrerpolicy,search,shape,target,username',
'abbr^*|accessKey,contentEditable,dir,!draggable,!hidden,innerText,lang,*abort,*beforecopy,*beforecut,*beforepaste,*blur,*cancel,*canplay,*canplaythrough,*change,*click,*close,*contextmenu,*copy,*cuechange,*cut,*dblclick,*drag,*dragend,*dragenter,*dragleave,*dragover,*dragstart,*drop,*durationchange,*emptied,*ended,*error,*focus,*input,*invalid,*keydown,*keypress,*keyup,*load,*loadeddata,*loadedmetadata,*loadstart,*message,*mousedown,*mouseenter,*mouseleave,*mousemove,*mouseout,*mouseover,*mouseup,*mousewheel,*mozfullscreenchange,*mozfullscreenerror,*mozpointerlockchange,*mozpointerlockerror,*paste,*pause,*play,*playing,*progress,*ratechange,*reset,*resize,*scroll,*search,*seeked,*seeking,*select,*selectstart,*show,*stalled,*submit,*suspend,*timeupdate,*toggle,*volumechange,*waiting,*webglcontextcreationerror,*webglcontextlost,*webglcontextrestored,*webkitfullscreenchange,*webkitfullscreenerror,*wheel,outerText,!spellcheck,%style,#tabIndex,title,!translate',
'a^abbr|charset,coords,download,hash,host,hostname,href,hreflang,name,password,pathname,ping,port,protocol,referrerPolicy,rel,rev,search,shape,target,text,type,username',
'area^abbr|alt,coords,hash,host,hostname,href,!noHref,password,pathname,ping,port,protocol,referrerPolicy,search,shape,target,username',
'audio^media|',
'br|clear',
'base|href,target',
'body|aLink,background,bgColor,link,*beforeunload,*blur,*error,*focus,*hashchange,*languagechange,*load,*message,*offline,*online,*pagehide,*pageshow,*popstate,*rejectionhandled,*resize,*scroll,*storage,*unhandledrejection,*unload,text,vLink',
'button|!autofocus,!disabled,formAction,formEnctype,formMethod,!formNoValidate,formTarget,name,type,value',
'canvas|#height,#width',
'content|select',
'dl|!compact',
'datalist|',
'details|!open',
'dialog|!open,returnValue',
'dir|!compact',
'div|align',
'embed|align,height,name,src,type,width',
'fieldset|!disabled,name',
'font|color,face,size',
'form|acceptCharset,action,autocomplete,encoding,enctype,method,name,!noValidate,target',
'frame|frameBorder,longDesc,marginHeight,marginWidth,name,!noResize,scrolling,src',
'frameset|cols,*beforeunload,*blur,*error,*focus,*hashchange,*languagechange,*load,*message,*offline,*online,*pagehide,*pageshow,*popstate,*rejectionhandled,*resize,*scroll,*storage,*unhandledrejection,*unload,rows',
'hr|align,color,!noShade,size,width',
'head|',
'h1,h2,h3,h4,h5,h6|align',
'html|version',
'iframe|align,!allowFullscreen,frameBorder,height,longDesc,marginHeight,marginWidth,name,referrerpolicy,%sandbox,scrolling,src,srcdoc,width',
'img|align,alt,border,%crossOrigin,#height,#hspace,!isMap,longDesc,lowsrc,name,referrerpolicy,sizes,src,srcset,useMap,#vspace,#width',
'input|accept,align,alt,autocapitalize,autocomplete,!autofocus,!checked,!defaultChecked,defaultValue,dirName,!disabled,%files,formAction,formEnctype,formMethod,!formNoValidate,formTarget,#height,!incremental,!indeterminate,max,#maxLength,min,#minLength,!multiple,name,pattern,placeholder,!readOnly,!required,selectionDirection,#selectionEnd,#selectionStart,#size,src,step,type,useMap,value,%valueAsDate,#valueAsNumber,#width',
'keygen|!autofocus,challenge,!disabled,keytype,name',
'li|type,#value',
'label|htmlFor',
'legend|align',
'link|as,charset,%crossOrigin,!disabled,href,hreflang,integrity,media,rel,%relList,rev,%sizes,target,type',
'map|name',
'marquee|behavior,bgColor,direction,height,#hspace,#loop,#scrollAmount,#scrollDelay,!trueSpeed,#vspace,width',
'menu|!compact',
