• 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏吧

Java SanitizedContent类的典型用法和代码示例

java 1次浏览

本文整理汇总了Java中com.google.template.soy.data.SanitizedContent的典型用法代码示例。如果您正苦于以下问题:Java SanitizedContent类的具体用法?Java SanitizedContent怎么用?Java SanitizedContent使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。

SanitizedContent类属于com.google.template.soy.data包,在下文中一共展示了SanitizedContent类的39个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。

示例1: renderHelloWorld

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
SanitizedContent renderHelloWorld(
      Map<String, ?> data, Map<String, ?> ijData) {
    SoySauce.Renderer renderer = soySauce
            .renderTemplate(TEMPLATE_NAME)
            .setData(data)
            .setIj(ijData)
//          .setMsgBundle(msgBundle)
//          .setXidRenamingMap(idRenamingMap)
            .setCssRenamingMap(cssRenamingMap)
            ;

    SoySauce.Continuation<SanitizedContent> c = renderer.renderStrict();
    for (int tries = 100; --tries >= 0;) {
      RenderResult result = c.result();
      if (result.isDone()) {
        return c.get();
      }
      c = c.continueRender();
    }
    throw new IllegalStateException(
        "Rendering stuck on " + c.result().future());
  }
 

开发者ID:mikesamuel,
项目名称:closure-maven-plugin,
代码行数:23,
代码来源:HelloWorldTest.java

示例2: testHelloWorldUntrustedTextInput

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
@Test
public final void testHelloWorldUntrustedTextInput() {
  Name.Builder nameBuilder = Name.newBuilder();
  nameBuilder.setText("Cincinatti <:)>");

  ImmutableMap<String, Object> data = ImmutableMap.<String, Object>of(
      "world", nameBuilder.build());
  ImmutableMap<String, Object> ijData = ImmutableMap.of();

  SanitizedContent output = renderHelloWorld(data, ijData);
  assertEquals(ContentKind.HTML, output.getContentKind());
  assertEquals(
      "<div id=\"greeting\">"
      + "Hello, <b class=\"b\">Cincinatti &lt;:)&gt;</b>!</div>",
      output.getContent());
}
 

开发者ID:mikesamuel,
项目名称:closure-maven-plugin,
代码行数:17,
代码来源:HelloWorldTest.java

示例3: testHelloWorldSafeHtmlInput

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
@Test
public final void testHelloWorldSafeHtmlInput() {
  Name.Builder nameBuilder = Name.newBuilder();
  nameBuilder.setHtml(SafeHtmls.toProto(SafeHtmls.htmlEscape(
      "Cincinatti <:-}>")));

  ImmutableMap<String, Object> data = ImmutableMap.<String, Object>of(
      "world", nameBuilder.build());
  ImmutableMap<String, Object> ijData = ImmutableMap.of();

  SanitizedContent output = renderHelloWorld(data, ijData);
  assertEquals(ContentKind.HTML, output.getContentKind());
  assertEquals(
      "<div id=\"greeting\">"
      + "Hello, <b class=\"b\">Cincinatti &lt;:-}&gt;</b>!</div>",
      output.getContent());
}
 

开发者ID:mikesamuel,
项目名称:closure-maven-plugin,
代码行数:18,
代码来源:HelloWorldTest.java

示例4: getTemplateData

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
static SoyMapData getTemplateData(String canonicalURL, String cdnPath, String faviconPath)
    throws URISyntaxException {
  String canonicalPath = computeCanonicalPath(canonicalURL);

  String staticPath = "";
  if (cdnPath != null) {
    staticPath = cdnPath;
  } else if (canonicalPath != null) {
    staticPath = canonicalPath;
  }

  // The resource path must be typed as safe for use in a script src.
  // TODO(wyatta): Upgrade this to use an appropriate safe URL type.
  SanitizedContent sanitizedStaticPath =
      UnsafeSanitizedContentOrdainer.ordainAsSafe(
          staticPath, SanitizedContent.ContentKind.TRUSTED_RESOURCE_URI);

  return new SoyMapData(
      "canonicalPath", canonicalPath,
      "staticResourcePath", sanitizedStaticPath,
      "faviconPath", faviconPath);
}
 

