254
edits
Security/Reviews/Firefox4/HTML5 Parser Security Review: Difference between revisions
Security/Reviews/Firefox4/HTML5 Parser Security Review (view source)
Revision as of 14:12, 27 September 2010
, 27 September 2010→Exported APIs
| Line 46: | Line 46: | ||
== Exported APIs == | == Exported APIs == | ||
* Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.) | * Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.) | ||
[http://mxr.mozilla.org/mozilla-central/source/parser/html/nsHtml5Module.h nsHtml5Module.h] provides a way for other parts of Gecko to obtain HTML5 parser instances. | |||
Other parts of Gecko see the HTML5 parser as an [http://mxr.mozilla.org/mozilla-central/source/parser/htmlparser/public/nsIParser.h nsIParser] instance. | |||
The HTML5 parser can be invoked by Web content by loading a URL in a browsing context, by assigning to innerHTML or by calling Range.createContextualFragment. | |||
* Does it interoperate with a web service? How will it do so? | * Does it interoperate with a web service? How will it do so? | ||
No. | |||
* Explain the significant file formats, names, syntax, and semantics. | * Explain the significant file formats, names, syntax, and semantics. | ||
The significant file format is HTML. | |||
* Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully? | * Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully? | ||
innerHTML is documented in the HTML5 spec. createContextualFragment is documented on DevMo but not profoundly. | |||
* Does it change any existing interfaces? | * Does it change any existing interfaces? | ||
Yes. There are new members on nsIParser and nsIScriptElement. | |||
== Module interactions == | == Module interactions == | ||