'meta|content,httpEquiv,name,scheme',
'meter|#high,#low,#max,#min,#optimum,#value',
'ins,del|cite,dateTime',
'ol|!compact,!reversed,#start,type',
'object|align,archive,border,code,codeBase,codeType,data,!declare,height,#hspace,name,standby,type,useMap,#vspace,width',
'optgroup|!disabled,label',
'option|!defaultSelected,!disabled,label,!selected,text,value',
'output|defaultValue,%htmlFor,name,value',
'p|align',
'param|name,type,value,valueType',
'picture|',
'pre|#width',
'progress|#max,#value',
'q,blockquote,cite|',
'script|!async,charset,%crossOrigin,!defer,event,htmlFor,integrity,src,text,type',
'select|!autofocus,!disabled,#length,!multiple,name,!required,#selectedIndex,#size,value',
'shadow|',
'source|media,sizes,src,srcset,type',
'span|',
'style|!disabled,media,type',
'caption|align',
'th,td|abbr,align,axis,bgColor,ch,chOff,#colSpan,headers,height,!noWrap,#rowSpan,scope,vAlign,width',
'col,colgroup|align,ch,chOff,#span,vAlign,width',
'table|align,bgColor,border,%caption,cellPadding,cellSpacing,frame,rules,summary,%tFoot,%tHead,width',
'tr|align,bgColor,ch,chOff,vAlign',
'tfoot,thead,tbody|align,ch,chOff,vAlign',
'template|',
'textarea|autocapitalize,!autofocus,#cols,defaultValue,dirName,!disabled,#maxLength,#minLength,name,placeholder,!readOnly,!required,#rows,selectionDirection,#selectionEnd,#selectionStart,value,wrap',
'title|text',
'track|!default,kind,label,src,srclang',
'ul|!compact,type',
'unknown|',
'br^abbr|clear',
'base^abbr|href,target',
'body^abbr|aLink,background,bgColor,link,*beforeunload,*blur,*error,*focus,*hashchange,*languagechange,*load,*message,*offline,*online,*pagehide,*pageshow,*popstate,*rejectionhandled,*resize,*scroll,*storage,*unhandledrejection,*unload,text,vLink',
'button^abbr|!autofocus,!disabled,formAction,formEnctype,formMethod,!formNoValidate,formTarget,name,type,value',
'canvas^abbr|#height,#width',
'content^abbr|select',
'dl^abbr|!compact',
'datalist^abbr|',
'details^abbr|!open',
'dialog^abbr|!open,returnValue',
'dir^abbr|!compact',
'div^abbr|align',
'embed^abbr|align,height,name,src,type,width',
'fieldset^abbr|!disabled,name',
'font^abbr|color,face,size',
'form^abbr|acceptCharset,action,autocomplete,encoding,enctype,method,name,!noValidate,target',
'frame^abbr|frameBorder,longDesc,marginHeight,marginWidth,name,!noResize,scrolling,src',
'frameset^abbr|cols,*beforeunload,*blur,*error,*focus,*hashchange,*languagechange,*load,*message,*offline,*online,*pagehide,*pageshow,*popstate,*rejectionhandled,*resize,*scroll,*storage,*unhandledrejection,*unload,rows',
'hr^abbr|align,color,!noShade,size,width',
'head^abbr|',
'h1,h2,h3,h4,h5,h6^abbr|align',
'html^abbr|version',
'iframe^abbr|align,!allowFullscreen,frameBorder,height,longDesc,marginHeight,marginWidth,name,referrerPolicy,%sandbox,scrolling,src,srcdoc,width',
'img^abbr|align,alt,border,%crossOrigin,#height,#hspace,!isMap,longDesc,lowsrc,name,referrerPolicy,sizes,src,srcset,useMap,#vspace,#width',
'input^abbr|accept,align,alt,autocapitalize,autocomplete,!autofocus,!checked,!defaultChecked,defaultValue,dirName,!disabled,%files,formAction,formEnctype,formMethod,!formNoValidate,formTarget,#height,!incremental,!indeterminate,max,#maxLength,min,#minLength,!multiple,name,pattern,placeholder,!readOnly,!required,selectionDirection,#selectionEnd,#selectionStart,#size,src,step,type,useMap,value,%valueAsDate,#valueAsNumber,#width',
'keygen^abbr|!autofocus,challenge,!disabled,keytype,name',
'li^abbr|type,#value',
'label^abbr|htmlFor',
'legend^abbr|align',