开发者ID:gerrit-review,
项目名称:gerrit,
代码行数:23,
代码来源:IndexServlet.java

示例5: filterHtmlAttributes

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/**
 * Checks that the input is a valid HTML attribute name with normal keyword or textual content or
 * known safe attribute content.
 */
public static String filterHtmlAttributes(SoyValue value) {
  value = normalizeNull(value);
  if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.ATTRIBUTES)) {
    // We're guaranteed to be in a case where key=value pairs are expected. However, if it would
    // cause issues to directly abut this with more attributes, add a space. For example:
    // {$a}{$b} where $a is foo=bar and $b is boo=baz requires a space in between to be parsed
    // correctly, but not in the case where $a is foo="bar".
    // TODO: We should be able to get rid of this if the compiler can guarantee spaces between
    // adjacent print statements in attribute context at compile time.
    String content = value.coerceToString();
    if (content.length() > 0) {
      if (shouldAppendSpace(content.charAt(content.length() - 1))) {
        content += ' ';
      }
    }
    return content;
  }
  return filterHtmlAttributes(value.coerceToString());
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:24,
代码来源:Sanitizers.java

示例6: compareString

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/** Determines if the operand's string form can be equality-compared with a string. */
public static boolean compareString(String string, SoyValue other) {
  // This follows similarly to the Javascript specification, to ensure similar operation
  // over Javascript and Java: http://www.ecma-international.org/ecma-262/5.1/#sec-11.9.3
  if (other instanceof StringData || other instanceof SanitizedContent) {
    return string.equals(other.toString());
  }
  if (other instanceof NumberData) {
    try {
      // Parse the string as a number.
      return Double.parseDouble(string) == other.numberValue();
    } catch (NumberFormatException nfe) {
      // Didn't parse as a number.
      return false;
    }
  }
  return false;
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:19,
代码来源:SharedRuntime.java

示例7: bidiDirAttr

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
public static String bidiDirAttr(BidiGlobalDir dir, SoyValue value, boolean isHtml) {
  Dir valueDir = null;
  boolean isHtmlForValueDirEstimation = false;
  if (value instanceof SanitizedContent) {
    SanitizedContent sanitizedContent = (SanitizedContent) value;
    valueDir = sanitizedContent.getContentDirection();
    if (valueDir == null) {
      isHtmlForValueDirEstimation = sanitizedContent.getContentKind() == ContentKind.HTML;
    }
  }

  if (valueDir == null) {
    isHtmlForValueDirEstimation = isHtmlForValueDirEstimation || isHtml;
    valueDir = BidiUtils.estimateDirection(value.coerceToString(), isHtmlForValueDirEstimation);
  }

  BidiFormatter bidiFormatter = BidiFormatter.getInstance(dir.toDir());
  return bidiFormatter.knownDirAttr(valueDir);
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:20,
代码来源:BidiFunctionsRuntime.java

示例8: bidiTextDir

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
public static int bidiTextDir(SoyValue value, boolean isHtml) {
  Dir valueDir = null;
  boolean isHtmlForValueDirEstimation = false;
  if (value instanceof SanitizedContent) {
    SanitizedContent sanitizedContent = (SanitizedContent) value;
    valueDir = sanitizedContent.getContentDirection();
    if (valueDir == null) {
      isHtmlForValueDirEstimation = sanitizedContent.getContentKind() == ContentKind.HTML;
    }
  }
  if (valueDir == null) {
    isHtmlForValueDirEstimation = isHtmlForValueDirEstimation || isHtml;
    valueDir = BidiUtils.estimateDirection(value.coerceToString(), isHtmlForValueDirEstimation);
  }
  return valueDir.ord;
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:17,
代码来源:BidiFunctionsRuntime.java

示例9: enforceContentKind

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
private void enforceContentKind() {
  if (expectedContentKind == SanitizedContent.ContentKind.TEXT) {
    // Allow any template to be called as text. This is consistent with the fact that
    // kind="text" templates can call any other template.
    return;
  }
  if (!contentKind.isPresent()) {
    throw new IllegalStateException(
        "Cannot render a non strict template as '"
            + Ascii.toLowerCase(expectedContentKind.name())
            + "'");
  }
  if (expectedContentKind != contentKind.get()) {
    throw new IllegalStateException(
        "Expected template to be kind=\""
            + Ascii.toLowerCase(expectedContentKind.name())
            + "\" but was kind=\""
            + Ascii.toLowerCase(contentKind.get().name())
            + "\": "
            + templateName);
  }
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:23,
代码来源:SoySauceImpl.java

