You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@royale.apache.org by ha...@apache.org on 2021/12/12 00:12:13 UTC
[royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
This is an automated email from the ASF dual-hosted git repository.
harbs pushed a commit to branch feature/sanitize
in repository https://gitbox.apache.org/repos/asf/royale-asjs.git
commit 1b12594c60420d3503f9e366f314c9d875e16ddb
Author: Harbs <ha...@in-tools.com>
AuthorDate: Sun Dec 12 02:12:05 2021 +0200
Added sanitizeUrl and sanitizeHtml
---
.../projects/Core/src/main/royale/CoreClasses.as | 2 +
.../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++
.../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++
.../src/test/royale/flexUnitTests/CoreTester.as | 1 +
.../{CoreTester.as => SanitizeTest.as} | 59 ++++++++++++++--------
5 files changed, 115 insertions(+), 21 deletions(-)
diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as b/frameworks/projects/Core/src/main/royale/CoreClasses.as
index 21593fd..dd088eb 100644
--- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
+++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
@@ -342,6 +342,8 @@ internal class CoreClasses
import org.apache.royale.utils.string.trimRight; trimRight;
import org.apache.royale.utils.string.trimLeft; trimLeft;
import org.apache.royale.utils.string.cacheBust; cacheBust;
+ import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
+ import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
import org.apache.royale.utils.date.addDays; addDays;
import org.apache.royale.utils.date.addHours; addHours;
diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
new file mode 100644
index 0000000..360ef63
--- /dev/null
+++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
@@ -0,0 +1,38 @@
+////////////////////////////////////////////////////////////////////////////////
+//
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package org.apache.royale.utils.string
+{
+ COMPILE::JS{
+ import goog.html.sanitizer.HtmlSanitizer;
+ import goog.html.SafeHtml;
+ }
+
+ public function sanitizeHtml(html:String):String
+ {
+ COMPILE::JS
+ {
+ return SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
+ }
+ //TODO sanitize in swf
+ COMPILE::SWF
+ {
+ return html;
+ }
+ }
+}
\ No newline at end of file
diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
new file mode 100644
index 0000000..cd4151d
--- /dev/null
+++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
@@ -0,0 +1,36 @@
+////////////////////////////////////////////////////////////////////////////////
+//
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package org.apache.royale.utils.string
+{
+ COMPILE::JS{
+ import goog.html.SafeUrl;
+ import goog.html.SafeUrl;
+ }
+ public function sanitizeUrl(url:String):String
+ {
+ COMPILE::JS{
+ return SafeUrl.unwrap(SafeUrl.sanitize(url));
+ }
+
+ //TODO sanitize in swf
+ COMPILE::SWF{
+ return url;
+ }
+ }
+}
\ No newline at end of file
diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
index c8adc02..9441daf 100644
--- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
+++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
@@ -42,5 +42,6 @@ package flexUnitTests
public var keyConverterTest:KeyConverterTest;
public var keyboardEventConverterTest:KeyboardEventConverterTest;
public var stringUtilsTest:StringUtilsTest;
+ public var sanitizerTest:SanitizeTest;
}
}
diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
similarity index 50%
copy from frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
copy to frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
index c8adc02..7173f52 100644
--- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
+++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
@@ -18,29 +18,46 @@
////////////////////////////////////////////////////////////////////////////////
package flexUnitTests
{
- import flexUnitTests.language.*
+ import org.apache.royale.utils.string.*;
+ import org.apache.royale.test.asserts.*;
- [Suite]
- [RunWith("org.apache.royale.test.runners.SuiteRunner")]
- public class CoreTester
- {
+ public class SanitizeTest
+ {
+ [Before]
+ public function setUp():void
+ {
+ }
- //language tests
- public var languageTestIs:LanguageTesterTestIs;
- public var languageTestIntUint:LanguageTesterIntUint;
- public var languageTestVector:LanguageTesterTestVector;
- public var languageTestClass:LanguageTesterTestClass;
- public var languageTestLoopVariants:LanguageTesterTestLoopVariants;
- public var languageTestArraySort:LanguageTesterArraySort;
- public var languageTesttryCatch:LanguageTesterTestTryCatch;
+ [After]
+ public function tearDown():void
+ {
+ }
- //core tests
- public var strandTesterTest:StrandTesterTest;
- public var binaryDataTesterTest:BinaryDataTesterTest;
- public var arrayUtilsTest:ArrayUtilsTest;
- public var dateUtilsTest:DateUtilsTest;
- public var keyConverterTest:KeyConverterTest;
- public var keyboardEventConverterTest:KeyboardEventConverterTest;
- public var stringUtilsTest:StringUtilsTest;
+ [BeforeClass]
+ public static function setUpBeforeClass():void
+ {
+ }
+
+ [AfterClass]
+ public static function tearDownAfterClass():void
+ {
+ }
+
+ [Test]
+ public function testHTML():void
+ {
+ var safeHtml:String = 'Hello <em>World</em>';
+ assertEquals(safeHtml, sanitizeHtml(safeHtml));
+ }
+
+ [Test]
+ public function testUrl():void
+ {
+ var safeUrl:String = "https://foobaz.com"
+ assertEquals(safeUrl, sanitizeUrl(safeUrl));
+ }
+
+
+
}
}
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Edward Stangler <es...@bradmark.com>.
For final use, should the API perhaps be something that accepts Element
/ HTMLElement and a string, to be compatible with a future HTML
Sanitizer API? (And it would somehow internally keep track of a
Sanitizer object.)
https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API
For the Closure implementation, it would just set the Element's
innerHTML / innerText to what you have, or perhaps use
sanitizeToDomNode() or something, in case this is an issue (or just to
avoid double-parsing):
https://blog.deteact.com/google-closure-library-sanitizer-bypass/
On 12/11/2021 6:14 PM, Harbs wrote:
> I added code for sanitizing, but it’s not working because the goog.html files are not being copied. I don’t know what needs to be done to make that happen.
>
> Harbs
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Alex Harui <ah...@adobe.com.INVALID>.
Maybe check your changes to what we added to the Google Closure Library for html and see if any of these files are a result of the goog.html package. They might have always been there to handle EventTarget and minification.
HelloWorld used to be 60K (actually, 29K way back) but if it zips to 20K that's probably ok.
-Alex
On 12/28/21, 2:35 PM, "Harbs" <ha...@gmail.com> wrote:
Source maps are likely a clue as to where the code is coming from:
"goog/base.js","class com.google.javascript.jscomp.FunctionRewriter$EmptyFunctionReducer:helper","class com.google.javascript.jscomp.FunctionRewriter$SetterReducer:helper","class com.google.javascript.jscomp.FunctionRewriter$GetterReducer:helper","class com.google.javascript.jscomp.FunctionRewriter$ReturnConstantReducer:helper"," [synthetic:util/defineproperty] "," [synthetic:util/global] "," [synthetic:util/polyfill] "," [synthetic:es6/weakmap] "," [synthetic:es6/util/arrayiterator] "," [synthetic:util/owns] "," [synthetic:es6/util/makeiterator] ","goog/string/string.js","goog/reflect/reflect.js","goog/labs/useragent/util.js","goog/array/array.js","goog/object/object.js","goog/useragent/useragent.js","goog/labs/useragent/browser.js","goog/labs/useragent/engine.js","goog/labs/useragent/platform.js","goog/html/sanitizer/noclobber.js","goog/events/listenable.js","goog/events/listener.js","goog/events/listenermap.js","goog/disposable/disposable.js","goog/events/event.js","goog/events/browserfeature.js","goog/events/browserevent.js","goog/events/eventtype.js","goog/events/events.js","goog/events/eventtarget.js”,
We definitely don’t want all that junk. Maybe we should roll back the sanitizing changes...
> On Dec 29, 2021, at 12:11 AM, Harbs <ha...@gmail.com> wrote:
>
> HelloWorld size: 78,547 bytes and 20,788 bytes minified.
>
> There does seem to be a bunch of cruft at the top of the file. Not sure where it’s all coming from:
>
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpaste.apache.org%2Fd6p4j&data=04%7C01%7Caharui%40adobe.com%7C6cc0f8dd9af54e579c9908d9ca525fb1%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637763277411096254%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=MP5WeD6g6DsTI53w8Md5ThBppdBgrFYlpQUcRh2wkg4%3D&reserved=0
>
>> On Dec 28, 2021, at 10:13 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>
>> Maybe. Can you confirm it? I think if there are any exports in that code it might stick around.
>>
>> -Alex
>>
>> On 12/27/21, 9:24 PM, "Harbs" <ha...@gmail.com> wrote:
>>
>> Won’t the minification remove the code if it’s not needed?
>>
>>> On Dec 28, 2021, at 2:10 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>
>>> I think with this change we'll see HelloWorld grow by the size of the goog.html and related code, which could be a noticeable chunk. Ideally, there'd be some way to kick out the sanitization code if rare situations it isn't needed, or just to show our HelloWorld is still small. And then it would nice to not have to remember to update the compiler if we add some other goog dependency later. The compiler did list a bunch of goog files for the debug build's addDependency list, so maybe we just need to start from that list. However, I'm hoping to not spend more time on this, so maybe some other volunteer can do that.
>>>
>>> -Alex
>>>
>>> On 12/27/21, 1:03 AM, "Harbs" <ha...@gmail.com> wrote:
>>>
>>> OK. I’ll give it a go. I see what you did. It’s probably reasonable to just add dependencies if/when we need them.
>>>
>>>> On Dec 27, 2021, at 9:53 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> It looks like the compiler has some expectations that goog.events.EventTarget is the only goog dependency in a Royale app.
>>>> I added HtmlSanitizer and a test case I was using that had the same problem started working. Maybe we need a smarter way to dictate what goog dependencies really are.
>>>>
>>>> -Alex
>>>>
>>>> On 12/26/21, 11:51 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>
>>>> This is when running the CoreJS tests.
>>>>
>>>>> On Dec 26, 2021, at 8:54 PM, Harbs <ha...@gmail.com> wrote:
>>>>>
>>>>> Uncaught TypeError: Cannot read properties of undefined (reading 'ua’)
>>>>>
>>>>> in gf(Ci, We.H.ua);
>>>>>
>>>>> “We.H" is undefined.
