Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
seleniumhq
GitHub Repository: seleniumhq/selenium
 Path: blob/trunk/third_party/closure/goog/html/legacyconversions.js
2868 views
1
// Copyright 2013 The Closure Library Authors. All Rights Reserved.

2
//

3
// Licensed under the Apache License, Version 2.0 (the "License");

4
// you may not use this file except in compliance with the License.

5
// You may obtain a copy of the License at

6
//

7
//      http://www.apache.org/licenses/LICENSE-2.0

8
//

9
// Unless required by applicable law or agreed to in writing, software

10
// distributed under the License is distributed on an "AS-IS" BASIS,

11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

12
// See the License for the specific language governing permissions and

13
// limitations under the License.

14


15
/**

16
 * @fileoverview Transitional utilities to unsafely trust random strings as

17
 * goog.html types. Intended for temporary use when upgrading a library that

18
 * used to accept plain strings to use safe types, but where it's not

19
 * practical to transitively update callers.

20
 *

21
 * IMPORTANT: No new code should use the conversion functions in this file,

22
 * they are intended for refactoring old code to use goog.html types. New code

23
 * should construct goog.html types via their APIs, template systems or

24
 * sanitizers. If that’s not possible it should use

25
 * goog.html.uncheckedconversions and undergo security review.

26


27
 *

28
 * The semantics of the conversions in goog.html.legacyconversions are very

29
 * different from the ones provided by goog.html.uncheckedconversions. The

30
 * latter are for use in code where it has been established through manual

31
 * security review that the value produced by a piece of code will always

32
 * satisfy the SafeHtml contract (e.g., the output of a secure HTML sanitizer).

33
 * In uses of goog.html.legacyconversions, this guarantee is not given -- the

34
 * value in question originates in unreviewed legacy code and there is no

35
 * guarantee that it satisfies the SafeHtml contract.

36
 *

37
 * There are only three valid uses of legacyconversions:

38
 *

39
 * 1. Introducing a goog.html version of a function which currently consumes

40
 * string and passes that string to a DOM API which can execute script - and

41
 * hence cause XSS - like innerHTML. For example, Dialog might expose a

42
 * setContent method which takes a string and sets the innerHTML property of

43
 * an element with it. In this case a setSafeHtmlContent function could be

44
 * added, consuming goog.html.SafeHtml instead of string, and using

45
 * goog.dom.safe.setInnerHtml instead of directly setting innerHTML.

46
 * setContent could then internally use legacyconversions to create a SafeHtml

47
 * from string and pass the SafeHtml to setSafeHtmlContent. In this scenario

48
 * remember to document the use of legacyconversions in the modified setContent

49
 * and consider deprecating it as well.

50
 *

51
 * 2. Automated refactoring of application code which handles HTML as string

52
 * but needs to call a function which only takes goog.html types. For example,

53
 * in the Dialog scenario from (1) an alternative option would be to refactor

54
 * setContent to accept goog.html.SafeHtml instead of string and then refactor

55
 * all current callers to use legacyconversions to pass SafeHtml. This is

56
 * generally preferable to (1) because it keeps the library clean of

57
 * legacyconversions, and makes code sites in application code that are

58
 * potentially vulnerable to XSS more apparent.

59
 *

60
 * 3. Old code which needs to call APIs which consume goog.html types and for

61
 * which it is prohibitively expensive to refactor to use goog.html types.

62
 * Generally, this is code where safety from XSS is either hopeless or

63
 * unimportant.

64
 *

65
 * @visibility {//closure/goog/html:approved_for_legacy_conversion}

66
 * @visibility {//closure/goog/bin/sizetests:__pkg__}

67
 */

68


69


70
goog.provide('goog.html.legacyconversions');

71


72
goog.require('goog.html.SafeHtml');

73
goog.require('goog.html.SafeStyle');

74
goog.require('goog.html.SafeStyleSheet');

75
goog.require('goog.html.SafeUrl');

76
goog.require('goog.html.TrustedResourceUrl');

77


78


79
/**

80
 * Performs an "unchecked conversion" from string to SafeHtml for legacy API

81
 * purposes.