示例10: strictContinuation

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/**
 * Return a {@link SanitizedContent} valued continuation. Rendering logic is delegated to the
 * {@link WriteContinuation}, but it is assumed that the builder is the render target.
 */
static Continuation<SanitizedContent> strictContinuation(
    WriteContinuation delegate,
    final StringBuilder buffer,
    OutputAppendable appendable,
    final ContentKind kind) {
  if (delegate.result().isDone()) {
    return new ResultContinuation<>(
        UnsafeSanitizedContentOrdainer.ordainAsSafe(buffer.toString(), kind));
  }
  return new AbstractContinuation<SanitizedContent>(delegate, appendable) {
    @Override
    Continuation<SanitizedContent> nextContinuation(WriteContinuation next) {
      return strictContinuation(next, buffer, appendable, kind);
    }
  };
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:21,
代码来源:Continuations.java

示例11: render

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
@Override
public SanitizedContent.ContentKind render(Appendable out) {
  TemplateNode template =
      baseTofu.renderMain(
          out,
          templateName,
          data,
          ijData,
          activeDelPackageNames,
          msgBundle,
          idRenamingMap,
          cssRenamingMap,
          debugSoyTemplateInfo);
  if (contentKindExplicitlySet || template.getContentKind() != null) {
    // Enforce the content kind if:
    // - The caller explicitly set a content kind to validate.
    // - The template is strict. This avoids accidentally using a text strict template in a
    // place where HTML was implicitly expected.
    enforceContentKind(template);
  }
  return template.getContentKind() != null
      ? SanitizedContent.ContentKind.valueOf(template.getContentKind().name())
      : null;
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:25,
代码来源:BaseTofu.java

示例12: renderStrict

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
@Override
public SanitizedContent renderStrict() {
  StringBuilder sb = new StringBuilder();
  TemplateNode template =
      baseTofu.renderMain(
          sb,
          templateName,
          data,
          ijData,
          activeDelPackageNames,
          msgBundle,
          idRenamingMap,
          cssRenamingMap,
          debugSoyTemplateInfo);
  enforceContentKind(template);
  // Use the expected instead of actual content kind; that way, if an HTML template is rendered
  // as TEXT, we will return TEXT.
  return UnsafeSanitizedContentOrdainer.ordainAsSafe(sb.toString(), expectedContentKind);
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:20,
代码来源:BaseTofu.java

示例13: enforceContentKind

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
private void enforceContentKind(TemplateNode template) {
  if (expectedContentKind == SanitizedContent.ContentKind.TEXT) {
    // Allow any template to be called as text. This is consistent with the fact that
    // kind="text" templates can call any other template.
    return;
  }
  if (template.getContentKind() == null) {
    throw new SoyTofuException(
        "Expected template to be autoescape=\"strict\" "
            + "but was autoescape=\""
            + template.getAutoescapeMode().getAttributeValue()
            + "\": "
            + template.getTemplateName());
  }
  SanitizedContentKind expectedAsSanitizedContentKind =
      SanitizedContentKind.valueOf(expectedContentKind.name());
  if (expectedAsSanitizedContentKind != template.getContentKind()) {
    throw new SoyTofuException(
        "Expected template to be kind=\""
            + expectedAsSanitizedContentKind.asAttributeValue()
            + "\" but was kind=\""
            + template.getContentKind().asAttributeValue()
            + "\": "
            + template.getTemplateName());
  }
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:27,
代码来源:BaseTofu.java

示例14: computeForJava

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
@Override
public SoyValue computeForJava(List<SoyValue> args) {
  SoyValue arg0 = args.get(0);
  SoyValue arg1 = args.get(1);

  Preconditions.checkArgument(
      arg0 instanceof StringData || arg0 instanceof SanitizedContent,
      "First argument to strIndexOf() function is not StringData or SanitizedContent: %s",
      arg0);

  Preconditions.checkArgument(
      arg1 instanceof StringData || arg1 instanceof SanitizedContent,
      "Second argument to strIndexOf() function is not StringData or SanitizedContent: %s",
      arg1);