>>>>>
>>>>> Here’s the surrounding code:
>>>>>
>>>>> function Ci(a, b) {
>>>>> We.H.ua.call(this, a, b)
>>>>> }
>>>>> gf(Ci, We.H.ua);
>>>>> C(je, Ci);
>>>>> Ci.unwrap = function(a) {
>>>>> return We.H.ua.unwrap(a)
>>>>> }
>>>>> ;
>>>>> C('org.apache.royale.utils.string.InternalSafeUrl.unwrap', Ci.unwrap);
>>>>> Ci.sanitize = function(a) {
>>>>> return We.H.ua.sanitize(a)
>>>>> }
>>>>> ;
>>>>> C('org.apache.royale.utils.string.InternalSafeUrl.sanitize', Ci.sanitize);
>>>>> Ci.prototype.g = {
>>>>> names: [{
>>>>> name: 'InternalSafeUrl',
>>>>> h: je,
>>>>> kind: p
>>>>> }]
>>>>> };
>>>>> Ci.prototype.i = function() {
>>>>> return {
>>>>> methods: function() {
>>>>> return {
>>>>> InternalSafeUrl: {
>>>>> type: '',
>>>>> declaredBy: je,
>>>>> parameters: function() {
>>>>> return [l, !1, k, !1]
>>>>> }
>>>>> },
>>>>> '|unwrap': {
>>>>> type: l,
>>>>> declaredBy: je,
>>>>> parameters: function() {
>>>>> return [kc, !1]
>>>>> }
>>>>> },
>>>>> '|sanitize': {
>>>>> type: kc,
>>>>> declaredBy: je,
>>>>> parameters: function() {
>>>>> return [l, !1]
>>>>> }
>>>>> }
>>>>> }
>>>>> }
>>>>> }
>>>>> }
>>>>> ;
>>>>>
>>>>>> On Dec 26, 2021, at 7:27 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>
>>>>>> What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
>>>>>>
>>>>>> -Alex
>>>>>>
>>>>>> On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>>>
>>>>>> I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
>>>>>>
>>>>>> You can see what I did on the sanitize branch...
>>>>>>
>>>>>>> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>>>>>>>
>>>>>>> I’ll try to create placeholder classes to subclass them.
>>>>>>>
>>>>>>>> Might be simpler to just special case these two.
>>>>>>>
>>>>>>> How would we go about that?
>>>>>>>
>>>>>>>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>>>
>>>>>>>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>>>>>>>
>>>>>>>> -Alex
>>>>>>>>
>>>>>>>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>>>>
>>>>>>>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>>>>>>>
>>>>>>>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>>>>
>>>>>>>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>>>>>>>
>>>>>>>> -Alex
>>>>>>>>
>>>>>>>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>>>>
>>>>>>>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>>>>>>>
>>>>>>>> Check.
>>>>>>>>
>>>>>>>>> , make sure the subset code in downloads.xml doesn't delete it,
>>>>>>>>
>>>>>>>> Check.
>>>>>>>>
>>>>>>>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>>>>>>>
>>>>>>>>
>>>>>>>> Here’s where I’m stuck.
>>>>>>>>
>>>>>>>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
Source maps are likely a clue as to where the code is coming from:
"goog/base.js","class com.google.javascript.jscomp.FunctionRewriter$EmptyFunctionReducer:helper","class com.google.javascript.jscomp.FunctionRewriter$SetterReducer:helper","class com.google.javascript.jscomp.FunctionRewriter$GetterReducer:helper","class com.google.javascript.jscomp.FunctionRewriter$ReturnConstantReducer:helper"," [synthetic:util/defineproperty] "," [synthetic:util/global] "," [synthetic:util/polyfill] "," [synthetic:es6/weakmap] "," [synthetic:es6/util/arrayiterator] "," [synthetic:util/owns] "," [synthetic:es6/util/makeiterator] ","goog/string/string.js","goog/reflect/reflect.js","goog/labs/useragent/util.js","goog/array/array.js","goog/object/object.js","goog/useragent/useragent.js","goog/labs/useragent/browser.js","goog/labs/useragent/engine.js","goog/labs/useragent/platform.js","goog/html/sanitizer/noclobber.js","goog/events/listenable.js","goog/events/listener.js","goog/events/listenermap.js","goog/disposable/disposable.js","goog/events/event.js","goog/events/browserfeature.js","goog/events/browserevent.js","goog/events/eventtype.js","goog/events/events.js","goog/events/eventtarget.js”,
We definitely don’t want all that junk. Maybe we should roll back the sanitizing changes...
> On Dec 29, 2021, at 12:11 AM, Harbs <ha...@gmail.com> wrote:
>
> HelloWorld size: 78,547 bytes and 20,788 bytes minified.
>
> There does seem to be a bunch of cruft at the top of the file. Not sure where it’s all coming from:
>
> https://paste.apache.org/d6p4j
>
>> On Dec 28, 2021, at 10:13 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>
>> Maybe. Can you confirm it? I think if there are any exports in that code it might stick around.
>>
>> -Alex
>>
>> On 12/27/21, 9:24 PM, "Harbs" <ha...@gmail.com> wrote:
>>
>> Won’t the minification remove the code if it’s not needed?
>>
>>> On Dec 28, 2021, at 2:10 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>
>>> I think with this change we'll see HelloWorld grow by the size of the goog.html and related code, which could be a noticeable chunk. Ideally, there'd be some way to kick out the sanitization code if rare situations it isn't needed, or just to show our HelloWorld is still small. And then it would nice to not have to remember to update the compiler if we add some other goog dependency later. The compiler did list a bunch of goog files for the debug build's addDependency list, so maybe we just need to start from that list. However, I'm hoping to not spend more time on this, so maybe some other volunteer can do that.
>>>
>>> -Alex
>>>
>>> On 12/27/21, 1:03 AM, "Harbs" <ha...@gmail.com> wrote:
>>>
>>> OK. I’ll give it a go. I see what you did. It’s probably reasonable to just add dependencies if/when we need them.
>>>
>>>> On Dec 27, 2021, at 9:53 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> It looks like the compiler has some expectations that goog.events.EventTarget is the only goog dependency in a Royale app.
>>>> I added HtmlSanitizer and a test case I was using that had the same problem started working. Maybe we need a smarter way to dictate what goog dependencies really are.
>>>>
>>>> -Alex
>>>>
>>>> On 12/26/21, 11:51 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>
>>>> This is when running the CoreJS tests.
>>>>
>>>>> On Dec 26, 2021, at 8:54 PM, Harbs <ha...@gmail.com> wrote:
>>>>>
>>>>> Uncaught TypeError: Cannot read properties of undefined (reading 'ua’)
>>>>>
>>>>> in gf(Ci, We.H.ua);
>>>>>
>>>>> “We.H" is undefined.
>>>>>
>>>>> Here’s the surrounding code:
>>>>>
>>>>> function Ci(a, b) {
>>>>> We.H.ua.call(this, a, b)
>>>>> }
>>>>> gf(Ci, We.H.ua);
>>>>> C(je, Ci);
>>>>> Ci.unwrap = function(a) {
>>>>> return We.H.ua.unwrap(a)
>>>>> }
>>>>> ;
>>>>> C('org.apache.royale.utils.string.InternalSafeUrl.unwrap', Ci.unwrap);
>>>>> Ci.sanitize = function(a) {
>>>>> return We.H.ua.sanitize(a)
>>>>> }
>>>>> ;
>>>>> C('org.apache.royale.utils.string.InternalSafeUrl.sanitize', Ci.sanitize);
>>>>> Ci.prototype.g = {
>>>>> names: [{
>>>>> name: 'InternalSafeUrl',
>>>>> h: je,
>>>>> kind: p
>>>>> }]
>>>>> };
>>>>> Ci.prototype.i = function() {
>>>>> return {
>>>>> methods: function() {
>>>>> return {
>>>>> InternalSafeUrl: {
>>>>> type: '',
>>>>> declaredBy: je,
>>>>> parameters: function() {
>>>>> return [l, !1, k, !1]
>>>>> }
>>>>> },
>>>>> '|unwrap': {
>>>>> type: l,
>>>>> declaredBy: je,
>>>>> parameters: function() {
>>>>> return [kc, !1]
>>>>> }
>>>>> },
>>>>> '|sanitize': {
>>>>> type: kc,
>>>>> declaredBy: je,
>>>>> parameters: function() {
>>>>> return [l, !1]
>>>>> }
>>>>> }
>>>>> }
>>>>> }
>>>>> }
>>>>> }
>>>>> ;
>>>>>
>>>>>> On Dec 26, 2021, at 7:27 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>
>>>>>> What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
>>>>>>
>>>>>> -Alex
>>>>>>
>>>>>> On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>>>
>>>>>> I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
>>>>>>
>>>>>> You can see what I did on the sanitize branch...
>>>>>>
>>>>>>> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>>>>>>>
>>>>>>> I’ll try to create placeholder classes to subclass them.
>>>>>>>
>>>>>>>> Might be simpler to just special case these two.
>>>>>>>
>>>>>>> How would we go about that?
>>>>>>>
>>>>>>>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>>>
>>>>>>>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>>>>>>>
>>>>>>>> -Alex
>>>>>>>>
>>>>>>>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>>>>
>>>>>>>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>>>>>>>
>>>>>>>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>>>>
>>>>>>>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>>>>>>>
>>>>>>>> -Alex
>>>>>>>>
>>>>>>>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>>>>
>>>>>>>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>>>>>>>
>>>>>>>> Check.
>>>>>>>>
>>>>>>>>> , make sure the subset code in downloads.xml doesn't delete it,
>>>>>>>>
>>>>>>>> Check.
>>>>>>>>
>>>>>>>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>>>>>>>
>>>>>>>>
>>>>>>>> Here’s where I’m stuck.
>>>>>>>>
>>>>>>>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
HelloWorld size: 78,547 bytes and 20,788 bytes minified.
There does seem to be a bunch of cruft at the top of the file. Not sure where it’s all coming from:
https://paste.apache.org/d6p4j
> On Dec 28, 2021, at 10:13 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> Maybe. Can you confirm it? I think if there are any exports in that code it might stick around.
>
> -Alex
>
> On 12/27/21, 9:24 PM, "Harbs" <ha...@gmail.com> wrote:
>
> Won’t the minification remove the code if it’s not needed?
>
>> On Dec 28, 2021, at 2:10 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>
>> I think with this change we'll see HelloWorld grow by the size of the goog.html and related code, which could be a noticeable chunk. Ideally, there'd be some way to kick out the sanitization code if rare situations it isn't needed, or just to show our HelloWorld is still small. And then it would nice to not have to remember to update the compiler if we add some other goog dependency later. The compiler did list a bunch of goog files for the debug build's addDependency list, so maybe we just need to start from that list. However, I'm hoping to not spend more time on this, so maybe some other volunteer can do that.
>>
>> -Alex
>>
>> On 12/27/21, 1:03 AM, "Harbs" <ha...@gmail.com> wrote:
>>
>> OK. I’ll give it a go. I see what you did. It’s probably reasonable to just add dependencies if/when we need them.
>>
>>> On Dec 27, 2021, at 9:53 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>
>>> It looks like the compiler has some expectations that goog.events.EventTarget is the only goog dependency in a Royale app.
>>> I added HtmlSanitizer and a test case I was using that had the same problem started working. Maybe we need a smarter way to dictate what goog dependencies really are.
>>>
>>> -Alex
>>>
>>> On 12/26/21, 11:51 AM, "Harbs" <ha...@gmail.com> wrote:
>>>
>>> This is when running the CoreJS tests.
