Package com.google.javascript.jscomp

Class ConformanceRules.SecuritySensitiveAttributes

  • Enclosing class:
    ConformanceRules
    public static final class ConformanceRules.SecuritySensitiveAttributes
extends java.lang.Object
    Checks nodes for conformance with banning the setting of attributes that are on the blocklist.

    • Field Detail

      • ALL_BANNED_ATTRS

        public static final com.google.common.collect.ImmutableSet<java.lang.String> ALL_BANNED_ATTRS
        Security-sensitive attributes that are banned from being set.

        Making updates to these attributes requires a new JSCompiler release. You must test the change using a global presubmit "at head" and update any affected allowlists. See go/jscompiler-global-presubmit and go/tsjs-conformance-team-docs.

    • Constructor Detail

      • SecuritySensitiveAttributes

        public SecuritySensitiveAttributes()

      • SecuritySensitiveAttributes

        public SecuritySensitiveAttributes​(java.util.function.Supplier<com.google.javascript.jscomp.GlobalNamespace> globalNamespaceSupplier)

      • SecuritySensitiveAttributes

        public SecuritySensitiveAttributes​(java.util.Collection<java.lang.String> bannedAtrrs)

      • SecuritySensitiveAttributes

        public SecuritySensitiveAttributes​(java.util.Collection<java.lang.String> bannedAtrrs,
                                   java.util.function.Supplier<com.google.javascript.jscomp.GlobalNamespace> globalNamespaceSupplier)

    • Method Detail

      • contains

        public boolean contains​(java.lang.String attributeName)
        Checks if a attribute name is on the security banlist. Callers should make sure the attribute name is lower-cased, as attribute names are case-insensitve in HTML.

      • checkConformanceForAttributeName

        public ConformanceRules.ConformanceResult checkConformanceForAttributeName​(NodeTraversal traversal,
                                                                           Node attrName)
        Given a NodeTraversal and Node, check if the attribute violates conformance.

        A violation is returned if the attribute name cannot be determined (and it is not an xid), if the attribute is on a list of banned attributes, or if it begins with the letters "on". Otherwise, it is a conforming attribute.

      • checkConformanceForAttributeNameWithHighConfidence

        public ConformanceRules.ConformanceResult checkConformanceForAttributeNameWithHighConfidence​(NodeTraversal traversal,
                                                                                             Node attrName)
        Given a NodeTraversal and Node, check if the attribute violates conformance.

        A violation is returned only if the attribute name can be statically determined and is on the list of banned attributes.