DOMSecurityMonitor.h (1597B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this file, 5 * You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef mozilla_dom_DOMSecurityMonitor_h 8 #define mozilla_dom_DOMSecurityMonitor_h 9 10 #include "nsStringFwd.h" 11 12 class nsIChannel; 13 class nsIPrincipal; 14 15 class DOMSecurityMonitor final { 16 public: 17 /* The fragment parser is triggered anytime JS calls innerHTML or similar 18 * JS functions which can generate HTML fragments. This generation of 19 * HTML might be dangerous, hence we should ensure that no new instances 20 * of innerHTML and similar functions are introduced in system privileged 21 * contexts, or also about: pages, in our codebase. 22 * 23 * If the auditor detects a new instance of innerHTML or similar 24 * function it will CRASH using a strong assertion. 25 */ 26 static void AuditParsingOfHTMLXMLFragments(nsIPrincipal* aPrincipal, 27 const nsAString& aFragment); 28 29 /* The use of javascript: URIs in system privileged contexts or 30 * also about: pages is considered unsafe and discouraged. 31 * 32 * If the auditor detects a javascript: URI in a privileged 33 * context it will CRASH using a strong assertion. 34 * 35 */ 36 static void AuditUseOfJavaScriptURI(nsIChannel* aChannel); 37 38 private: 39 DOMSecurityMonitor() = default; 40 ~DOMSecurityMonitor() = default; 41 }; 42 43 #endif /* mozilla_dom_DOMSecurityMonitor_h */