>>>
>>>> On Dec 26, 2021, at 8:54 PM, Harbs <ha...@gmail.com> wrote:
>>>>
>>>> Uncaught TypeError: Cannot read properties of undefined (reading 'ua’)
>>>>
>>>> in gf(Ci, We.H.ua);
>>>>
>>>> “We.H" is undefined.
>>>>
>>>> Here’s the surrounding code:
>>>>
>>>> function Ci(a, b) {
>>>> We.H.ua.call(this, a, b)
>>>> }
>>>> gf(Ci, We.H.ua);
>>>> C(je, Ci);
>>>> Ci.unwrap = function(a) {
>>>> return We.H.ua.unwrap(a)
>>>> }
>>>> ;
>>>> C('org.apache.royale.utils.string.InternalSafeUrl.unwrap', Ci.unwrap);
>>>> Ci.sanitize = function(a) {
>>>> return We.H.ua.sanitize(a)
>>>> }
>>>> ;
>>>> C('org.apache.royale.utils.string.InternalSafeUrl.sanitize', Ci.sanitize);
>>>> Ci.prototype.g = {
>>>> names: [{
>>>> name: 'InternalSafeUrl',
>>>> h: je,
>>>> kind: p
>>>> }]
>>>> };
>>>> Ci.prototype.i = function() {
>>>> return {
>>>> methods: function() {
>>>> return {
>>>> InternalSafeUrl: {
>>>> type: '',
>>>> declaredBy: je,
>>>> parameters: function() {
>>>> return [l, !1, k, !1]
>>>> }
>>>> },
>>>> '|unwrap': {
>>>> type: l,
>>>> declaredBy: je,
>>>> parameters: function() {
>>>> return [kc, !1]
>>>> }
>>>> },
>>>> '|sanitize': {
>>>> type: kc,
>>>> declaredBy: je,
>>>> parameters: function() {
>>>> return [l, !1]
>>>> }
>>>> }
>>>> }
>>>> }
>>>> }
>>>> }
>>>> ;
>>>>
>>>>> On Dec 26, 2021, at 7:27 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>
>>>>> What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
>>>>>
>>>>> -Alex
>>>>>
>>>>> On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>>
>>>>> I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
>>>>>
>>>>> You can see what I did on the sanitize branch...
>>>>>
>>>>>> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>>>>>>
>>>>>> I’ll try to create placeholder classes to subclass them.
>>>>>>
>>>>>>> Might be simpler to just special case these two.
>>>>>>
>>>>>> How would we go about that?
>>>>>>
>>>>>>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>>
>>>>>>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>>>>>>
>>>>>>> -Alex
>>>>>>>
>>>>>>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>>>
>>>>>>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>>>>>>
>>>>>>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>>>
>>>>>>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>>>>>>
>>>>>>> -Alex
>>>>>>>
>>>>>>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>>>
>>>>>>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>>>>>>
>>>>>>> Check.
>>>>>>>
>>>>>>>> , make sure the subset code in downloads.xml doesn't delete it,
>>>>>>>
>>>>>>> Check.
>>>>>>>
>>>>>>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>>>>>>
>>>>>>>
>>>>>>> Here’s where I’m stuck.
>>>>>>>
>>>>>>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>>
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Alex Harui <ah...@adobe.com.INVALID>.
Maybe. Can you confirm it? I think if there are any exports in that code it might stick around.
-Alex
On 12/27/21, 9:24 PM, "Harbs" <ha...@gmail.com> wrote:
Won’t the minification remove the code if it’s not needed?
> On Dec 28, 2021, at 2:10 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> I think with this change we'll see HelloWorld grow by the size of the goog.html and related code, which could be a noticeable chunk. Ideally, there'd be some way to kick out the sanitization code if rare situations it isn't needed, or just to show our HelloWorld is still small. And then it would nice to not have to remember to update the compiler if we add some other goog dependency later. The compiler did list a bunch of goog files for the debug build's addDependency list, so maybe we just need to start from that list. However, I'm hoping to not spend more time on this, so maybe some other volunteer can do that.
>
> -Alex
>
> On 12/27/21, 1:03 AM, "Harbs" <ha...@gmail.com> wrote:
>
> OK. I’ll give it a go. I see what you did. It’s probably reasonable to just add dependencies if/when we need them.
>
>> On Dec 27, 2021, at 9:53 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>
>> It looks like the compiler has some expectations that goog.events.EventTarget is the only goog dependency in a Royale app.
>> I added HtmlSanitizer and a test case I was using that had the same problem started working. Maybe we need a smarter way to dictate what goog dependencies really are.
>>
>> -Alex
>>
>> On 12/26/21, 11:51 AM, "Harbs" <ha...@gmail.com> wrote:
>>
>> This is when running the CoreJS tests.
>>
>>> On Dec 26, 2021, at 8:54 PM, Harbs <ha...@gmail.com> wrote:
>>>
>>> Uncaught TypeError: Cannot read properties of undefined (reading 'ua’)
>>>
>>> in gf(Ci, We.H.ua);
>>>
>>> “We.H" is undefined.
>>>
>>> Here’s the surrounding code:
>>>
>>> function Ci(a, b) {
>>> We.H.ua.call(this, a, b)
>>> }
>>> gf(Ci, We.H.ua);
>>> C(je, Ci);
>>> Ci.unwrap = function(a) {
>>> return We.H.ua.unwrap(a)
>>> }
>>> ;
>>> C('org.apache.royale.utils.string.InternalSafeUrl.unwrap', Ci.unwrap);
>>> Ci.sanitize = function(a) {
>>> return We.H.ua.sanitize(a)
>>> }
>>> ;
>>> C('org.apache.royale.utils.string.InternalSafeUrl.sanitize', Ci.sanitize);
>>> Ci.prototype.g = {
>>> names: [{
>>> name: 'InternalSafeUrl',
>>> h: je,
>>> kind: p
>>> }]
>>> };
>>> Ci.prototype.i = function() {
>>> return {
>>> methods: function() {
>>> return {
>>> InternalSafeUrl: {
>>> type: '',
>>> declaredBy: je,
>>> parameters: function() {
>>> return [l, !1, k, !1]
>>> }
>>> },
>>> '|unwrap': {
>>> type: l,
>>> declaredBy: je,
>>> parameters: function() {
>>> return [kc, !1]
>>> }
>>> },
>>> '|sanitize': {
>>> type: kc,
>>> declaredBy: je,
>>> parameters: function() {
>>> return [l, !1]
>>> }
>>> }
>>> }
>>> }
>>> }
>>> }
>>> ;
>>>
>>>> On Dec 26, 2021, at 7:27 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
>>>>
>>>> -Alex
>>>>
>>>> On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>
>>>> I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
>>>>
>>>> You can see what I did on the sanitize branch...
>>>>
>>>>> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>>>>>
>>>>> I’ll try to create placeholder classes to subclass them.
>>>>>
>>>>>> Might be simpler to just special case these two.
>>>>>
>>>>> How would we go about that?
>>>>>
>>>>>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>
>>>>>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>>>>>
>>>>>> -Alex
>>>>>>
>>>>>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>>
>>>>>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>>>>>
>>>>>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>>
>>>>>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>>>>>
>>>>>> -Alex
>>>>>>
>>>>>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>>
>>>>>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>>>>>
>>>>>> Check.
>>>>>>
>>>>>>> , make sure the subset code in downloads.xml doesn't delete it,
>>>>>>
>>>>>> Check.
>>>>>>
>>>>>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>>>>>
>>>>>>
>>>>>> Here’s where I’m stuck.
>>>>>>
>>>>>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
Won’t the minification remove the code if it’s not needed?
> On Dec 28, 2021, at 2:10 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> I think with this change we'll see HelloWorld grow by the size of the goog.html and related code, which could be a noticeable chunk. Ideally, there'd be some way to kick out the sanitization code if rare situations it isn't needed, or just to show our HelloWorld is still small. And then it would nice to not have to remember to update the compiler if we add some other goog dependency later. The compiler did list a bunch of goog files for the debug build's addDependency list, so maybe we just need to start from that list. However, I'm hoping to not spend more time on this, so maybe some other volunteer can do that.
>
> -Alex
>
> On 12/27/21, 1:03 AM, "Harbs" <ha...@gmail.com> wrote:
>
> OK. I’ll give it a go. I see what you did. It’s probably reasonable to just add dependencies if/when we need them.
>
>> On Dec 27, 2021, at 9:53 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>
>> It looks like the compiler has some expectations that goog.events.EventTarget is the only goog dependency in a Royale app.
>> I added HtmlSanitizer and a test case I was using that had the same problem started working. Maybe we need a smarter way to dictate what goog dependencies really are.
>>
>> -Alex
>>
>> On 12/26/21, 11:51 AM, "Harbs" <ha...@gmail.com> wrote:
>>
>> This is when running the CoreJS tests.
>>
>>> On Dec 26, 2021, at 8:54 PM, Harbs <ha...@gmail.com> wrote:
>>>
>>> Uncaught TypeError: Cannot read properties of undefined (reading 'ua’)
>>>
>>> in gf(Ci, We.H.ua);
>>>
>>> “We.H" is undefined.
>>>
>>> Here’s the surrounding code:
>>>
>>> function Ci(a, b) {
>>> We.H.ua.call(this, a, b)
>>> }
>>> gf(Ci, We.H.ua);
>>> C(je, Ci);
>>> Ci.unwrap = function(a) {
>>> return We.H.ua.unwrap(a)
>>> }
>>> ;
>>> C('org.apache.royale.utils.string.InternalSafeUrl.unwrap', Ci.unwrap);
>>> Ci.sanitize = function(a) {
>>> return We.H.ua.sanitize(a)
>>> }
>>> ;
>>> C('org.apache.royale.utils.string.InternalSafeUrl.sanitize', Ci.sanitize);
>>> Ci.prototype.g = {
>>> names: [{
>>> name: 'InternalSafeUrl',
>>> h: je,
>>> kind: p
>>> }]
>>> };
>>> Ci.prototype.i = function() {
>>> return {
>>> methods: function() {
>>> return {
>>> InternalSafeUrl: {
>>> type: '',
>>> declaredBy: je,
>>> parameters: function() {
>>> return [l, !1, k, !1]
>>> }
>>> },
>>> '|unwrap': {
>>> type: l,
>>> declaredBy: je,
>>> parameters: function() {
>>> return [kc, !1]
>>> }
>>> },
>>> '|sanitize': {
>>> type: kc,
>>> declaredBy: je,
>>> parameters: function() {
>>> return [l, !1]
>>> }
>>> }
>>> }
>>> }
>>> }
>>> }
>>> ;
>>>
>>>> On Dec 26, 2021, at 7:27 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
>>>>
>>>> -Alex
>>>>
>>>> On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>
>>>> I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
>>>>
>>>> You can see what I did on the sanitize branch...
