[Sanitize API] Add blockElements config.

Bug: 1116418
Change-Id: I17236ce61c4ad5224a7165b67db66bb213f64cd3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2461371
Commit-Queue: Yifan Luo <lyf@chromium.org>
Reviewed-by: Yifan Luo <lyf@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#816153}

third_party/blink/renderer/modules/sanitizer_api/sanitizer.cc

@@ -31,15 +31,29 @@ Sanitizer::Sanitizer(const SanitizerConfig* config)
   Vector<String> drop_elements = default_drop_elements_;
   if (config->hasDropElements()) {
     for (const String& s : config->dropElements()) {
-      if (!drop_elements.Contains(s.UpperASCII())) {
-        drop_elements.push_back(s.UpperASCII());
+      const String& upper_s = s.UpperASCII();
+      if (!drop_elements.Contains(upper_s)) {
+        drop_elements.push_back(upper_s);
       }
     }
   }
   config_->setDropElements(drop_elements);
 
-  // Format allowElements to uppercase.
+  // Format blockElements to uppercase.
+  Vector<String> block_elements = default_block_elements_;
+  if (config->hasBlockElements()) {
+    for (const String& s : config->blockElements()) {
+      const String& upper_s = s.UpperASCII();
+      if (!drop_elements.Contains(upper_s) &&
+          !block_elements.Contains(upper_s)) {
+        block_elements.push_back(upper_s);
+      }
+    }
+  }
+  config_->setBlockElements(block_elements);
+
   if (config->hasAllowElements()) {
+    // Format allowElements to uppercase.
     Vector<String> l;
     for (const String& s : config->allowElements()) {
       if (!config_->dropElements().Contains(s))
@@ -49,20 +63,21 @@ Sanitizer::Sanitizer(const SanitizerConfig* config)
   }
 
   // Format dropAttributes to lowercase.
+  drop_attributes_ = default_drop_attributes_;
   if (config->hasDropAttributes()) {
-    drop_attributes_ = default_drop_attributes_;
     for (const String& s : config->dropAttributes()) {
       drop_attributes_.push_back(WTF::AtomicString(s.LowerASCII()));
     }
-  } else if (config->hasAllowAttributes()) {
+  }
+  if (config->hasAllowAttributes()) {
     Vector<String> l;
     for (const String& s : config->allowAttributes()) {
-      if (!default_drop_attributes_.Contains(s))
-        l.push_back(s.LowerASCII());
+      const String& lower_s = s.LowerASCII();
+      if (!default_drop_attributes_.Contains(lower_s) &&
+          !default_block_elements_.Contains(lower_s))
+        l.push_back(lower_s);
     }
     config_->setAllowAttributes(l);
-  } else {
-    drop_attributes_ = default_drop_attributes_;
   }
 }
 
@@ -106,8 +121,10 @@ DocumentFragment* Sanitizer::sanitize(ScriptState* script_state,
       Node* tmp = node;
       node = NodeTraversal::NextSkippingChildren(*node, fragment);
       tmp->remove();
-    } else if (config_->hasAllowElements() &&
-               !config_->allowElements().Contains(node_name)) {
+    } else if ((config_->hasBlockElements() &&
+                config_->blockElements().Contains(node_name)) ||
+               (config_->hasAllowElements() &&
+                !config_->allowElements().Contains(node_name))) {
       // If the current element is blocked, append its children after current
       // node to parent node, remove current element and proceed to the next
       // node.

third_party/blink/renderer/modules/sanitizer_api/sanitizer.h

@@ -48,6 +48,7 @@ class MODULES_EXPORT Sanitizer final : public ScriptWrappable {
                                                  "SVG",       "TEMPLATE",
                                                  "THEAD",     "TITLE",
                                                  "VIDEO",     "XMP"};
+  const Vector<String> default_block_elements_ = {};
   const Vector<AtomicString> default_drop_attributes_ = {"onclick", "onsubmit"};
 };
 

third_party/blink/renderer/modules/sanitizer_api/sanitizer_config.idl

@@ -6,6 +6,7 @@
 
 dictionary SanitizerConfig {
   sequence<DOMString> allowElements;
+  sequence<DOMString> blockElements;
   sequence<DOMString> dropElements;
   sequence<DOMString> allowAttributes;
   sequence<DOMString> dropAttributes;

third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-config.tentative.html

@@ -43,6 +43,17 @@
       assert_equals(s.sanitizeToString("<div>balabala</div><test>test</test>"), "<div>balabala</div>test");
     }, "SanitizerAPI config allowElements is not editable.");
 
