Interface nsIParserUtilsType
Hierarchy
- nsISupportsType
- nsIParserUtilsType
Methods
Add
Query
- Query
Interface(aIID: object, aInstancePtr?: object): any -
Parameters
-
aIID: object
-
OptionalaInstancePtr: object
Returns any
-
- Query
Interface(aIID: object, aInstancePtr: object): void -
A run time mechanism for interface discovery.
Returns
NS_OK if the interface is supported by the associated instance, NS_NOINTERFACE if it is not.
aInstancePtr must not be null.
Parameters
-
aIID: object
[in] A requested interface IID
-
aInstancePtr: object
[out] A pointer to an interface pointer to receive the result.
Returns void
-
Release
convert
- convert
To Plain Text(src: string, flags: number, wrapCol: number): string -
Convert HTML to plain text.
Parameters
-
src: string
the HTML source to parse (C++ callers are allowed but not required to use the same string for the return value.)
-
flags: number
conversion option flags defined in nsIDocumentEncoder
-
wrapCol: number
number of characters per line; 0 for no auto-wrapping
Returns string
-
parse
- parse
Fragment(fragment: string, flags: number, isXML: boolean, baseURI: nsIURI, element: Element): DocumentFragment -
Parses markup into a sanitized document fragment.
Parameters
-
fragment: string
the input markup
-
flags: number
sanitization option flags defined above
-
isXML: boolean
true if |fragment| is XML and false if HTML
-
baseURI: nsIURI
the base URL for this fragment
-
element: Element
the context node for the fragment parsing algorithm
Returns DocumentFragment
-
remove
sanitize
- sanitize(src: string, flags: number): string
-
Parses a string into an HTML document, sanitizes the document and returns the result serialized to a string.
The sanitizer is designed to protect against XSS when sanitized content is inserted into a different-origin context without an iframe-equivalent sandboxing mechanism.
By default, the sanitizer doesn't try to avoid leaking information that the content was viewed to third parties. That is, by default, e.g.
pointing to an HTTP server potentially controlled by a third party is not removed. To avoid ambient information leakage upon loading the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that case, links (and similar) to other content are preserved, so an explicit user action (following a link) after the content has been loaded can still leak information.
By default, non-dangerous non-CSS presentational HTML elements and attributes or forms are not removed. To remove these, use SanitizerDropNonCSSPresentation and/or SanitizerDropForms.
By default, comments and CSS is removed. To preserve comments, use SanitizerAllowComments. To preserve
Non-Web HTML parser functionality to Firefox extensions and XULRunner apps. Don't use this from within Gecko--use nsContentUtils, nsTreeSanitizer, etc. directly instead.