>>>>
>>>>> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>>>>>
>>>>> I’ll try to create placeholder classes to subclass them.
>>>>>
>>>>>> Might be simpler to just special case these two.
>>>>>
>>>>> How would we go about that?
>>>>>
>>>>>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>
>>>>>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>>>>>
>>>>>> -Alex
>>>>>>
>>>>>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>>
>>>>>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>>>>>
>>>>>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>>
>>>>>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>>>>>
>>>>>> -Alex
>>>>>>
>>>>>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>>
>>>>>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>>>>>
>>>>>> Check.
>>>>>>
>>>>>>> , make sure the subset code in downloads.xml doesn't delete it,
>>>>>>
>>>>>> Check.
>>>>>>
>>>>>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>>>>>
>>>>>>
>>>>>> Here’s where I’m stuck.
>>>>>>
>>>>>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Alex Harui <ah...@adobe.com.INVALID>.
I think with this change we'll see HelloWorld grow by the size of the goog.html and related code, which could be a noticeable chunk. Ideally, there'd be some way to kick out the sanitization code if rare situations it isn't needed, or just to show our HelloWorld is still small. And then it would nice to not have to remember to update the compiler if we add some other goog dependency later. The compiler did list a bunch of goog files for the debug build's addDependency list, so maybe we just need to start from that list. However, I'm hoping to not spend more time on this, so maybe some other volunteer can do that.
-Alex
On 12/27/21, 1:03 AM, "Harbs" <ha...@gmail.com> wrote:
OK. I’ll give it a go. I see what you did. It’s probably reasonable to just add dependencies if/when we need them.
> On Dec 27, 2021, at 9:53 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> It looks like the compiler has some expectations that goog.events.EventTarget is the only goog dependency in a Royale app.
> I added HtmlSanitizer and a test case I was using that had the same problem started working. Maybe we need a smarter way to dictate what goog dependencies really are.
>
> -Alex
>
> On 12/26/21, 11:51 AM, "Harbs" <ha...@gmail.com> wrote:
>
> This is when running the CoreJS tests.
>
>> On Dec 26, 2021, at 8:54 PM, Harbs <ha...@gmail.com> wrote:
>>
>> Uncaught TypeError: Cannot read properties of undefined (reading 'ua’)
>>
>> in gf(Ci, We.H.ua);
>>
>> “We.H" is undefined.
>>
>> Here’s the surrounding code:
>>
>> function Ci(a, b) {
>> We.H.ua.call(this, a, b)
>> }
>> gf(Ci, We.H.ua);
>> C(je, Ci);
>> Ci.unwrap = function(a) {
>> return We.H.ua.unwrap(a)
>> }
>> ;
>> C('org.apache.royale.utils.string.InternalSafeUrl.unwrap', Ci.unwrap);
>> Ci.sanitize = function(a) {
>> return We.H.ua.sanitize(a)
>> }
>> ;
>> C('org.apache.royale.utils.string.InternalSafeUrl.sanitize', Ci.sanitize);
>> Ci.prototype.g = {
>> names: [{
>> name: 'InternalSafeUrl',
>> h: je,
>> kind: p
>> }]
>> };
>> Ci.prototype.i = function() {
>> return {
>> methods: function() {
>> return {
>> InternalSafeUrl: {
>> type: '',
>> declaredBy: je,
>> parameters: function() {
>> return [l, !1, k, !1]
>> }
>> },
>> '|unwrap': {
>> type: l,
>> declaredBy: je,
>> parameters: function() {
>> return [kc, !1]
>> }
>> },
>> '|sanitize': {
>> type: kc,
>> declaredBy: je,
>> parameters: function() {
>> return [l, !1]
>> }
>> }
>> }
>> }
>> }
>> }
>> ;
>>
>>> On Dec 26, 2021, at 7:27 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>
>>> What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
>>>
>>> -Alex
>>>
>>> On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
>>>
>>> I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
>>>
>>> You can see what I did on the sanitize branch...
>>>
>>>> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>>>>
>>>> I’ll try to create placeholder classes to subclass them.
>>>>
>>>>> Might be simpler to just special case these two.
>>>>
>>>> How would we go about that?
>>>>
>>>>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>
>>>>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>>>>
>>>>> -Alex
>>>>>
>>>>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>
>>>>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>>>>
>>>>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>
>>>>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>>>>
>>>>> -Alex
>>>>>
>>>>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>>
>>>>>
>>>>>
>>>>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>
>>>>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>>>>
>>>>> Check.
>>>>>
>>>>>> , make sure the subset code in downloads.xml doesn't delete it,
>>>>>
>>>>> Check.
>>>>>
>>>>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>>>>
>>>>>
>>>>> Here’s where I’m stuck.
>>>>>
>>>>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
OK. I’ll give it a go. I see what you did. It’s probably reasonable to just add dependencies if/when we need them.
> On Dec 27, 2021, at 9:53 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> It looks like the compiler has some expectations that goog.events.EventTarget is the only goog dependency in a Royale app.
> I added HtmlSanitizer and a test case I was using that had the same problem started working. Maybe we need a smarter way to dictate what goog dependencies really are.
>
> -Alex
>
> On 12/26/21, 11:51 AM, "Harbs" <ha...@gmail.com> wrote:
>
> This is when running the CoreJS tests.
>
>> On Dec 26, 2021, at 8:54 PM, Harbs <ha...@gmail.com> wrote:
>>
>> Uncaught TypeError: Cannot read properties of undefined (reading 'ua’)
>>
>> in gf(Ci, We.H.ua);
>>
>> “We.H" is undefined.
>>
>> Here’s the surrounding code:
>>
>> function Ci(a, b) {
>> We.H.ua.call(this, a, b)
>> }
>> gf(Ci, We.H.ua);
>> C(je, Ci);
>> Ci.unwrap = function(a) {
>> return We.H.ua.unwrap(a)
>> }
>> ;
>> C('org.apache.royale.utils.string.InternalSafeUrl.unwrap', Ci.unwrap);
>> Ci.sanitize = function(a) {
>> return We.H.ua.sanitize(a)
>> }
>> ;
>> C('org.apache.royale.utils.string.InternalSafeUrl.sanitize', Ci.sanitize);
>> Ci.prototype.g = {
>> names: [{
>> name: 'InternalSafeUrl',
>> h: je,
>> kind: p
>> }]
>> };
>> Ci.prototype.i = function() {
>> return {
>> methods: function() {
>> return {
>> InternalSafeUrl: {
>> type: '',
>> declaredBy: je,
>> parameters: function() {
>> return [l, !1, k, !1]
>> }
>> },
>> '|unwrap': {
>> type: l,
>> declaredBy: je,
>> parameters: function() {
>> return [kc, !1]
>> }
>> },
>> '|sanitize': {
>> type: kc,
>> declaredBy: je,
>> parameters: function() {
>> return [l, !1]
>> }
>> }
>> }
>> }
>> }
>> }
>> ;
>>
>>> On Dec 26, 2021, at 7:27 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>
>>> What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
>>>
>>> -Alex
>>>
>>> On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
>>>
>>> I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
>>>
>>> You can see what I did on the sanitize branch...
>>>
>>>> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>>>>
>>>> I’ll try to create placeholder classes to subclass them.
>>>>
>>>>> Might be simpler to just special case these two.
>>>>
>>>> How would we go about that?
>>>>
>>>>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>
>>>>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>>>>
>>>>> -Alex
>>>>>
>>>>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>
>>>>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>>>>
>>>>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>>
>>>>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>>>>
>>>>> -Alex
>>>>>
>>>>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>>
>>>>>
>>>>>
>>>>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>>
>>>>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>>>>
>>>>> Check.
>>>>>
>>>>>> , make sure the subset code in downloads.xml doesn't delete it,
>>>>>
>>>>> Check.
>>>>>
>>>>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>>>>
>>>>>
>>>>> Here’s where I’m stuck.
>>>>>
>>>>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Alex Harui <ah...@adobe.com.INVALID>.
It looks like the compiler has some expectations that goog.events.EventTarget is the only goog dependency in a Royale app.
I added HtmlSanitizer and a test case I was using that had the same problem started working. Maybe we need a smarter way to dictate what goog dependencies really are.
-Alex
On 12/26/21, 11:51 AM, "Harbs" <ha...@gmail.com> wrote:
This is when running the CoreJS tests.
> On Dec 26, 2021, at 8:54 PM, Harbs <ha...@gmail.com> wrote:
>
> Uncaught TypeError: Cannot read properties of undefined (reading 'ua’)
>
> in gf(Ci, We.H.ua);
>
> “We.H" is undefined.
>
> Here’s the surrounding code:
>
> function Ci(a, b) {
> We.H.ua.call(this, a, b)
> }
> gf(Ci, We.H.ua);
> C(je, Ci);
> Ci.unwrap = function(a) {
> return We.H.ua.unwrap(a)
> }
> ;
> C('org.apache.royale.utils.string.InternalSafeUrl.unwrap', Ci.unwrap);
> Ci.sanitize = function(a) {
> return We.H.ua.sanitize(a)
> }
> ;
> C('org.apache.royale.utils.string.InternalSafeUrl.sanitize', Ci.sanitize);
> Ci.prototype.g = {
> names: [{
> name: 'InternalSafeUrl',
> h: je,
> kind: p
> }]
> };
> Ci.prototype.i = function() {
> return {
> methods: function() {
> return {
> InternalSafeUrl: {
> type: '',
> declaredBy: je,
> parameters: function() {
> return [l, !1, k, !1]
> }
> },
> '|unwrap': {
> type: l,
> declaredBy: je,
> parameters: function() {
> return [kc, !1]
> }
> },
> '|sanitize': {
> type: kc,
> declaredBy: je,
> parameters: function() {
> return [l, !1]
> }
> }
> }
> }
> }
> }
> ;
>
>> On Dec 26, 2021, at 7:27 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>
>> What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
>>
>> -Alex
>>
>> On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
>>
>> I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
>>
>> You can see what I did on the sanitize branch...
>>
>>> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>>>
>>> I’ll try to create placeholder classes to subclass them.
>>>
>>>> Might be simpler to just special case these two.
>>>
>>> How would we go about that?
>>>
>>>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>>>
>>>> -Alex
>>>>
>>>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>>>
>>>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>>>
>>>> -Alex
>>>>
>>>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>
>>>>
>>>>
>>>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>
>>>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>>>
>>>> Check.
>>>>
>>>>> , make sure the subset code in downloads.xml doesn't delete it,
>>>>
>>>> Check.
>>>>
>>>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>>>
>>>>
>>>> Here’s where I’m stuck.
>>>>
>>>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>>>
>>>>
>>>>
>>>
>>
>>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
This is when running the CoreJS tests.