'link^abbr|as,charset,%crossOrigin,!disabled,href,hreflang,integrity,media,rel,%relList,rev,%sizes,target,type',
'map^abbr|name',
'marquee^abbr|behavior,bgColor,direction,height,#hspace,#loop,#scrollAmount,#scrollDelay,!trueSpeed,#vspace,width',
'menu^abbr|!compact',
'meta^abbr|content,httpEquiv,name,scheme',
'meter^abbr|#high,#low,#max,#min,#optimum,#value',
'ins,del^abbr|cite,dateTime',
'ol^abbr|!compact,!reversed,#start,type',
'object^abbr|align,archive,border,code,codeBase,codeType,data,!declare,height,#hspace,name,standby,type,useMap,#vspace,width',
'optgroup^abbr|!disabled,label',
'option^abbr|!defaultSelected,!disabled,label,!selected,text,value',
'output^abbr|defaultValue,%htmlFor,name,value',
'p^abbr|align',
'param^abbr|name,type,value,valueType',
'picture^abbr|',
'pre^abbr|#width',
'progress^abbr|#max,#value',
'q,blockquote,cite^abbr|',
'script^abbr|!async,charset,%crossOrigin,!defer,event,htmlFor,integrity,src,text,type',
'select^abbr|!autofocus,!disabled,#length,!multiple,name,!required,#selectedIndex,#size,value',
'shadow^abbr|',
'source^abbr|media,sizes,src,srcset,type',
'span^abbr|',
'style^abbr|!disabled,media,type',
'caption^abbr|align',
'th,td^abbr|abbr,align,axis,bgColor,ch,chOff,#colSpan,headers,height,!noWrap,#rowSpan,scope,vAlign,width',
'col,colgroup^abbr|align,ch,chOff,#span,vAlign,width',
'table^abbr|align,bgColor,border,%caption,cellPadding,cellSpacing,frame,rules,summary,%tFoot,%tHead,width',
'tr^abbr|align,bgColor,ch,chOff,vAlign',
'tfoot,thead,tbody^abbr|align,ch,chOff,vAlign',
'template^abbr|',
'textarea^abbr|autocapitalize,!autofocus,#cols,defaultValue,dirName,!disabled,#maxLength,#minLength,name,placeholder,!readOnly,!required,#rows,selectionDirection,#selectionEnd,#selectionStart,value,wrap',
'title^abbr|text',
'track^abbr|!default,kind,label,src,srclang',
'ul^abbr|!compact,type',
'unknown^abbr|',
'video^media|#height,poster,#width',
':svg:a^:svg:graphics|',
':svg:animate^:svg:animation|',
@ -223,7 +220,7 @@ const SCHEMA: string[] = ([
':svg:view^:svg:|#zoomAndPan',
]);
var attrToPropMap: {[name: string]: string} = <any>{
const _ATTR_TO_PROP: {[name: string]: string} = {
'class': 'className',
'formaction': 'formAction',
'innerHtml': 'innerHTML',
@ -233,37 +230,42 @@ var attrToPropMap: {[name: string]: string} = <any>{
@Injectable()
export class DomElementSchemaRegistry extends ElementSchemaRegistry {
schema = <{[element: string]: {[property: string]: string}}>{};
private _schema: {[element: string]: {[property: string]: string}} = {};
constructor() {
super();
SCHEMA.forEach(encodedType => {
var parts = encodedType.split('|');
var properties = parts[1].split(',');
var typeParts = (parts[0] + '^').split('^');
var typeName = typeParts[0];
var type = <{[property: string]: string}>{};
typeName.split(',').forEach(tag => this.schema[tag] = type);
var superType = this.schema[typeParts[1]];
if (isPresent(superType)) {
StringMapWrapper.forEach(
superType, (v: any /** TODO #9100 */, k: any /** TODO #9100 */) => type[k] = v);
const [strType, strProperties] = encodedType.split('|');
const properties = strProperties.split(',');
const [typeNames, superName] = strType.split('^');
const type: {[property: string]: string} = {};
typeNames.split(',').forEach(tag => this._schema[tag.toLowerCase()] = type);
const superType = this._schema[superName];
if (superType) {
Object.keys(superType).forEach((prop: string) => { type[prop] = superType[prop]; });
}
properties.forEach((property: string) => {
if (property == '') {
} else if (property.startsWith('*')) {
// We don't yet support events.