82
 *

83
 * Please read fileoverview documentation before using.

84
 *

85
 * @param {string} html A string to be converted to SafeHtml.

86
 * @return {!goog.html.SafeHtml} The value of html, wrapped in a SafeHtml

87
 *     object.

88
 */

89
goog.html.legacyconversions.safeHtmlFromString = function(html) {

90
  goog.html.legacyconversions.reportCallback_();

91
  return goog.html.SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(

92
      html, null /* dir */);

93
};

94


95


96
/**

97
 * Performs an "unchecked conversion" from string to SafeStyle for legacy API

98
 * purposes.

99
 *

100
 * Please read fileoverview documentation before using.

101
 *

102
 * @param {string} style A string to be converted to SafeStyle.

103
 * @return {!goog.html.SafeStyle} The value of style, wrapped in a SafeStyle

104
 *     object.

105
 */

106
goog.html.legacyconversions.safeStyleFromString = function(style) {

107
  goog.html.legacyconversions.reportCallback_();

108
  return goog.html.SafeStyle.createSafeStyleSecurityPrivateDoNotAccessOrElse(

109
      style);

110
};

111


112


113
/**

114
 * Performs an "unchecked conversion" from string to SafeStyleSheet for legacy

115
 * API purposes.

116
 *

117
 * Please read fileoverview documentation before using.

118
 *

119
 * @param {string} styleSheet A string to be converted to SafeStyleSheet.

120
 * @return {!goog.html.SafeStyleSheet} The value of style sheet, wrapped in

121
 *     a SafeStyleSheet object.

122
 */

123
goog.html.legacyconversions.safeStyleSheetFromString = function(styleSheet) {

124
  goog.html.legacyconversions.reportCallback_();

125
  return goog.html.SafeStyleSheet

126
      .createSafeStyleSheetSecurityPrivateDoNotAccessOrElse(styleSheet);

127
};

128


129


130
/**

131
 * Performs an "unchecked conversion" from string to SafeUrl for legacy API

132
 * purposes.

133
 *

134
 * Please read fileoverview documentation before using.

135
 *

136
 * @param {string} url A string to be converted to SafeUrl.

137
 * @return {!goog.html.SafeUrl} The value of url, wrapped in a SafeUrl

138
 *     object.

139
 */

140
goog.html.legacyconversions.safeUrlFromString = function(url) {

141
  goog.html.legacyconversions.reportCallback_();

142
  return goog.html.SafeUrl.createSafeUrlSecurityPrivateDoNotAccessOrElse(url);

143
};

144


145


146
/**

147
 * Performs an "unchecked conversion" from string to TrustedResourceUrl for

148
 * legacy API purposes.

149
 *

150
 * Please read fileoverview documentation before using.

151
 *

152
 * @param {string} url A string to be converted to TrustedResourceUrl.

153
 * @return {!goog.html.TrustedResourceUrl} The value of url, wrapped in a

154
 *     TrustedResourceUrl object.

155
 */

156
goog.html.legacyconversions.trustedResourceUrlFromString = function(url) {

157
  goog.html.legacyconversions.reportCallback_();

158
  return goog.html.TrustedResourceUrl

159
      .createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse(url);

160
};

161


162
/**

163
 * @private {function(): undefined}

164
 */

165
goog.html.legacyconversions.reportCallback_ = goog.nullFunction;

166


167


168
/**

169
 * Sets a function that will be called every time a legacy conversion is

170
 * performed. The function is called with no parameters but it can use

171
 * goog.debug.getStacktrace to get a stacktrace.

172
 *

173
 * @param {function(): undefined} callback Error callback as defined above.

174
 */

175
goog.html.legacyconversions.setReportCallback = function(callback) {

176
  goog.html.legacyconversions.reportCallback_ = callback;

177
};

178


179