  String strArg0 = arg0.coerceToString();
  String strArg1 = arg1.coerceToString();

  return IntegerData.forValue(strArg0.indexOf(strArg1));
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:21,
代码来源:StrIndexOfFunction.java

示例15: bidiSpanWrap

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
public static String bidiSpanWrap(BidiGlobalDir dir, SoyValue value) {
  Dir valueDir = null;
  if (value instanceof SanitizedContent) {
    valueDir = ((SanitizedContent) value).getContentDirection();
  }
  BidiFormatter bidiFormatter = BidiFormatter.getInstance(dir.toDir());

  // We always treat the value as HTML, because span-wrapping is only useful when its output will
  // be treated as HTML (without escaping), and because |bidiSpanWrap is not itself specified to
  // do HTML escaping in Soy. (Both explicit and automatic HTML escaping, if any, is done before
  // calling |bidiSpanWrap because BidiSpanWrapDirective implements SanitizedContentOperator,
  // but this does not mean that the input has to be HTML SanitizedContent. In legacy usage, a
  // string that is not SanitizedContent is often printed in an autoescape="false" template or by
  // a print with a |noAutoescape, in which case our input is just SoyData.) If the output will be
  // treated as HTML, the input had better be safe HTML/HTML-escaped (even if it isn't HTML
  // SanitizedData), or we have an XSS opportunity and a much bigger problem than bidi garbling.
  String wrappedValue =
      bidiFormatter.spanWrap(valueDir, value.coerceToString(), true /* isHtml */);

  // Like other directives implementing SanitizedContentOperator, BidiSpanWrapDirective is called
  // after the escaping (if any) has already been done, and thus there is no need for it to
  // produce actual SanitizedContent.
  return wrappedValue;
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:25,
代码来源:BidiDirectivesRuntime.java

示例16: escapeHtml

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
public static SanitizedContent escapeHtml(SoyValue value) {
  if (value == null) {
    // jbcsrc uses null as null.
    value = NullData.INSTANCE;
  }
  Dir valueDir = null;
  if (value instanceof SanitizedContent) {
    SanitizedContent sanitizedContent = (SanitizedContent) value;
    if (sanitizedContent.getContentKind() == SanitizedContent.ContentKind.HTML) {
      return (SanitizedContent) value;
    }
    valueDir = sanitizedContent.getContentDirection();
  }
  return UnsafeSanitizedContentOrdainer.ordainAsSafe(
      EscapingConventions.EscapeHtml.INSTANCE.escape(value.coerceToString()),
      SanitizedContent.ContentKind.HTML,
      valueDir);
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:19,
代码来源:CoreDirectivesRuntime.java

示例17: changeNewlineToBr

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
public static SoyString changeNewlineToBr(SoyValue value) {
  String result = NEWLINE_PATTERN.matcher(coerceToString(value)).replaceAll("<br>");

  // Make sure to transmit the known direction, if any, to any downstream directive that may need
  // it, e.g. BidiSpanWrapDirective. Since a known direction is carried only by SanitizedContent,
  // and the transformation we make is only valid in HTML, we only transmit the direction when we
  // get HTML SanitizedContent.
  // TODO(user): Consider always returning HTML SanitizedContent.
  if (value instanceof SanitizedContent) {
    SanitizedContent sanitizedContent = (SanitizedContent) value;
    if (sanitizedContent.getContentKind() == ContentKind.HTML) {
      return UnsafeSanitizedContentOrdainer.ordainAsSafe(
          result, ContentKind.HTML, sanitizedContent.getContentDirection());
    }
  }
  return StringData.forValue(result);
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:18,
代码来源:BasicDirectivesRuntime.java

示例18: insertWordBreaks

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
public static SoyString insertWordBreaks(SoyValue value, int maxCharsBetweenWordBreaks) {
  String result =
      new InsertWordBreaks(maxCharsBetweenWordBreaks).processString(coerceToString(value));

  // Make sure to transmit the known direction, if any, to any downstream directive that may need
  // it, e.g. BidiSpanWrapDirective. Since a known direction is carried only by SanitizedContent,
  // and the transformation we make is only valid in HTML, we only transmit the direction when we
  // get HTML SanitizedContent.
  // TODO(user): Consider always returning HTML SanitizedContent.
  if (value instanceof SanitizedContent) {
    SanitizedContent sanitizedContent = (SanitizedContent) value;
    if (sanitizedContent.getContentKind() == ContentKind.HTML) {
      return UnsafeSanitizedContentOrdainer.ordainAsSafe(
          result, ContentKind.HTML, sanitizedContent.getContentDirection());
    }
  }

  return StringData.forValue(result);
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:20,
代码来源:BasicDirectivesRuntime.java