> On Dec 26, 2021, at 8:54 PM, Harbs <ha...@gmail.com> wrote:
>
> Uncaught TypeError: Cannot read properties of undefined (reading 'ua’)
>
> in gf(Ci, We.H.ua);
>
> “We.H" is undefined.
>
> Here’s the surrounding code:
>
> function Ci(a, b) {
> We.H.ua.call(this, a, b)
> }
> gf(Ci, We.H.ua);
> C(je, Ci);
> Ci.unwrap = function(a) {
> return We.H.ua.unwrap(a)
> }
> ;
> C('org.apache.royale.utils.string.InternalSafeUrl.unwrap', Ci.unwrap);
> Ci.sanitize = function(a) {
> return We.H.ua.sanitize(a)
> }
> ;
> C('org.apache.royale.utils.string.InternalSafeUrl.sanitize', Ci.sanitize);
> Ci.prototype.g = {
> names: [{
> name: 'InternalSafeUrl',
> h: je,
> kind: p
> }]
> };
> Ci.prototype.i = function() {
> return {
> methods: function() {
> return {
> InternalSafeUrl: {
> type: '',
> declaredBy: je,
> parameters: function() {
> return [l, !1, k, !1]
> }
> },
> '|unwrap': {
> type: l,
> declaredBy: je,
> parameters: function() {
> return [kc, !1]
> }
> },
> '|sanitize': {
> type: kc,
> declaredBy: je,
> parameters: function() {
> return [l, !1]
> }
> }
> }
> }
> }
> }
> ;
>
>> On Dec 26, 2021, at 7:27 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>
>> What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
>>
>> -Alex
>>
>> On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
>>
>> I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
>>
>> You can see what I did on the sanitize branch...
>>
>>> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>>>
>>> I’ll try to create placeholder classes to subclass them.
>>>
>>>> Might be simpler to just special case these two.
>>>
>>> How would we go about that?
>>>
>>>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>>>
>>>> -Alex
>>>>
>>>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>>>
>>>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>>>
>>>> -Alex
>>>>
>>>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>>>
>>>>
>>>>
>>>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>>
>>>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>>>
>>>> Check.
>>>>
>>>>> , make sure the subset code in downloads.xml doesn't delete it,
>>>>
>>>> Check.
>>>>
>>>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>>>
>>>>
>>>> Here’s where I’m stuck.
>>>>
>>>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>>>
>>>>
>>>>
>>>
>>
>>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
Uncaught TypeError: Cannot read properties of undefined (reading 'ua’)
in gf(Ci, We.H.ua);
“We.H" is undefined.
Here’s the surrounding code:
function Ci(a, b) {
We.H.ua.call(this, a, b)
}
gf(Ci, We.H.ua);
C(je, Ci);
Ci.unwrap = function(a) {
return We.H.ua.unwrap(a)
}
;
C('org.apache.royale.utils.string.InternalSafeUrl.unwrap', Ci.unwrap);
Ci.sanitize = function(a) {
return We.H.ua.sanitize(a)
}
;
C('org.apache.royale.utils.string.InternalSafeUrl.sanitize', Ci.sanitize);
Ci.prototype.g = {
names: [{
name: 'InternalSafeUrl',
h: je,
kind: p
}]
};
Ci.prototype.i = function() {
return {
methods: function() {
return {
InternalSafeUrl: {
type: '',
declaredBy: je,
parameters: function() {
return [l, !1, k, !1]
}
},
'|unwrap': {
type: l,
declaredBy: je,
parameters: function() {
return [kc, !1]
}
},
'|sanitize': {
type: kc,
declaredBy: je,
parameters: function() {
return [l, !1]
}
}
}
}
}
}
;
> On Dec 26, 2021, at 7:27 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
>
> -Alex
>
> On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
>
> I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
>
> You can see what I did on the sanitize branch...
>
>> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>>
>> I’ll try to create placeholder classes to subclass them.
>>
>>> Might be simpler to just special case these two.
>>
>> How would we go about that?
>>
>>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>
>>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>>
>>> -Alex
>>>
>>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>
>>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>>
>>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>>
>>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>>
>>> -Alex
>>>
>>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>>
>>>
>>>
>>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>>
>>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>>
>>> Check.
>>>
>>>> , make sure the subset code in downloads.xml doesn't delete it,
>>>
>>> Check.
>>>
>>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>>
>>>
>>> Here’s where I’m stuck.
>>>
>>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>>
>>>
>>>
>>
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Alex Harui <ah...@adobe.com.INVALID>.
What error do you get in release mode? The goog classes "should" be renamed in release mode if it is all static methods.
-Alex
On 12/26/21, 2:11 AM, "Harbs" <ha...@gmail.com> wrote:
I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
You can see what I did on the sanitize branch...
> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>
> I’ll try to create placeholder classes to subclass them.
>
>> Might be simpler to just special case these two.
>
> How would we go about that?
>
>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>
>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>
>> -Alex
>>
>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>
>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>
>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>
>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>
>> -Alex
>>
>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>
>>
>>
>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>
>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>
>> Check.
>>
>>> , make sure the subset code in downloads.xml doesn't delete it,
>>
>> Check.
>>
>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>
>>
>> Here’s where I’m stuck.
>>
>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>
>>
>>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
I subclassed the goog classes. That seems to help in debug mode, but for some reason I’m not clear on, the goog classes disappear in release mode.
You can see what I did on the sanitize branch...
> On Dec 26, 2021, at 9:35 AM, Harbs <ha...@gmail.com> wrote:
>
> I’ll try to create placeholder classes to subclass them.
>
>> Might be simpler to just special case these two.
>
> How would we go about that?
>
>> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>
>> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>>
>> -Alex
>>
>> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>
>> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>>
>> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>>
>> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>>
>> -Alex
>>
>> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>>
>>
>>
>>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>>
>>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>>
>> Check.
>>
>>> , make sure the subset code in downloads.xml doesn't delete it,
>>
>> Check.
>>
>>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>>
>>
>> Here’s where I’m stuck.
>>
>> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>>
>>
>>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
I’ll try to create placeholder classes to subclass them.
> Might be simpler to just special case these two.
How would we go about that?
> On Dec 25, 2021, at 6:08 PM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
>
> -Alex
>
> On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>
> I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
>
> On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
>
> I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
>
> -Alex
>
> On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
>
>
>
>> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>>
>> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
>
> Check.
>
>> , make sure the subset code in downloads.xml doesn't delete it,
>
> Check.
>
>> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
>
>
> Here’s where I’m stuck.
>
> That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
>
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Alex Harui <ah...@adobe.com.INVALID>.
Hmm. That may not work since you can't extend a static function. Might be simpler to just special case these two.
-Alex
On 12/25/21, 12:08 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
-Alex
On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
Check.
> , make sure the subset code in downloads.xml doesn't delete it,
Check.
> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
Here’s where I’m stuck.
That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Alex Harui <ah...@adobe.com.INVALID>.
I took a look. It does require an "extends" relationship to force the goog.require for something in GCL.swc. I don't think we want to change that, so try a workaround.
On 12/20/21, 9:02 AM, "Alex Harui" <ah...@adobe.com.INVALID> wrote:
I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
-Alex
On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
Check.
> , make sure the subset code in downloads.xml doesn't delete it,
Check.
> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
Here’s where I’m stuck.
That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Alex Harui <ah...@adobe.com.INVALID>.
I will try to look at it this coming weekend. One thing to try for now is to create a class that extends goog.html.SafeHtml and redirect sanitization through the subclass. Maybe the only way to get the dependency is to have an 'extends' relationship on the dependency, since that's what EventDispatcher does.
-Alex
On 12/20/21, 7:16 AM, "Harbs" <ha...@gmail.com> wrote:
> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
Check.
> , make sure the subset code in downloads.xml doesn't delete it,
Check.
> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
Here’s where I’m stuck.
That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
> On Dec 20, 2021, at 10:20 AM, Alex Harui <ah...@adobe.com.INVALID> wrote:
>
> I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library
Check.
> , make sure the subset code in downloads.xml doesn't delete it,
Check.
> and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
Here’s where I’m stuck.
That’s what I was expecting, but it doesn’t. I don’t know if it’s because it’s a utility function rather than a class or some other reason, but goog.html.SafeHtml and friends do not appear as dependencies.
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Alex Harui <ah...@adobe.com.INVALID>.
I rummaged through the js-debug output of examples/royale/ASDoc.
I was surprised that I could not find a goog.require of goog.events.EventTarget from our code. There may have been a reason for that but I don't recall. Maybe I missed it. Probably something to do with circular dependencies.
The reason I think the example runs is because there is an addDependency from org.apache.royale.events.EventDispatcher to goog.events.EventTarget. That should be enough to get the browser to load goog.events.eventtarget.js.
GCL.swc is in the -external-library-path, so it is definitely more like playerglobal. The .as files are hand-translated definitions from the js files in the Google Closure Library. The js code is expected to be loaded some other way, probably via addDependency.
The downloads.xml subsets what Google Closure Library js files are factored into the addDependency output. The full library of .js files is somewhat wasteful so we subset to just the ones we need.
I might have time this weekend to spend more time getting it to work, but the idea is that you add to GCL.swc the .as version of whatever JS file you need from Google Closure Library, make sure the subset code in downloads.xml doesn't delete it, and then if the transpiled output of, say, Label references goog.html.SafeHtml, it should show up in the addDependency line for Label.
I didn't have time to pull down the branch and see if you did all of that. Sounds like you're pretty close though.
HTH,
-Alex
On 12/15/21, 10:23 AM, "Josh Tynjala" <jo...@bowlerhat.dev> wrote:
I investigated inside the compiler a bit, and it looks like we don't add
goog.require() calls for any of the goog.* symbols that we use (at least in
CoreJS and BasicJS). If a .swc file contains .js files in the right
location, the compiler assumes that those symbols need a goog.require()
call. However, GCL.swc does not contain any .js files, so the compiler
assumes that these symbols are provided by the browser/runtime instead.
Obviously, the browser doesn't provide them natively, so I suspect that
goog/base.js simply knows how to resolve goog.* symbols automatically
without a goog.require() call (similarly, Closure compiler should know how
to resolve them for release builds). Since we've been using a number of
goog.* symbols for years (our EventDispatcher is based on
goog.events.EventTarget, for instance), I think that the compiler is
behaving correctly here with your new goog.html.SafeHtml and
goog.html.sanitizer.HtmlSantizer symbols. I don't think they need a
goog.require() call.
When you try to run a project using the new sanitizeHtml() and
sanitizeUrl() functions that you created, do they work in both debug and
release builds? Or are they failing? If they're working, I think you're
good to go!
