98 } |
96 } |
99 } |
97 } |
100 |
98 |
101 private void checkHtmlAttr(String name, String value) { |
99 private void checkHtmlAttr(String name, String value) { |
102 String n = name.toLowerCase(Locale.ENGLISH); |
100 String n = name.toLowerCase(Locale.ENGLISH); |
103 if (eventAttrs.contains(n) |
101 // https://www.w3.org/TR/html52/fullindex.html#attributes-table |
|
102 // See https://www.w3.org/TR/html52/webappapis.html#events-event-handlers |
|
103 // An event handler has a name, which always starts with "on" and is followed by |
|
104 // the name of the event for which it is intended. |
|
105 if (n.startsWith("on") |
104 || uriAttrs.contains(n) |
106 || uriAttrs.contains(n) |
105 && value != null && value.toLowerCase(Locale.ENGLISH).trim().startsWith("javascript:")) { |
107 && value != null && value.toLowerCase(Locale.ENGLISH).trim().startsWith("javascript:")) { |
106 reporter.report(); |
108 reporter.report(); |
107 } |
109 } |
108 } |
110 } |
1058 for (TagParser p: parsers) |
1060 for (TagParser p: parsers) |
1059 tagParsers.put(p.getName(), p); |
1061 tagParsers.put(p.getName(), p); |
1060 |
1062 |
1061 } |
1063 } |
1062 |
1064 |
1063 private void initEventAttrs() { |
|
1064 eventAttrs = new HashSet<>(Arrays.asList( |
|
1065 // See https://www.w3.org/TR/html-markup/global-attributes.html#common.attrs.event-handler |
|
1066 "onabort", "onblur", "oncanplay", "oncanplaythrough", |
|
1067 "onchange", "onclick", "oncontextmenu", "ondblclick", |
|
1068 "ondrag", "ondragend", "ondragenter", "ondragleave", |
|
1069 "ondragover", "ondragstart", "ondrop", "ondurationchange", |
|
1070 "onemptied", "onended", "onerror", "onfocus", "oninput", |
|
1071 "oninvalid", "onkeydown", "onkeypress", "onkeyup", |
|
1072 "onload", "onloadeddata", "onloadedmetadata", "onloadstart", |
|
1073 "onmousedown", "onmousemove", "onmouseout", "onmouseover", |
|
1074 "onmouseup", "onmousewheel", "onpause", "onplay", |
|
1075 "onplaying", "onprogress", "onratechange", "onreadystatechange", |
|
1076 "onreset", "onscroll", "onseeked", "onseeking", |
|
1077 "onselect", "onshow", "onstalled", "onsubmit", "onsuspend", |
|
1078 "ontimeupdate", "onvolumechange", "onwaiting", |
|
1079 |
|
1080 // See https://www.w3.org/TR/html4/sgml/dtd.html |
|
1081 // Most of the attributes that take a %Script are also defined as event handlers |
|
1082 // in HTML 5. The one exception is onunload. |
|
1083 // "onchange", "onclick", "ondblclick", "onfocus", |
|
1084 // "onkeydown", "onkeypress", "onkeyup", "onload", |
|
1085 // "onmousedown", "onmousemove", "onmouseout", "onmouseover", |
|
1086 // "onmouseup", "onreset", "onselect", "onsubmit", |
|
1087 "onunload" |
|
1088 )); |
|
1089 } |
|
1090 |
|
1091 private void initURIAttrs() { |
1065 private void initURIAttrs() { |
1092 uriAttrs = new HashSet<>(Arrays.asList( |
1066 uriAttrs = new HashSet<>(Arrays.asList( |
1093 // See https://www.w3.org/TR/html4/sgml/dtd.html |
1067 // See https://www.w3.org/TR/html4/sgml/dtd.html |
1094 // https://www.w3.org/TR/html5/ |
1068 // https://www.w3.org/TR/html5/ |
1095 // These are all the attributes that take a %URI or a valid URL potentially surrounded |
1069 // These are all the attributes that take a %URI or a valid URL potentially surrounded |