示例19: testEscapeJsValue

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
@Test
public void testEscapeJsValue() {
  assertEquals( // Adds quotes.
      "'Don\\x27t run with \\x22scissors\\x22.\\n'",
      Sanitizers.escapeJsValue("Don't run with \"scissors\".\n"));
  assertEquals( // SoyValue version does the same as String version.
      "'Don\\x27t run with \\x22scissors\\x22.\\n'",
      Sanitizers.escapeJsValue(StringData.forValue("Don't run with \"scissors\".\n")));
  assertEquals(" 4.0 ", Sanitizers.escapeJsValue(IntegerData.forValue(4)));
  assertEquals(" 4.5 ", Sanitizers.escapeJsValue(FloatData.forValue(4.5)));
  assertEquals(" true ", Sanitizers.escapeJsValue(BooleanData.TRUE));
  assertEquals(" null ", Sanitizers.escapeJsValue(NullData.INSTANCE));
  assertEquals(
      "foo() + bar",
      Sanitizers.escapeJsValue(
          UnsafeSanitizedContentOrdainer.ordainAsSafe(
              "foo() + bar", SanitizedContent.ContentKind.JS)));
  // Wrong content kind should be wrapped in a string.
  assertEquals(
      "'foo() + bar'",
      Sanitizers.escapeJsValue(
          UnsafeSanitizedContentOrdainer.ordainAsSafe(
              "foo() + bar", SanitizedContent.ContentKind.HTML)));
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:25,
代码来源:SanitizersTest.java

示例20: testApplyForTofu

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
@Test
public void testApplyForTofu() {

  NoAutoescapeDirective noAutoescapeDirective = new NoAutoescapeDirective();
  assertTofuOutput("", "", noAutoescapeDirective);
  assertTofuOutput("identName", "identName", noAutoescapeDirective);
  assertTofuOutput("<b>rich text</b>", "<b>rich text</b>", noAutoescapeDirective);
  assertTofuOutput(
      "not.html { font-name: \"Arial\" 'Helvetica' }",
      "not.html { font-name: \"Arial\" 'Helvetica' }",
      noAutoescapeDirective);
  // Explicitly reject "text".
  assertTofuOutput(
      "zSoyz",
      UnsafeSanitizedContentOrdainer.ordainAsSafe("xyz", SanitizedContent.ContentKind.TEXT),
      noAutoescapeDirective);
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:18,
代码来源:NoAutoescapeDirectiveTest.java

示例21: testEscapeUri

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
@Test
public final void testEscapeUri() {
  BasicEscapeDirective escapeUri = new BasicEscapeDirective.EscapeUri();
  assertTofuOutput("", "", escapeUri);
  assertTofuOutput("a%25b%20%3E%20c", "a%b > c", escapeUri);
  assertTofuOutput(
      "a%25bc%20%3E%20d",
      UnsafeSanitizedContentOrdainer.ordainAsSafe("a%bc > d", SanitizedContent.ContentKind.HTML),
      escapeUri);
  // NOTE: URIs are not treated specially (e.g. /redirect?continue={$url} should not allow $url
  // to break out and add other query params, and would be unexpected.)
  assertTofuOutput(
      "a%25bc%20%3E%20d",
      UnsafeSanitizedContentOrdainer.ordainAsSafe("a%bc > d", SanitizedContent.ContentKind.URI),
      escapeUri);

  new JsSrcPrintDirectiveTestBuilder()
      .addTest("", "''", escapeUri)
      .addTest("a%25b%20%3E%20c", " 'a%b > c' ", escapeUri)
      .addTest(
          "a%25bc%20%3E%20d", "soydata.VERY_UNSAFE.ordainSanitizedHtml('a%bc > d')", escapeUri)
      .addTest(
          "a%25bc%20%3E%20d", "soydata.VERY_UNSAFE.ordainSanitizedUri('a%bc > d')", escapeUri)
      .runTests();
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:26,
代码来源:BasicEscapeDirectiveTest.java