(By the way, you should probably do a "clean" build to test because the
compiler might have an optimization to skip copying Closure library if it
detects its presence in the output directory, so you might not get new .js
files that didn't exist in older SDKs)
--
Josh Tynjala
Bowler Hat LLC <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbowlerhat.dev%2F&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=PCAMFjCbGWNjlU2N9vosPe1lWr9dw52tTmyP1jpNC8k%3D&reserved=0>
On Tue, Dec 14, 2021 at 12:17 PM Harbs <ha...@gmail.com> wrote:
> I had to modify the script here:
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-asjs%2Fblob%2Ffeature%2Fsanitize%2Fframeworks%2Fdownloads.xml%23L286&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=tnqbKpyVfxgaCb8C%2FS36AUuLhu8KiAvDJlikXSPZ%2FtU%3D&reserved=0
> <
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-asjs%2Fblob%2Fdevelop%2Fframeworks%2Fdownloads.xml%23L286&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=RxHIFdigmCvzz3U1YCLP5ytQ8Q%2FuIWF82P9rr1n3S2Q%3D&reserved=0
> >
>
> Adding the necessary files worked to get the goog.html files. I confirmed
> that the files ended up in the debug folder.
>
> BUT, there’s no reference to requiring them in the compiled JS code.
>
> That’s the bit I’m stuck on.
>
> Why does using the following code not generate something akin to
> goog.require (or goog.addDependency) somewhere?
>
> package org.apache.royale.utils.string
> {
> COMPILE::JS{
> import goog.html.sanitizer.HtmlSanitizer;
> import goog.html.SafeHtml;
> }
>
> public function sanitizeHtml(html:String):String
> {
> COMPILE::JS
> {
> return
> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
> }
> //TODO sanitize in swf
> COMPILE::SWF
> {
> return html;
> }
> }
> }
>
> > On Dec 14, 2021, at 10:00 PM, Josh Tynjala <jo...@bowlerhat.dev>
> wrote:
> >
> > I think that GCL.swc might be kind of a weird edge case. The .swc exists
> > only to make the AS3 compiler happy. As I understand it, Closure Compiler
> > analyzes our generated .js files to determine which .js files from
> Closure
> > library are needed in the final output. I think we copy all of Closure
> > library for a debug build, and it grabs what it needs automatically.
> >
> > Could it be that the Closure library .js files that you are trying to use
> > are missing from the version of Closure library that we currently depend
> > on? Maybe we need an upgrade? Or maybe we're simply excluding them in
> some
> > way because they weren't being used.
> >
> > --
> > Josh Tynjala
> > Bowler Hat LLC <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbowlerhat.dev%2F&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=PCAMFjCbGWNjlU2N9vosPe1lWr9dw52tTmyP1jpNC8k%3D&reserved=0>
> >
> >
> > On Tue, Dec 14, 2021 at 10:58 AM Harbs <ha...@gmail.com> wrote:
> >
> >> Thanks for responding.
> >>
> >> Yes. I tried to add the definitions here.
> >>
> >>
> >>
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-typedefs%2Ftree%2Ffeature%2Fsanitize%2FGCL%2Fsrc%2Fmain%2Froyale%2Fgoog%2Fhtml&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=h8ocG584dnMkIZZdayZIt75OW0FbwqYRO0ZoJKDFpmU%3D&reserved=0
> >> <
> >>
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-typedefs%2Ftree%2Ffeature%2Fsanitize%2FGCL%2Fsrc%2Fmain%2Froyale%2Fgoog%2Fhtml&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=h8ocG584dnMkIZZdayZIt75OW0FbwqYRO0ZoJKDFpmU%3D&reserved=0
> >>>
> >>
> >> It helped to get the type definitions in
> >>
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-asjs%2Fblob%2F1b12594c60420d3503f9e366f314c9d875e16ddb%2Fframeworks%2Fprojects%2FCore%2Fsrc%2Fmain%2Froyale%2Forg%2Fapache%2Froyale%2Futils%2Fstring%2FsanitizeHtml.as&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rMEyAUQL3gjamRZhZozYQ7wmp%2B%2BWLXQu5LGzjNwF8wc%3D&reserved=0
> >> <
> >>
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-asjs%2Fblob%2F1b12594c60420d3503f9e366f314c9d875e16ddb%2Fframeworks%2Fprojects%2FCore%2Fsrc%2Fmain%2Froyale%2Forg%2Fapache%2Froyale%2Futils%2Fstring%2FsanitizeHtml.as&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rMEyAUQL3gjamRZhZozYQ7wmp%2B%2BWLXQu5LGzjNwF8wc%3D&reserved=0
> >>>
> >>
> >> But the goog.html files were not referenced in the JS output. I also
> >> changed the script that extracts the goog js files, but that did not
> help.
> >>
> >> Basically, GCL is like a regular swc library in that JS files are
> needed,
> >> but it’s like a typedef file in that the JS doesn’t come from the swc
> >> (IFAICT). I’m struggling to understand how the compiler builds the
> >> dependencies from GCL.swc…
> >>
> >> Thanks,
> >> Harbs
> >>
> >>> On Dec 14, 2021, at 8:11 PM, Josh Tynjala <jo...@bowlerhat.dev>
> >> wrote:
> >>>
> >>> It looks like the GCL typedefs are defined here:
> >>>
> >>>
> >>
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-typedefs%2Ftree%2Fdevelop%2FGCL%2Fsrc%2Fmain%2Froyale%2Fgoog&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=R0ih%2FlOJOOvoqFeEx4rauiwDCGIeIy8qJZl23tqZjUQ%3D&reserved=0
> >>>
> >>> I think that so far we've included only the classes that we use in the
> >>> framework, so if you need something that we haven't used before, you
> can
> >>> add it here. It'll get included in the GCL .swc file, and then you can
> >> use
> >>> it in AS3/MXML.
> >>>
> >>> --
> >>> Josh Tynjala
> >>> Bowler Hat LLC <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbowlerhat.dev%2F&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=fOUE%2F6%2FhCLZuoCx3hRbjqaWVFz3gPyPbQ6i8au3FJq4%3D&reserved=0>
> >>>
> >>>
> >>> On Tue, Dec 14, 2021 at 9:42 AM Harbs <ha...@gmail.com> wrote:
> >>>
> >>>> Bump.
> >>>>
> >>>> I’m stuck on this issue. I need to understand how the GCL library
> works
> >>>> for me to finish the sanitize functions.
> >>>>
> >>>> Thanks,
> >>>> Harbs
> >>>>
> >>>>> On Dec 13, 2021, at 2:50 PM, Harbs <ha...@gmail.com> wrote:
> >>>>>
> >>>>> I created a page about swcs:
> >>>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapache.github.io%2Froyale-docs%2Flibraries%2Flibrary-basics&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y7PobUrKQzALV4RuUj0xc0854ELyioyvJtxZXEj%2F8dw%3D&reserved=0 <
> >>>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapache.github.io%2Froyale-docs%2Flibraries%2Flibrary-basics&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y7PobUrKQzALV4RuUj0xc0854ELyioyvJtxZXEj%2F8dw%3D&reserved=0>
> >>>>>
> >>>>> I added a paragraph about the GCL swc, but I’m really not very clear
> on
> >>>> how it works...
> >>>>>
> >>>>>> On Dec 12, 2021, at 5:46 PM, Harbs <harbs.lists@gmail.com <mailto:
> >>>> harbs.lists@gmail.com>> wrote:
> >>>>>>
> >>>>>> I spent some more time on this, but I’m not sure how to get the
> >>>> compiler to realize that we need the goog files.
> >>>>>>
> >>>>>> For Event we have this:
> >>>>>>
> >>>>>> goog.addDependency('../../../org/apache/royale/events/Event.js',
> >>>> ['org.apache.royale.events.Event'], ['goog.events.Event',
> >>>> 'org.apache.royale.events.IRoyaleEvent']);
> >>>>>>
> >>>>>> But Royale Event subclasses goog.events.Event.
> >>>>>>
> >>>>>> How do I tell the compiler that
> >>>> org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl
> ?
> >>>>>>
> >>>>>> The same for org.apache.royale.utils.string.sanitizeHtml with
> >>>> goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
> >>>>>>
> >>>>>> Alex? Josh? Greg?
> >>>>>>
> >>>>>> Thanks,
> >>>>>> Harbs
> >>>>>>
> >>>>>>> On Dec 12, 2021, at 2:13 AM, Harbs <harbs.lists@gmail.com <mailto:
> >>>> harbs.lists@gmail.com>> wrote:
> >>>>>>>
> >>>>>>> I added code for sanitizing, but it’s not working because the
> >>>> goog.html files are not being copied. I don’t know what needs to be
> >> done to
> >>>> make that happen.
> >>>>>>>
> >>>>>>> Harbs
> >>>>>>>
> >>>>>>>> On Dec 12, 2021, at 2:12 AM, harbs@apache.org <mailto:
> >>>> harbs@apache.org> wrote:
> >>>>>>>>
> >>>>>>>> This is an automated email from the ASF dual-hosted git
> repository.
> >>>>>>>>
> >>>>>>>> harbs pushed a commit to branch feature/sanitize
> >>>>>>>> in repository https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitbox.apache.org%2Frepos%2Fasf%2Froyale-asjs.git&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cjwsK7G%2Bf4ZHnhy1TzAuwg5He%2BA1Kfa750Xf34eRt04%3D&reserved=0
> <
> >>>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitbox.apache.org%2Frepos%2Fasf%2Froyale-asjs.git&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cjwsK7G%2Bf4ZHnhy1TzAuwg5He%2BA1Kfa750Xf34eRt04%3D&reserved=0>
> >>>>>>>>
> >>>>>>>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
> >>>>>>>> Author: Harbs <harbs@in-tools.com <ma...@in-tools.com>>
> >>>>>>>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
> >>>>>>>>
> >>>>>>>> Added sanitizeUrl and sanitizeHtml
> >>>>>>>> ---
> >>>>>>>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
> >>>>>>>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38
> >> ++++++++++++++
> >>>>>>>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36
> >> +++++++++++++
> >>>>>>>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
> >>>>>>>> .../{CoreTester.as => SanitizeTest.as} | 59
> >>>> ++++++++++++++--------
> >>>>>>>> 5 files changed, 115 insertions(+), 21 deletions(-)
> >>>>>>>>
> >>>>>>>> diff --git
> a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>> b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>>>> index 21593fd..dd088eb 100644
> >>>>>>>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>>>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>>>> @@ -342,6 +342,8 @@ internal class CoreClasses
> >>>>>>>> import org.apache.royale.utils.string.trimRight; trimRight;
> >>>>>>>> import org.apache.royale.utils.string.trimLeft; trimLeft;
> >>>>>>>> import org.apache.royale.utils.string.cacheBust; cacheBust;
> >>>>>>>> + import org.apache.royale.utils.string.sanitizeHtml;
> sanitizeHtml;
> >>>>>>>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
> >>>>>>>>
> >>>>>>>> import org.apache.royale.utils.date.addDays; addDays;
> >>>>>>>> import org.apache.royale.utils.date.addHours; addHours;
> >>>>>>>> diff --git
> >>>>
> >>
> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>>>>> new file mode 100644
> >>>>>>>> index 0000000..360ef63
> >>>>>>>> --- /dev/null
> >>>>>>>> +++
> >>>>
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>>>>> @@ -0,0 +1,38 @@
> >>>>>>>>
> >>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +//
> >>>>>>>> +// Licensed to the Apache Software Foundation (ASF) under one or
> >>>> more
> >>>>>>>> +// contributor license agreements. See the NOTICE file
> >> distributed
> >>>> with
> >>>>>>>> +// this work for additional information regarding copyright
> >>>> ownership.
