OLD | NEW |
1 // Copyright (c) 2011, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2011, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 // TODO(sigmund): move this library to a shared package? or make part of | 5 // TODO(sigmund): move this library to a shared package? or make part of |
6 // dart:html? | 6 // dart:html? |
7 library safe_html; | 7 library safe_html; |
8 | 8 |
| 9 import 'package:meta/meta.dart'; |
| 10 |
9 /** Declares a string that is a well-formed HTML fragment. */ | 11 /** Declares a string that is a well-formed HTML fragment. */ |
| 12 // TODO(sigmund): delete this type now that Element.html is safe by default. |
10 class SafeHtml { | 13 class SafeHtml { |
11 | 14 |
12 /** Underlying html string. */ | 15 /** Underlying html string. */ |
13 String _html; | 16 String _html; |
14 | 17 |
15 // TODO(sigmund): provide a constructor that does html validation | 18 /** |
| 19 * dart:html now supports sanitizing elements. You can add any node |
| 20 * directly in your bindings instead of creating instances of SafeHtml. |
| 21 */ |
| 22 @deprecated |
16 SafeHtml.unsafe(this._html); | 23 SafeHtml.unsafe(this._html); |
17 | 24 |
18 String toString() => _html; | 25 String toString() => _html; |
19 | 26 |
20 operator ==(other) => other is SafeHtml && _html == other._html; | 27 operator ==(other) => other is SafeHtml && _html == other._html; |
21 int get hashCode => _html.hashCode; | 28 int get hashCode => _html.hashCode; |
22 } | 29 } |
23 | 30 |
24 /** | 31 /** |
25 * Declares a string that is safe to use in a Uri attribute, such as `<a href=`, | 32 * Declares a string that is safe to use in a Uri attribute, such as `<a href=`, |
26 * to avoid cross-site scripting (XSS) attacks. | 33 * to avoid cross-site scripting (XSS) attacks. |
27 */ | 34 */ |
28 class SafeUri { | 35 class SafeUri { |
29 String _uri; | 36 String _uri; |
30 | 37 |
31 // TODO(sigmund): provide a constructor that takes or creates a Uri and | 38 // TODO(sigmund): provide a constructor that takes or creates a Uri and |
32 // validates that it is safe (not a javascript: scheme, for example) | 39 // validates that it is safe (not a javascript: scheme, for example) |
33 SafeUri.unsafe(this._uri); | 40 SafeUri.unsafe(this._uri); |
34 | 41 |
35 String toString() => _uri; | 42 String toString() => _uri; |
36 | 43 |
37 operator ==(other) => other is SafeUri && _uri == other._uri; | 44 operator ==(other) => other is SafeUri && _uri == other._uri; |
38 int get hashCode => _uri.hashCode; | 45 int get hashCode => _uri.hashCode; |
39 } | 46 } |
OLD | NEW |