示例22: renderScripts

点赞 3

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
private SoyValue renderScripts(List<SafeUrlProto> urls) {
  String template = "{namespace dossier.soy.dynamic}{template .scripts kind=\"html\"}";
  for (SafeUrlProto proto : urls) {
    String url = SafeUrls.fromProto(proto).getSafeUrlString();
    template += "<script src=\"" + url + "\" defer></script>";
  }
  template += "{/template}";

  return filesetBuilderProvider
      .get()
      .add(template, "<dynamic>")
      .build()
      .compileToTofu()
      .newRenderer("dossier.soy.dynamic.scripts")
      .setContentKind(SanitizedContent.ContentKind.HTML)
      .renderStrict();
}
 

开发者ID:jleyba,
项目名称:js-dossier,
代码行数:18,
代码来源:Renderer.java

示例23: testHelloWorldNoInput

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
@Test
public final void testHelloWorldNoInput() {
  ImmutableMap<String, Object> data = ImmutableMap.of();
  ImmutableMap<String, Object> ijData = ImmutableMap.of();

  SanitizedContent output = renderHelloWorld(data, ijData);
  assertEquals(ContentKind.HTML, output.getContentKind());
  assertEquals(
      "<div id=\"greeting\">Hello, <b class=\"b\">World</b>!</div>",
      output.getContent());
}
 

开发者ID:mikesamuel,
项目名称:closure-maven-plugin,
代码行数:12,
代码来源:HelloWorldTest.java

示例24: IndexServlet

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
IndexServlet(String canonicalURL, @Nullable String cdnPath, @Nullable String faviconPath)
    throws URISyntaxException {
  String resourcePath = "com/google/gerrit/httpd/raw/PolyGerritIndexHtml.soy";
  SoyFileSet.Builder builder = SoyFileSet.builder();
  builder.add(Resources.getResource(resourcePath));
  SoyTofu.Renderer renderer =
      builder
          .build()
          .compileToTofu()
          .newRenderer("com.google.gerrit.httpd.raw.Index")
          .setContentKind(SanitizedContent.ContentKind.HTML)
          .setData(getTemplateData(canonicalURL, cdnPath, faviconPath));
  indexSource = renderer.render().getBytes(UTF_8);
}
 

开发者ID:gerrit-review,
项目名称:gerrit,
代码行数:15,
代码来源:IndexServlet.java

示例25: soyTemplate

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
private String soyTemplate(String name, SanitizedContent.ContentKind kind) {
  return args.soyTofu
      .newRenderer("com.google.gerrit.server.mail.template." + name)
      .setContentKind(kind)
      .setData(soyContext)
      .render();
}
 

开发者ID:gerrit-review,
项目名称:gerrit,
代码行数:8,
代码来源:OutgoingEmail.java

示例26: escapeHtml

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/** Converts the input to HTML by entity escaping. */
public static String escapeHtml(SoyValue value) {
  value = normalizeNull(value);
  if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.HTML)) {
    return value.coerceToString();
  }
  return escapeHtml(value.coerceToString());
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:9,
代码来源:Sanitizers.java

示例27: cleanHtml

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/**
 * Normalizes the input HTML while preserving "safe" tags and the known directionality.
 *
 * @param optionalSafeTags to add to the basic whitelist of formatting safe tags
 * @return the normalized input, in the form of {@link SanitizedContent} of {@link
 *     ContentKind#HTML}
 */
public static SanitizedContent cleanHtml(
    SoyValue value, Collection<? extends OptionalSafeTag> optionalSafeTags) {
  value = normalizeNull(value);
  Dir valueDir = null;
  if (value instanceof SanitizedContent) {
    SanitizedContent sanitizedContent = (SanitizedContent) value;
    if (sanitizedContent.getContentKind() == SanitizedContent.ContentKind.HTML) {
      return (SanitizedContent) value;
    }
    valueDir = sanitizedContent.getContentDirection();
  }
  return cleanHtml(value.coerceToString(), valueDir, optionalSafeTags);
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:21,
代码来源:Sanitizers.java