> >>>>>>>> +// The ASF licenses this file to You under the Apache License,
> >>>> Version 2.0
> >>>>>>>> +// (the "License"); you may not use this file except in
> compliance
> >>>> with
> >>>>>>>> +// the License. You may obtain a copy of the License at
> >>>>>>>> +//
> >>>>>>>> +// https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache.org%2Flicenses%2FLICENSE-2.0&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Mt5oPTNRZf7FwnbGbb1VLtFPskH3IjMpvdcAyq9QM8Q%3D&reserved=0 <
> >>>> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache.org%2Flicenses%2FLICENSE-2.0&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Mt5oPTNRZf7FwnbGbb1VLtFPskH3IjMpvdcAyq9QM8Q%3D&reserved=0>
> >>>>>>>> +//
> >>>>>>>> +// Unless required by applicable law or agreed to in writing,
> >>>> software
> >>>>>>>> +// distributed under the License is distributed on an "AS IS"
> >> BASIS,
> >>>>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
> or
> >>>> implied.
> >>>>>>>> +// See the License for the specific language governing
> permissions
> >>>> and
> >>>>>>>> +// limitations under the License.
> >>>>>>>> +//
> >>>>>>>>
> >>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +package org.apache.royale.utils.string
> >>>>>>>> +{
> >>>>>>>> + COMPILE::JS{
> >>>>>>>> + import goog.html.sanitizer.HtmlSanitizer;
> >>>>>>>> + import goog.html.SafeHtml;
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + public function sanitizeHtml(html:String):String
> >>>>>>>> + {
> >>>>>>>> + COMPILE::JS
> >>>>>>>> + {
> >>>>>>>> + return
> >>>> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
> >>>>>>>> + }
> >>>>>>>> + //TODO sanitize in swf
> >>>>>>>> + COMPILE::SWF
> >>>>>>>> + {
> >>>>>>>> + return html;
> >>>>>>>> + }
> >>>>>>>> + }
> >>>>>>>> +}
> >>>>>>>> \ No newline at end of file
> >>>>>>>> diff --git
> >>>>
> >>
> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>>>>> new file mode 100644
> >>>>>>>> index 0000000..cd4151d
> >>>>>>>> --- /dev/null
> >>>>>>>> +++
> >>>>
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>>>>> @@ -0,0 +1,36 @@
> >>>>>>>>
> >>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +//
> >>>>>>>> +// Licensed to the Apache Software Foundation (ASF) under one or
> >>>> more
> >>>>>>>> +// contributor license agreements. See the NOTICE file
> >> distributed
> >>>> with
> >>>>>>>> +// this work for additional information regarding copyright
> >>>> ownership.
> >>>>>>>> +// The ASF licenses this file to You under the Apache License,
> >>>> Version 2.0
> >>>>>>>> +// (the "License"); you may not use this file except in
> compliance
> >>>> with
> >>>>>>>> +// the License. You may obtain a copy of the License at
> >>>>>>>> +//
> >>>>>>>> +// https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache.org%2Flicenses%2FLICENSE-2.0&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Mt5oPTNRZf7FwnbGbb1VLtFPskH3IjMpvdcAyq9QM8Q%3D&reserved=0 <
> >>>> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache.org%2Flicenses%2FLICENSE-2.0&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Mt5oPTNRZf7FwnbGbb1VLtFPskH3IjMpvdcAyq9QM8Q%3D&reserved=0>
> >>>>>>>> +//
> >>>>>>>> +// Unless required by applicable law or agreed to in writing,
> >>>> software
> >>>>>>>> +// distributed under the License is distributed on an "AS IS"
> >> BASIS,
> >>>>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
> or
> >>>> implied.
> >>>>>>>> +// See the License for the specific language governing
> permissions
> >>>> and
> >>>>>>>> +// limitations under the License.
> >>>>>>>> +//
> >>>>>>>>
> >>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +package org.apache.royale.utils.string
> >>>>>>>> +{
> >>>>>>>> + COMPILE::JS{
> >>>>>>>> + import goog.html.SafeUrl;
> >>>>>>>> + import goog.html.SafeUrl;
> >>>>>>>> + }
> >>>>>>>> + public function sanitizeUrl(url:String):String
> >>>>>>>> + {
> >>>>>>>> + COMPILE::JS{
> >>>>>>>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + //TODO sanitize in swf
> >>>>>>>> + COMPILE::SWF{
> >>>>>>>> + return url;
> >>>>>>>> + }
> >>>>>>>> + }
> >>>>>>>> +}
> >>>>>>>> \ No newline at end of file
> >>>>>>>> diff --git
> >>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> index c8adc02..9441daf 100644
> >>>>>>>> ---
> >>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> +++
> >>>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> @@ -42,5 +42,6 @@ package flexUnitTests
> >>>>>>>> public var keyConverterTest:KeyConverterTest;
> >>>>>>>> public var
> >>>> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>>>>>>> public var stringUtilsTest:StringUtilsTest;
> >>>>>>>> + public var sanitizerTest:SanitizeTest;
> >>>>>>>> }
> >>>>>>>> }
> >>>>>>>> diff --git
> >>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>>>> similarity index 50%
> >>>>>>>> copy from
> >>>> frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> copy to
> >>>> frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>>>> index c8adc02..7173f52 100644
> >>>>>>>> ---
> >>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> +++
> >>>>
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>>>> @@ -18,29 +18,46 @@
> >>>>>>>>
> >>>>
> >>
> ////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> package flexUnitTests
> >>>>>>>> {
> >>>>>>>> - import flexUnitTests.language.*
> >>>>>>>> + import org.apache.royale.utils.string.*;
> >>>>>>>> + import org.apache.royale.test.asserts.*;
> >>>>>>>>
> >>>>>>>> - [Suite]
> >>>>>>>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
> >>>>>>>> - public class CoreTester
> >>>>>>>> - {
> >>>>>>>> + public class SanitizeTest
> >>>>>>>> + {
> >>>>>>>> + [Before]
> >>>>>>>> + public function setUp():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>>
> >>>>>>>> - //language tests
> >>>>>>>> - public var languageTestIs:LanguageTesterTestIs;
> >>>>>>>> - public var languageTestIntUint:LanguageTesterIntUint;
> >>>>>>>> - public var languageTestVector:LanguageTesterTestVector;
> >>>>>>>> - public var languageTestClass:LanguageTesterTestClass;
> >>>>>>>> - public var
> >>>> languageTestLoopVariants:LanguageTesterTestLoopVariants;
> >>>>>>>> - public var languageTestArraySort:LanguageTesterArraySort;
> >>>>>>>> - public var
> languageTesttryCatch:LanguageTesterTestTryCatch;
> >>>>>>>> + [After]
> >>>>>>>> + public function tearDown():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>>
> >>>>>>>> - //core tests
> >>>>>>>> - public var strandTesterTest:StrandTesterTest;
> >>>>>>>> - public var binaryDataTesterTest:BinaryDataTesterTest;
> >>>>>>>> - public var arrayUtilsTest:ArrayUtilsTest;
> >>>>>>>> - public var dateUtilsTest:DateUtilsTest;
> >>>>>>>> - public var keyConverterTest:KeyConverterTest;
> >>>>>>>> - public var
> >>>> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>>>>>>> - public var stringUtilsTest:StringUtilsTest;
> >>>>>>>> + [BeforeClass]
> >>>>>>>> + public static function setUpBeforeClass():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + [AfterClass]
> >>>>>>>> + public static function tearDownAfterClass():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + [Test]
> >>>>>>>> + public function testHTML():void
> >>>>>>>> + {
> >>>>>>>> + var safeHtml:String = 'Hello <em>World</em>';
> >>>>>>>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + [Test]
> >>>>>>>> + public function testUrl():void
> >>>>>>>> + {
> >>>>>>>> + var safeUrl:String = "https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffoobaz.com%2F&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=sW70HprBrdaIt4SxYwWUZWX0S8ymZtjJX7VLReJNvnE%3D&reserved=0 <
> >>>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffoobaz.com%2F&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=sW70HprBrdaIt4SxYwWUZWX0S8ymZtjJX7VLReJNvnE%3D&reserved=0>"
> >>>>>>>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> +
> >>>>>>>> +
> >>>>>>>> }
> >>>>>>>> }
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>>
> >>
> >>
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Josh Tynjala <jo...@bowlerhat.dev>.
I investigated inside the compiler a bit, and it looks like we don't add
goog.require() calls for any of the goog.* symbols that we use (at least in
CoreJS and BasicJS). If a .swc file contains .js files in the right
location, the compiler assumes that those symbols need a goog.require()
call. However, GCL.swc does not contain any .js files, so the compiler
assumes that these symbols are provided by the browser/runtime instead.
Obviously, the browser doesn't provide them natively, so I suspect that
goog/base.js simply knows how to resolve goog.* symbols automatically
without a goog.require() call (similarly, Closure compiler should know how
to resolve them for release builds). Since we've been using a number of
goog.* symbols for years (our EventDispatcher is based on
goog.events.EventTarget, for instance), I think that the compiler is
behaving correctly here with your new goog.html.SafeHtml and
goog.html.sanitizer.HtmlSantizer symbols. I don't think they need a
goog.require() call.
When you try to run a project using the new sanitizeHtml() and
sanitizeUrl() functions that you created, do they work in both debug and
release builds? Or are they failing? If they're working, I think you're
good to go!
(By the way, you should probably do a "clean" build to test because the
compiler might have an optimization to skip copying Closure library if it
detects its presence in the output directory, so you might not get new .js
files that didn't exist in older SDKs)
--
Josh Tynjala
Bowler Hat LLC <https://bowlerhat.dev>
On Tue, Dec 14, 2021 at 12:17 PM Harbs <ha...@gmail.com> wrote:
> I had to modify the script here:
> https://github.com/apache/royale-asjs/blob/feature/sanitize/frameworks/downloads.xml#L286
> <
> https://github.com/apache/royale-asjs/blob/develop/frameworks/downloads.xml#L286
> >
>
> Adding the necessary files worked to get the goog.html files. I confirmed
> that the files ended up in the debug folder.
>
> BUT, there’s no reference to requiring them in the compiled JS code.
>
> That’s the bit I’m stuck on.
>
> Why does using the following code not generate something akin to
> goog.require (or goog.addDependency) somewhere?