+    test(t => {
+      let options = {blockElements: ["div"]};
+
+      let s = new Sanitizer(options);
+      assert_true(s instanceof Sanitizer);
+      assert_equals(s.sanitizeToString("<div>balabala</div><test>test</test>"), "balabala<test>test</test>");
+
+      options.blockElements.push("test");
+      assert_equals(s.sanitizeToString("<div>balabala</div><test>test</test>"), "balabala<test>test</test>");
+    }, "SanitizerAPI config blockElements is not editable.");
+
     test(t => {
       let options = {dropElements: ["div"]};
 
@@ -76,7 +87,7 @@
       assert_equals(s.sanitizeToString("<button id='btn' style='color: black'>balabala</button>"), "<button style=\"color: black\">balabala</button>");
     }, "SanitizerAPI config dropAttributes is not editable.");
 
-    const config_names = ["dropElements", "allowElements", "dropAttributes", "allowAttributes"];
+    const config_names = ["dropElements", "blockElements", "allowElements", "dropAttributes", "allowAttributes"];
     config_names.forEach(cname => {
       let options = {};
       options[cname] = [];

third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-sanitize.tentative-expected.txt

@@ -22,6 +22,7 @@ PASS SanitizerAPI with config: dropElements list ["test", "i"]}, sanitize functi
 PASS SanitizerAPI with config: dropElements list ["I", "AM"]}, sanitize function for dropElements list ["I", "AM"]}
 PASS SanitizerAPI with config: dropElements list ["am", "p"]}, sanitize function for dropElements list ["am", "p"]}
 PASS SanitizerAPI with config: dropElements list with invalid values}, sanitize function for dropElements list with invalid values}
+PASS SanitizerAPI with config: blockElements list with invalid values}, sanitize function for blockElements list with invalid values}
 PASS SanitizerAPI with config: allowElements list ["p"]., sanitize function for allowElements list ["p"].
 PASS SanitizerAPI with config: allowElements list has no influence to dropElements., sanitize function for allowElements list has no influence to dropElements.
 PASS SanitizerAPI with config: dropAttributes list ["style"] with style attribute, sanitize function for dropAttributes list ["style"] with style attribute

third_party/blink/web_tests/wpt_internal/sanitizer-api/sanitizer-sanitizeToString.tentative-expected.txt

@@ -22,6 +22,7 @@ PASS SanitizerAPI config: dropElements list ["test", "i"]}, sanitizeToString fun
 PASS SanitizerAPI config: dropElements list ["I", "AM"]}, sanitizeToString function for dropElements list ["I", "AM"]}
 PASS SanitizerAPI config: dropElements list ["am", "p"]}, sanitizeToString function for dropElements list ["am", "p"]}
 PASS SanitizerAPI config: dropElements list with invalid values}, sanitizeToString function for dropElements list with invalid values}
+PASS SanitizerAPI config: blockElements list with invalid values}, sanitizeToString function for blockElements list with invalid values}
 PASS SanitizerAPI config: allowElements list ["p"]., sanitizeToString function for allowElements list ["p"].
 PASS SanitizerAPI config: allowElements list has no influence to dropElements., sanitizeToString function for allowElements list has no influence to dropElements.
 PASS SanitizerAPI config: dropAttributes list ["style"] with style attribute, sanitizeToString function for dropAttributes list ["style"] with style attribute

third_party/blink/web_tests/wpt_internal/sanitizer-api/support/testcases.sub.js

@@ -21,6 +21,7 @@ const testcases = [
   {config_input: {dropElements: ["I", "AM"]}, value: "<div>balabala<am>test</am></div>", result: "<div>balabala</div>", message: "dropElements list [\"I\", \"AM\"]}"},
   {config_input: {dropElements: ["am", "p"]}, value: "<div>balabala<i>i</i><p>t</p><test>a</test></div>", result: "<div>balabala<i>i</i><test>a</test></div>", message: "dropElements list [\"am\", \"p\"]}"},
   {config_input: {dropElements: [123, [], "test", "i"]}, value: "<div>balabala<i>test</i></div><test>t</test>", result: "<div>balabala</div>", message: "dropElements list with invalid values}"},
+  {config_input: {blockElements: [123, [], "test", "i"]}, value: "<div>balabala<i>test</i></div><test>t</test>", result: "<div>balabalatest</div>t", message: "blockElements list with invalid values}"},
   {config_input: {allowElements: ["p"]}, value: "<div>test<div>p</div>tt<p>div</p></div>", result: "testptt<p>div</p>", message: "allowElements list [\"p\"]."},
   {config_input: {dropElements: ["div"], allowElements: ["div"]}, value: "<div>test</div><c>bla", result: "bla", message: "allowElements list has no influence to dropElements."},
   {config_input: {dropAttributes: ["style"]}, value: "<p style='color: black'>Click.</p>", result: "<p>Click.</p>", message: "dropAttributes list [\"style\"] with style attribute"},