def _set_HTML_property(function, new_value, traverser):
    if isinstance(new_value, jstypes.JSLiteral):
        # TODO: This might be optimizable as get_as_str
        literal_value = new_value.get_literal_value(traverser)
        if isinstance(literal_value, types.StringTypes):
            # Static string assignments

            # Test for on* attributes and script tags.
            if EVENT_ASSIGNMENT.search(literal_value.lower()):
                warn(traverser.err,
                     filename=traverser.filename,
                     line=traverser.line,
                     column=traverser.position,
                     context=traverser.context,
                     violation_type="javascript_event_assignment")
            elif "<script" in literal_value or JS_URL.search(literal_value):
                warn(traverser.err,
                     filename=traverser.filename,
                     line=traverser.line,
                     column=traverser.position,
                     context=traverser.context,
                     violation_type="javascript_url")
            else:
                # Everything checks out, but we still want to pass it through
                # the markup validator. Turn off strict mode so we don't get
                # warnings about malformed HTML.
                from ..markup.markuptester import MarkupParser
                parser = MarkupParser(traverser.err, strict=False, debug=True)
                parser.process(traverser.filename, literal_value, "xul")
Beispiel #2
0
def set_on_event(new_value, traverser):
    """Ensure that on* properties are not assigned string values."""

    is_literal = new_value.is_literal()

    if is_literal and isinstance(new_value.get_literal_value(),
                                 types.StringTypes):
        warn(traverser.err,
             filename=traverser.filename,
             line=traverser.line,
             column=traverser.position,
             context=traverser.context,
             violation_type="setting_on-event")
    elif not is_literal and new_value.has_property("handleEvent"):
        traverser.err.error(
            err_id=("js", "on*", "handleEvent"),
            error="`handleEvent` no longer implemented in Gecko 18.",
            description="As of Gecko 18, objects with `handleEvent` methods "
                        "may no longer be assigned to `on*` properties. Doing "
                        "so will be equivalent to assigning `null` to the "
                        "property.",
            filename=traverser.filename,
            line=traverser.line,
            column=traverser.position,
            context=traverser.context)
def _set_HTML_property(function, new_value, traverser):
    if isinstance(new_value, jstypes.JSLiteral):
        # TODO: This might be optimizable as get_as_str
        literal_value = new_value.get_literal_value()
        if isinstance(literal_value, types.StringTypes):
            # Static string assignments

            # Test for on* attributes and script tags.
            if EVENT_ASSIGNMENT.search(literal_value.lower()):
                warn(traverser.err,
                     filename=traverser.filename,
                     line=traverser.line,
                     column=traverser.position,
                     context=traverser.context,
                     violation_type="javascript_event_assignment")
            elif "<script" in literal_value or JS_URL.search(literal_value):
                warn(traverser.err,
                     filename=traverser.filename,
                     line=traverser.line,
                     column=traverser.position,
                     context=traverser.context,
                     violation_type="javascript_url")
            else:
                # Everything checks out, but we still want to pass it through
                # the markup validator. Turn off strict mode so we don't get
                # warnings about malformed HTML.
                from ..markup.markuptester import MarkupParser
                parser = MarkupParser(traverser.err, strict=False, debug=True)
                parser.process(traverser.filename, literal_value, "xul")
Beispiel #4
0
 def call_wrap(*args, **kwargs):
     traverser = kwargs.get("traverser") or args[-1]
     from appvalidator.csp import warn
     warn(err=traverser.err,
          filename=traverser.filename,
          line=traverser.line,
          column=traverser.position,
          context=traverser.context,
          violation_type="script")
 def wrap(wrapper, arguments, traverser):
     if arguments and not arguments[0].callable:
         from appvalidator.csp import warn
         warn(err=traverser.err,
              filename=traverser.filename,
              line=traverser.line,
              column=traverser.position,
              context=traverser.context,
              violation_type="set*")
def _create_script_tag(traverser):
    """Raises a warning that the dev is creating a script tag"""

    warn(traverser.err,
         filename=traverser.filename,
         line=traverser.line,
         column=traverser.position,
         context=traverser.context,
         violation_type="createElement-script")
Beispiel #7
0
 def call_wrap(*args, **kwargs):
     from appvalidator.csp import warn
     warn(err=traverser.err,
          filename=traverser.filename,
          line=traverser.line,
          column=traverser.position,
          context=traverser.context,
          violation_type="script")
     return False
 def call_wrap(*args, **kwargs):
     traverser = kwargs.get("traverser") or args[-1]
     from appvalidator.csp import warn
     warn(err=traverser.err,
          filename=traverser.filename,
          line=traverser.line,
          column=traverser.position,
          context=traverser.context,
          violation_type="script")
Beispiel #9
0
 def wrap(wrapper, arguments, traverser):
     if arguments and not arguments[0].callable:
         from appvalidator.csp import warn
         warn(err=traverser.err,
              filename=traverser.filename,
              line=traverser.line,
              column=traverser.position,
              context=traverser.context,
              violation_type="set*")
Beispiel #10
0
def _create_script_tag(traverser):
    """Raises a warning that the dev is creating a script tag"""