示例28: close

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
@Override
public void close() throws IOException {
  if (!isInHtml()) {
    StringBuilder buffer = (StringBuilder) activeAppendable;
    if (buffer.length() > 0) {
      SanitizedContent content =
          cleanHtml(buffer.toString(), getSanitizedContentDirectionality(), optionalSafeTags);
      delegate
          .setSanitizedContentKind(content.getContentKind())
          .setSanitizedContentDirectionality(content.getContentDirection())
          .append(content.getContent());
      buffer.setLength(0);
    }
  }
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:16,
代码来源:Sanitizers.java

示例29: escapeHtmlRcdata

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/** Converts the input to HTML suitable for use inside {@code <textarea>} by entity escaping. */
public static String escapeHtmlRcdata(SoyValue value) {
  value = normalizeNull(value);

  if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.HTML)) {
    // We can't allow tags in the output, because that would allow safe HTML containing
    // "<textarea>" to prematurely close the textarea.
    // Instead, we normalize which is semantics preserving in RCDATA.
    return normalizeHtml(value.coerceToString());
  }

  return escapeHtml(value.coerceToString());
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:14,
代码来源:Sanitizers.java

示例30: escapeHtmlAttribute

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/**
 * Converts the input to HTML by entity escaping, stripping tags in sanitized content so the
 * result can safely be embedded in an HTML attribute value.
 */
public static String escapeHtmlAttribute(SoyValue value) {
  value = normalizeNull(value);
  if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.HTML)) {
    // |escapeHtmlAttribute should only be used on attribute values that cannot have tags.
    return stripHtmlTags(value.coerceToString(), null, true);
  }
  return escapeHtmlAttribute(value.coerceToString());
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:13,
代码来源:Sanitizers.java

示例31: escapeHtmlAttributeNospace

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/**
 * Converts plain text to HTML by entity escaping, stripping tags in sanitized content so the
 * result can safely be embedded in an unquoted HTML attribute value.
 */
public static String escapeHtmlAttributeNospace(SoyValue value) {
  value = normalizeNull(value);
  if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.HTML)) {
    // |escapeHtmlAttributeNospace should only be used on attribute values that cannot have tags.
    return stripHtmlTags(value.coerceToString(), null, false);
  }
  return escapeHtmlAttributeNospace(value.coerceToString());
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:13,
代码来源:Sanitizers.java

示例32: escapeJsValue

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/**
 * Converts the input to a JavaScript expression. The resulting expression can be a boolean,
 * number, string literal, or {@code null}.
 */
public static String escapeJsValue(SoyValue value) {
  // We surround values with spaces so that they can't be interpolated into identifiers
  // by accident.  We could use parentheses but those might be interpreted as a function call.
  if (NullData.INSTANCE == value || value == null) {
    // The JS counterpart of this code in soyutils.js emits " null " for both null and the special
    // JS value undefined.
    return " null ";
  } else if (value instanceof NumberData) {
    // This will emit references to NaN and Infinity.  Client code should not redefine those
    // to store sensitive data.
    return " " + value.numberValue() + " ";
  } else if (value instanceof BooleanData) {
    return " " + value.booleanValue() + " ";
  } else if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.JS)) {
    String jsCode = value.coerceToString();
    // This value may not be embeddable if it contains the substring "</script".
    // TODO(msamuel): Fixup.  We need to be careful because mucking with '<' can
    // break code like
    //    while (i</foo/.exec(str).length)
    // and mucking with / can break
    //    return untrustedHTML.replace(/</g, '&lt;');
    return jsCode;
  } else {
    return escapeJsValue(value.coerceToString());
  }
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:31,
代码来源:Sanitizers.java

示例33: filterCssValue

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/**
 * Makes sure that the input is a valid CSS identifier part, CLASS or ID part, quantity, or CSS
 * keyword part.
 */
public static String filterCssValue(SoyValue value) {
  value = normalizeNull(value);
  if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.CSS)) {
    // We don't need to do this when the CSS is embedded in a
    // style attribute since then the HTML escaper kicks in.
    // TODO(msamuel): Maybe change the autoescaper to generate
    //   |filterCssValue:attrib
    // for style attributes and thread the parameter here so that
    // we can skip this check when its unnecessary.
    return embedCssIntoHtml(value.coerceToString());
  }
  return NullData.INSTANCE == value ? "" : filterCssValue(value.coerceToString());
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:18,
代码来源:Sanitizers.java

