Path: blob/trunk/third_party/closure/goog/html/uncheckedconversions.js
2868 views
// Copyright 2013 The Closure Library Authors. All Rights Reserved.1//2// Licensed under the Apache License, Version 2.0 (the "License");3// you may not use this file except in compliance with the License.4// You may obtain a copy of the License at5//6// http://www.apache.org/licenses/LICENSE-2.07//8// Unless required by applicable law or agreed to in writing, software9// distributed under the License is distributed on an "AS-IS" BASIS,10// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.11// See the License for the specific language governing permissions and12// limitations under the License.1314/**15* @fileoverview Unchecked conversions to create values of goog.html types from16* plain strings. Use of these functions could potentially result in instances17* of goog.html types that violate their type contracts, and hence result in18* security vulnerabilties.19*20* Therefore, all uses of the methods herein must be carefully security21* reviewed. Avoid use of the methods in this file whenever possible; instead22* prefer to create instances of goog.html types using inherently safe builders23* or template systems.24*25*26*27* @visibility {//closure/goog/html:approved_for_unchecked_conversion}28* @visibility {//closure/goog/bin/sizetests:__pkg__}29*/303132goog.provide('goog.html.uncheckedconversions');3334goog.require('goog.asserts');35goog.require('goog.html.SafeHtml');36goog.require('goog.html.SafeScript');37goog.require('goog.html.SafeStyle');38goog.require('goog.html.SafeStyleSheet');39goog.require('goog.html.SafeUrl');40goog.require('goog.html.TrustedResourceUrl');41goog.require('goog.string');42goog.require('goog.string.Const');434445/**46* Performs an "unchecked conversion" to SafeHtml from a plain string that is47* known to satisfy the SafeHtml type contract.48*49* IMPORTANT: Uses of this method must be carefully security-reviewed to ensure50* that the value of {@code html} satisfies the SafeHtml type contract in all51* possible program states.52*53*54* @param {!goog.string.Const} justification A constant string explaining why55* this use of this method is safe. May include a security review ticket56* number.57* @param {string} html A string that is claimed to adhere to the SafeHtml58* contract.59* @param {?goog.i18n.bidi.Dir=} opt_dir The optional directionality of the60* SafeHtml to be constructed. A null or undefined value signifies an61* unknown directionality.62* @return {!goog.html.SafeHtml} The value of html, wrapped in a SafeHtml63* object.64*/65goog.html.uncheckedconversions.safeHtmlFromStringKnownToSatisfyTypeContract =66function(justification, html, opt_dir) {67// unwrap() called inside an assert so that justification can be optimized68// away in production code.69goog.asserts.assertString(70goog.string.Const.unwrap(justification), 'must provide justification');71goog.asserts.assert(72!goog.string.isEmptyOrWhitespace(goog.string.Const.unwrap(justification)),73'must provide non-empty justification');74return goog.html.SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(75html, opt_dir || null);76};777879/**80* Performs an "unchecked conversion" to SafeScript from a plain string that is81* known to satisfy the SafeScript type contract.82*83* IMPORTANT: Uses of this method must be carefully security-reviewed to ensure84* that the value of {@code script} satisfies the SafeScript type contract in85* all possible program states.86*87*88* @param {!goog.string.Const} justification A constant string explaining why89* this use of this method is safe. May include a security review ticket90* number.91* @param {string} script The string to wrap as a SafeScript.92* @return {!goog.html.SafeScript} The value of {@code script}, wrapped in a93* SafeScript object.94*/95goog.html.uncheckedconversions.safeScriptFromStringKnownToSatisfyTypeContract =96function(justification, script) {97// unwrap() called inside an assert so that justification can be optimized98// away in production code.99goog.asserts.assertString(100goog.string.Const.unwrap(justification), 'must provide justification');101goog.asserts.assert(102!goog.string.isEmptyOrWhitespace(goog.string.Const.unwrap(justification)),103'must provide non-empty justification');104return goog.html.SafeScript.createSafeScriptSecurityPrivateDoNotAccessOrElse(105script);106};107108109/**110* Performs an "unchecked conversion" to SafeStyle from a plain string that is111* known to satisfy the SafeStyle type contract.112*113* IMPORTANT: Uses of this method must be carefully security-reviewed to ensure114* that the value of {@code style} satisfies the SafeStyle type contract in all115* possible program states.116*117*118* @param {!goog.string.Const} justification A constant string explaining why119* this use of this method is safe. May include a security review ticket120* number.121* @param {string} style The string to wrap as a SafeStyle.122* @return {!goog.html.SafeStyle} The value of {@code style}, wrapped in a123* SafeStyle object.124*/125goog.html.uncheckedconversions.safeStyleFromStringKnownToSatisfyTypeContract =126function(justification, style) {127// unwrap() called inside an assert so that justification can be optimized128// away in production code.129goog.asserts.assertString(130goog.string.Const.unwrap(justification), 'must provide justification');131goog.asserts.assert(132!goog.string.isEmptyOrWhitespace(goog.string.Const.unwrap(justification)),133'must provide non-empty justification');134return goog.html.SafeStyle.createSafeStyleSecurityPrivateDoNotAccessOrElse(135style);136};137138139/**140* Performs an "unchecked conversion" to SafeStyleSheet from a plain string141* that is known to satisfy the SafeStyleSheet type contract.142*143* IMPORTANT: Uses of this method must be carefully security-reviewed to ensure144* that the value of {@code styleSheet} satisfies the SafeStyleSheet type145* contract in all possible program states.146*147*148* @param {!goog.string.Const} justification A constant string explaining why149* this use of this method is safe. May include a security review ticket150* number.151* @param {string} styleSheet The string to wrap as a SafeStyleSheet.152* @return {!goog.html.SafeStyleSheet} The value of {@code styleSheet}, wrapped153* in a SafeStyleSheet object.154*/155goog.html.uncheckedconversions156.safeStyleSheetFromStringKnownToSatisfyTypeContract = function(157justification, styleSheet) {158// unwrap() called inside an assert so that justification can be optimized159// away in production code.160goog.asserts.assertString(161goog.string.Const.unwrap(justification), 'must provide justification');162goog.asserts.assert(163!goog.string.isEmptyOrWhitespace(goog.string.Const.unwrap(justification)),164'must provide non-empty justification');165return goog.html.SafeStyleSheet166.createSafeStyleSheetSecurityPrivateDoNotAccessOrElse(styleSheet);167};168169170/**171* Performs an "unchecked conversion" to SafeUrl from a plain string that is172* known to satisfy the SafeUrl type contract.173*174* IMPORTANT: Uses of this method must be carefully security-reviewed to ensure175* that the value of {@code url} satisfies the SafeUrl type contract in all176* possible program states.177*178*179* @param {!goog.string.Const} justification A constant string explaining why180* this use of this method is safe. May include a security review ticket181* number.182* @param {string} url The string to wrap as a SafeUrl.183* @return {!goog.html.SafeUrl} The value of {@code url}, wrapped in a SafeUrl184* object.185*/186goog.html.uncheckedconversions.safeUrlFromStringKnownToSatisfyTypeContract =187function(justification, url) {188// unwrap() called inside an assert so that justification can be optimized189// away in production code.190goog.asserts.assertString(191goog.string.Const.unwrap(justification), 'must provide justification');192goog.asserts.assert(193!goog.string.isEmptyOrWhitespace(goog.string.Const.unwrap(justification)),194'must provide non-empty justification');195return goog.html.SafeUrl.createSafeUrlSecurityPrivateDoNotAccessOrElse(url);196};197198199/**200* Performs an "unchecked conversion" to TrustedResourceUrl from a plain string201* that is known to satisfy the TrustedResourceUrl type contract.202*203* IMPORTANT: Uses of this method must be carefully security-reviewed to ensure204* that the value of {@code url} satisfies the TrustedResourceUrl type contract205* in all possible program states.206*207*208* @param {!goog.string.Const} justification A constant string explaining why209* this use of this method is safe. May include a security review ticket210* number.211* @param {string} url The string to wrap as a TrustedResourceUrl.212* @return {!goog.html.TrustedResourceUrl} The value of {@code url}, wrapped in213* a TrustedResourceUrl object.214*/215goog.html.uncheckedconversions216.trustedResourceUrlFromStringKnownToSatisfyTypeContract = function(217justification, url) {218// unwrap() called inside an assert so that justification can be optimized219// away in production code.220goog.asserts.assertString(221goog.string.Const.unwrap(justification), 'must provide justification');222goog.asserts.assert(223!goog.string.isEmptyOrWhitespace(goog.string.Const.unwrap(justification)),224'must provide non-empty justification');225return goog.html.TrustedResourceUrl226.createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse(url);227};228229230