// If ever allowing to bind to events, GO THROUGH A SECURITY REVIEW, allowing events will
// almost certainly introduce bad XSS vulnerabilities.
// type[property.substring(1)] = EVENT;
} else if (property.startsWith('!')) {
type[property.substring(1)] = BOOLEAN;
} else if (property.startsWith('#')) {
type[property.substring(1)] = NUMBER;
} else if (property.startsWith('%')) {
type[property.substring(1)] = OBJECT;
} else {
type[property] = STRING;
if (property.length > 0) {
switch (property[0]) {
case '*':
// We don't yet support events.
// If ever allowing to bind to events, GO THROUGH A SECURITY REVIEW, allowing events
// will
// almost certainly introduce bad XSS vulnerabilities.
// type[property.substring(1)] = EVENT;
break;
case '!':
type[property.substring(1)] = BOOLEAN;
break;
case '#':
type[property.substring(1)] = NUMBER;
break;
case '%':
type[property.substring(1)] = OBJECT;
break;
default:
type[property] = STRING;
}
}
});
});
@ -274,10 +276,11 @@ export class DomElementSchemaRegistry extends ElementSchemaRegistry {
return true;
}
if (tagName.indexOf('-') !== -1) {
if (tagName.indexOf('-') > -1) {
if (tagName === 'ng-container' || tagName === 'ng-content') {
return false;
}
if (schemaMetas.some((schema) => schema.name === CUSTOM_ELEMENTS_SCHEMA.name)) {
// Can't tell now as we don't know which properties a custom element will get
// once it is instantiated
@ -285,11 +288,27 @@ export class DomElementSchemaRegistry extends ElementSchemaRegistry {
}
}
var elementProperties = this.schema[tagName.toLowerCase()];
if (!isPresent(elementProperties)) {
elementProperties = this.schema['unknown'];
const elementProperties = this._schema[tagName.toLowerCase()] || this._schema['unknown'];
return !!elementProperties[propName];
}
hasElement(tagName: string, schemaMetas: SchemaMetadata[]): boolean {
if (schemaMetas.some((schema) => schema.name === NO_ERRORS_SCHEMA.name)) {
return true;
}
return isPresent(elementProperties[propName]);
if (tagName.indexOf('-') > -1) {
if (tagName === 'ng-container' || tagName === 'ng-content') {
return true;
}
if (schemaMetas.some((schema) => schema.name === CUSTOM_ELEMENTS_SCHEMA.name)) {
// Allow any custom elements
return true;
}
}
return !!this._schema[tagName.toLowerCase()];
}
/**
@ -308,15 +327,14 @@ export class DomElementSchemaRegistry extends ElementSchemaRegistry {
tagName = tagName.toLowerCase();
propName = propName.toLowerCase();
let ctx = SECURITY_SCHEMA[tagName + '|' + propName];
if (ctx !== undefined) return ctx;
if (ctx) {
return ctx;
}
ctx = SECURITY_SCHEMA['*|' + propName];
return ctx !== undefined ? ctx : SecurityContext.NONE;
return ctx ? ctx : SecurityContext.NONE;
}
getMappedPropName(propName: string): string {
var mappedPropName = StringMapWrapper.get(attrToPropMap, propName);
return isPresent(mappedPropName) ? mappedPropName : propName;
}
getMappedPropName(propName: string): string { return _ATTR_TO_PROP[propName] || propName; }
getDefaultComponentElementName(): string { return 'ng-component'; }
}

1
modules/@angular/compiler/src/schema/element_schema_registry.ts
View File

@ -10,6 +10,7 @@ import {SchemaMetadata} from '@angular/core';
export abstract class ElementSchemaRegistry {
abstract hasProperty(tagName: string, propName: string, schemaMetas: SchemaMetadata[]): boolean;
abstract hasElement(tagName: string, schemaMetas: SchemaMetadata[]): boolean;
abstract securityContext(tagName: string, propName: string): any;
abstract getMappedPropName(propName: string): string;
abstract getDefaultComponentElementName(): string;