示例34: filterNormalizeUri

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/**
 * Makes sure that the given input doesn't specify a dangerous protocol and also {@link
 * #normalizeUri normalizes} it.
 */
public static String filterNormalizeUri(SoyValue value) {
  value = normalizeNull(value);
  if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.URI)
      || isSanitizedContentOfKind(value, SanitizedContent.ContentKind.TRUSTED_RESOURCE_URI)) {
    return normalizeUri(value);
  }
  return filterNormalizeUri(value.coerceToString());
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:13,
代码来源:Sanitizers.java

示例35: filterNormalizeMediaUri

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/**
 * Checks that a URI is safe to be an image source.
 *
 * <p>Does not return SanitizedContent as there isn't an appropriate type for this.
 */
public static String filterNormalizeMediaUri(SoyValue value) {
  value = normalizeNull(value);
  if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.URI)
      || isSanitizedContentOfKind(value, SanitizedContent.ContentKind.TRUSTED_RESOURCE_URI)) {
    return normalizeUri(value);
  }
  return filterNormalizeMediaUri(value.coerceToString());
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:14,
代码来源:Sanitizers.java

示例36: filterTrustedResourceUri

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/** Makes sure the given input is an instance of either trustedResourceUrl or trustedString. */
public static String filterTrustedResourceUri(SoyValue value) {
  value = normalizeNull(value);
  if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.TRUSTED_RESOURCE_URI)) {
    return value.coerceToString();
  }
  logger.log(Level.WARNING, "|filterTrustedResourceUri received bad value ''{0}''", value);
  return "about:invalid#" + EscapingConventions.INNOCUOUS_OUTPUT;
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:10,
代码来源:Sanitizers.java

示例37: filterImageDataUri

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/** Makes sure that the given input is a data URI corresponding to an image. */
public static SanitizedContent filterImageDataUri(String value) {
  if (EscapingConventions.FilterImageDataUri.INSTANCE.getValueFilter().matcher(value).find()) {
    // NOTE: No need to escape.
    return UnsafeSanitizedContentOrdainer.ordainAsSafe(value, ContentKind.URI);
  }
  logger.log(Level.WARNING, "|filterImageDataUri received bad value ''{0}''", value);
  return UnsafeSanitizedContentOrdainer.ordainAsSafe(
      EscapingConventions.FilterImageDataUri.INSTANCE.getInnocuousOutput(),
      SanitizedContent.ContentKind.URI);
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:12,
代码来源:Sanitizers.java

示例38: filterTelUri

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/** Makes sure that the given input is a tel URI. */
public static SanitizedContent filterTelUri(String value) {
  if (EscapingConventions.FilterTelUri.INSTANCE.getValueFilter().matcher(value).find()) {
    // NOTE: No need to escape. Escaping for other contexts (e.g. HTML) happen after this.
    return UnsafeSanitizedContentOrdainer.ordainAsSafe(value, ContentKind.URI);
  }
  logger.log(Level.WARNING, "|filterTelUri received bad value ''{0}''", value);
  return UnsafeSanitizedContentOrdainer.ordainAsSafe(
      EscapingConventions.FilterTelUri.INSTANCE.getInnocuousOutput(),
      SanitizedContent.ContentKind.URI);
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:12,
代码来源:Sanitizers.java

示例39: filterNoAutoescape

点赞 2

import com.google.template.soy.data.SanitizedContent; //导入依赖的package包/类
/**
 * Filters noAutoescape input from explicitly tainted content.
 *
 * <p>SanitizedContent.ContentKind.TEXT is used to explicitly mark input that is never meant to be
 * used unescaped. Specifically, {let} and {param} blocks of kind "text" are explicitly forbidden
 * from being noAutoescaped to avoid XSS regressions during application transition.
 */
public static SoyValue filterNoAutoescape(SoyValue value) {
  value = normalizeNull(value);
  // TODO: Consider also checking for things that are never valid, like null characters.
  if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.TEXT)) {
    logger.log(
        Level.WARNING,
        "|noAutoescape received value explicitly tagged as ContentKind.TEXT: ''{0}''",
        value);
    return StringData.forValue(EscapingConventions.INNOCUOUS_OUTPUT);
  }
  return value;
}
 

开发者ID:google,
项目名称:closure-templates,
代码行数:20,
代码来源:Sanitizers.java


版权声明:本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系管理员进行删除。
喜欢 (0)