    warn(traverser.err,
         filename=traverser.filename,
         line=traverser.line,
         column=traverser.position,
         context=traverser.context,
         violation_type="createElement-script")
Beispiel #11
0
def _create_variable_element(traverser):
    """Raises a warning that the dev is creating an arbitrary element"""

    warn(traverser.err,
         filename=traverser.filename,
         line=traverser.line,
         column=traverser.position,
         context=traverser.context,
         violation_type="createElement-variable")
Beispiel #12
0
 def call_wrap(*args, **kwargs):
     from appvalidator.csp import warn
     warn(err=traverser.err,
          filename=traverser.filename,
          line=traverser.line,
          column=traverser.position,
          context=traverser.context,
          violation_type="script")
     return False
Beispiel #13
0
def _create_variable_element(traverser):
    """Raises a warning that the dev is creating an arbitrary element"""

    warn(traverser.err,
         filename=traverser.filename,
         line=traverser.line,
         column=traverser.position,
         context=traverser.context,
         violation_type="createElement-variable")
Beispiel #14
0
 def wrap(a, t, e):
     if not a or "script" in _get_as_str(t(a[1])).lower():
         from appvalidator.csp import warn
         warn(err=traverser.err,
              filename=traverser.filename,
              line=traverser.line,
              column=traverser.position,
              context=traverser.context,
              violation_type="createElementNS")
     return False
Beispiel #15
0
 def wrap(a, t, e):
     if a and a[0]["type"] != "FunctionExpression":
         from appvalidator.csp import warn
         warn(err=traverser.err,
              filename=traverser.filename,
              line=traverser.line,
              column=traverser.position,
              context=traverser.context,
              violation_type="set*")
     return False
Beispiel #16
0
 def wrap(a, t, e):
     if a and a[0]["type"] != "FunctionExpression":
         from appvalidator.csp import warn
         warn(err=traverser.err,
              filename=traverser.filename,
              line=traverser.line,
              column=traverser.position,
              context=traverser.context,
              violation_type="set*")
     return False
Beispiel #17
0
 def wrap(a, t, e):
     if not a or "script" in _get_as_str(t(a[1])).lower():
         from appvalidator.csp import warn
         warn(err=traverser.err,
              filename=traverser.filename,
              line=traverser.line,
              column=traverser.position,
              context=traverser.context,
              violation_type="createElementNS")
     return False
def set_on_event(new_value, traverser):
    """Ensure that on* properties are not assigned string values."""

    if (isinstance(new_value, jstypes.JSLiteral) and
        isinstance(new_value.get_literal_value(), types.StringTypes)):
        warn(traverser.err,
             filename=traverser.filename,
             line=traverser.line,
             column=traverser.position,
             context=traverser.context,
             violation_type="setting_on-event")
def set_on_event(new_value, traverser):
    """Ensure that on* properties are not assigned string values."""

    if (isinstance(new_value, jstypes.JSLiteral) and isinstance(
            new_value.get_literal_value(traverser), types.StringTypes)):
        warn(traverser.err,
             filename=traverser.filename,
             line=traverser.line,
             column=traverser.position,
             context=traverser.context,
             violation_type="setting_on-event")
def setAttribute(args, traverser, wrapper):
    """This ensures that setAttribute calls don't set on* attributes"""

    if not args:
        return

    first_as_str = utils.get_as_str(args[0].get_literal_value(traverser))
    if first_as_str.lower().startswith("on"):
        warn(traverser.err,
             filename=traverser.filename,
             line=traverser.line,
             column=traverser.position,
             context=traverser.context,
             violation_type="setAttribute-on")
Beispiel #21
0
def setAttribute(args, traverser, wrapper):
    """This ensures that setAttribute calls don't set on* attributes"""

    if not args:
        return

    first_as_str = utils.get_as_str(args[0].get_literal_value())
    if first_as_str.lower().startswith("on"):
        warn(traverser.err,
             filename=traverser.filename,
             line=traverser.line,
             column=traverser.position,
             context=traverser.context,
             violation_type="setAttribute-on")
Beispiel #22
0
def setAttribute(args, traverser, node, wrapper):
    """This ensures that setAttribute calls don't set on* attributes"""

    if not args:
        return

    simple_args = [traverser._traverse_node(a) for a in args]

    first_as_str = actions._get_as_str(simple_args[0].get_literal_value())
    if first_as_str.lower().startswith("on"):
        warn(traverser.err,
             filename=traverser.filename,
             line=traverser.line,
             column=traverser.position,
             context=traverser.context,
             violation_type="setAttribute-on")
Beispiel #23
0
def setAttribute(args, traverser, node, wrapper):
    """This ensures that setAttribute calls don't set on* attributes"""

    if not args:
        return

    simple_args = [traverser._traverse_node(a) for a in args]

    first_as_str = actions._get_as_str(simple_args[0].get_literal_value())
    if first_as_str.lower().startswith("on"):
        warn(traverser.err,
             filename=traverser.filename,
             line=traverser.line,
             column=traverser.position,
             context=traverser.context,
             violation_type="setAttribute-on")