>
> package org.apache.royale.utils.string
> {
> COMPILE::JS{
> import goog.html.sanitizer.HtmlSanitizer;
> import goog.html.SafeHtml;
> }
>
> public function sanitizeHtml(html:String):String
> {
> COMPILE::JS
> {
> return
> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
> }
> //TODO sanitize in swf
> COMPILE::SWF
> {
> return html;
> }
> }
> }
>
> > On Dec 14, 2021, at 10:00 PM, Josh Tynjala <jo...@bowlerhat.dev>
> wrote:
> >
> > I think that GCL.swc might be kind of a weird edge case. The .swc exists
> > only to make the AS3 compiler happy. As I understand it, Closure Compiler
> > analyzes our generated .js files to determine which .js files from
> Closure
> > library are needed in the final output. I think we copy all of Closure
> > library for a debug build, and it grabs what it needs automatically.
> >
> > Could it be that the Closure library .js files that you are trying to use
> > are missing from the version of Closure library that we currently depend
> > on? Maybe we need an upgrade? Or maybe we're simply excluding them in
> some
> > way because they weren't being used.
> >
> > --
> > Josh Tynjala
> > Bowler Hat LLC <https://bowlerhat.dev>
> >
> >
> > On Tue, Dec 14, 2021 at 10:58 AM Harbs <ha...@gmail.com> wrote:
> >
> >> Thanks for responding.
> >>
> >> Yes. I tried to add the definitions here.
> >>
> >>
> >>
> https://github.com/apache/royale-typedefs/tree/feature/sanitize/GCL/src/main/royale/goog/html
> >> <
> >>
> https://github.com/apache/royale-typedefs/tree/feature/sanitize/GCL/src/main/royale/goog/html
> >>>
> >>
> >> It helped to get the type definitions in
> >>
> https://github.com/apache/royale-asjs/blob/1b12594c60420d3503f9e366f314c9d875e16ddb/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >> <
> >>
> https://github.com/apache/royale-asjs/blob/1b12594c60420d3503f9e366f314c9d875e16ddb/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>
> >>
> >> But the goog.html files were not referenced in the JS output. I also
> >> changed the script that extracts the goog js files, but that did not
> help.
> >>
> >> Basically, GCL is like a regular swc library in that JS files are
> needed,
> >> but it’s like a typedef file in that the JS doesn’t come from the swc
> >> (IFAICT). I’m struggling to understand how the compiler builds the
> >> dependencies from GCL.swc…
> >>
> >> Thanks,
> >> Harbs
> >>
> >>> On Dec 14, 2021, at 8:11 PM, Josh Tynjala <jo...@bowlerhat.dev>
> >> wrote:
> >>>
> >>> It looks like the GCL typedefs are defined here:
> >>>
> >>>
> >>
> https://github.com/apache/royale-typedefs/tree/develop/GCL/src/main/royale/goog
> >>>
> >>> I think that so far we've included only the classes that we use in the
> >>> framework, so if you need something that we haven't used before, you
> can
> >>> add it here. It'll get included in the GCL .swc file, and then you can
> >> use
> >>> it in AS3/MXML.
> >>>
> >>> --
> >>> Josh Tynjala
> >>> Bowler Hat LLC <https://bowlerhat.dev>
> >>>
> >>>
> >>> On Tue, Dec 14, 2021 at 9:42 AM Harbs <ha...@gmail.com> wrote:
> >>>
> >>>> Bump.
> >>>>
> >>>> I’m stuck on this issue. I need to understand how the GCL library
> works
> >>>> for me to finish the sanitize functions.
> >>>>
> >>>> Thanks,
> >>>> Harbs
> >>>>
> >>>>> On Dec 13, 2021, at 2:50 PM, Harbs <ha...@gmail.com> wrote:
> >>>>>
> >>>>> I created a page about swcs:
> >>>> https://apache.github.io/royale-docs/libraries/library-basics <
> >>>> https://apache.github.io/royale-docs/libraries/library-basics>
> >>>>>
> >>>>> I added a paragraph about the GCL swc, but I’m really not very clear
> on
> >>>> how it works...
> >>>>>
> >>>>>> On Dec 12, 2021, at 5:46 PM, Harbs <harbs.lists@gmail.com <mailto:
> >>>> harbs.lists@gmail.com>> wrote:
> >>>>>>
> >>>>>> I spent some more time on this, but I’m not sure how to get the
> >>>> compiler to realize that we need the goog files.
> >>>>>>
> >>>>>> For Event we have this:
> >>>>>>
> >>>>>> goog.addDependency('../../../org/apache/royale/events/Event.js',
> >>>> ['org.apache.royale.events.Event'], ['goog.events.Event',
> >>>> 'org.apache.royale.events.IRoyaleEvent']);
> >>>>>>
> >>>>>> But Royale Event subclasses goog.events.Event.
> >>>>>>
> >>>>>> How do I tell the compiler that
> >>>> org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl
> ?
> >>>>>>
> >>>>>> The same for org.apache.royale.utils.string.sanitizeHtml with
> >>>> goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
> >>>>>>
> >>>>>> Alex? Josh? Greg?
> >>>>>>
> >>>>>> Thanks,
> >>>>>> Harbs
> >>>>>>
> >>>>>>> On Dec 12, 2021, at 2:13 AM, Harbs <harbs.lists@gmail.com <mailto:
> >>>> harbs.lists@gmail.com>> wrote:
> >>>>>>>
> >>>>>>> I added code for sanitizing, but it’s not working because the
> >>>> goog.html files are not being copied. I don’t know what needs to be
> >> done to
> >>>> make that happen.
> >>>>>>>
> >>>>>>> Harbs
> >>>>>>>
> >>>>>>>> On Dec 12, 2021, at 2:12 AM, harbs@apache.org <mailto:
> >>>> harbs@apache.org> wrote:
> >>>>>>>>
> >>>>>>>> This is an automated email from the ASF dual-hosted git
> repository.
> >>>>>>>>
> >>>>>>>> harbs pushed a commit to branch feature/sanitize
> >>>>>>>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git
> <
> >>>> https://gitbox.apache.org/repos/asf/royale-asjs.git>
> >>>>>>>>
> >>>>>>>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
> >>>>>>>> Author: Harbs <harbs@in-tools.com <ma...@in-tools.com>>
> >>>>>>>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
> >>>>>>>>
> >>>>>>>> Added sanitizeUrl and sanitizeHtml
> >>>>>>>> ---
> >>>>>>>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
> >>>>>>>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38
> >> ++++++++++++++
> >>>>>>>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36
> >> +++++++++++++
> >>>>>>>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
> >>>>>>>> .../{CoreTester.as => SanitizeTest.as} | 59
> >>>> ++++++++++++++--------
> >>>>>>>> 5 files changed, 115 insertions(+), 21 deletions(-)
> >>>>>>>>
> >>>>>>>> diff --git
> a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>> b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>>>> index 21593fd..dd088eb 100644
> >>>>>>>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>>>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>>>> @@ -342,6 +342,8 @@ internal class CoreClasses
> >>>>>>>> import org.apache.royale.utils.string.trimRight; trimRight;
> >>>>>>>> import org.apache.royale.utils.string.trimLeft; trimLeft;
> >>>>>>>> import org.apache.royale.utils.string.cacheBust; cacheBust;
> >>>>>>>> + import org.apache.royale.utils.string.sanitizeHtml;
> sanitizeHtml;
> >>>>>>>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
> >>>>>>>>
> >>>>>>>> import org.apache.royale.utils.date.addDays; addDays;
> >>>>>>>> import org.apache.royale.utils.date.addHours; addHours;
> >>>>>>>> diff --git
> >>>>
> >>
> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>>>>> new file mode 100644
> >>>>>>>> index 0000000..360ef63
> >>>>>>>> --- /dev/null
> >>>>>>>> +++
> >>>>
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>>>>> @@ -0,0 +1,38 @@
> >>>>>>>>
> >>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +//
> >>>>>>>> +// Licensed to the Apache Software Foundation (ASF) under one or
> >>>> more
> >>>>>>>> +// contributor license agreements. See the NOTICE file
> >> distributed
> >>>> with
> >>>>>>>> +// this work for additional information regarding copyright
> >>>> ownership.
> >>>>>>>> +// The ASF licenses this file to You under the Apache License,
> >>>> Version 2.0
> >>>>>>>> +// (the "License"); you may not use this file except in
> compliance
> >>>> with
> >>>>>>>> +// the License. You may obtain a copy of the License at
> >>>>>>>> +//
> >>>>>>>> +// http://www.apache.org/licenses/LICENSE-2.0 <
> >>>> http://www.apache.org/licenses/LICENSE-2.0>
> >>>>>>>> +//
> >>>>>>>> +// Unless required by applicable law or agreed to in writing,
> >>>> software
> >>>>>>>> +// distributed under the License is distributed on an "AS IS"
> >> BASIS,
> >>>>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
> or
> >>>> implied.
> >>>>>>>> +// See the License for the specific language governing
> permissions
> >>>> and
> >>>>>>>> +// limitations under the License.
> >>>>>>>> +//
> >>>>>>>>
> >>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +package org.apache.royale.utils.string
> >>>>>>>> +{
> >>>>>>>> + COMPILE::JS{
> >>>>>>>> + import goog.html.sanitizer.HtmlSanitizer;
> >>>>>>>> + import goog.html.SafeHtml;
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + public function sanitizeHtml(html:String):String
> >>>>>>>> + {
> >>>>>>>> + COMPILE::JS
> >>>>>>>> + {
> >>>>>>>> + return
> >>>> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
> >>>>>>>> + }
> >>>>>>>> + //TODO sanitize in swf
> >>>>>>>> + COMPILE::SWF
> >>>>>>>> + {
> >>>>>>>> + return html;
> >>>>>>>> + }
> >>>>>>>> + }
> >>>>>>>> +}
> >>>>>>>> \ No newline at end of file
> >>>>>>>> diff --git
> >>>>
> >>
> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>>>>> new file mode 100644
> >>>>>>>> index 0000000..cd4151d
> >>>>>>>> --- /dev/null
> >>>>>>>> +++
> >>>>
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>>>>> @@ -0,0 +1,36 @@
> >>>>>>>>
> >>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +//
> >>>>>>>> +// Licensed to the Apache Software Foundation (ASF) under one or
> >>>> more
> >>>>>>>> +// contributor license agreements. See the NOTICE file
> >> distributed
> >>>> with
> >>>>>>>> +// this work for additional information regarding copyright
> >>>> ownership.
> >>>>>>>> +// The ASF licenses this file to You under the Apache License,
> >>>> Version 2.0
> >>>>>>>> +// (the "License"); you may not use this file except in
> compliance
> >>>> with
> >>>>>>>> +// the License. You may obtain a copy of the License at
> >>>>>>>> +//
> >>>>>>>> +// http://www.apache.org/licenses/LICENSE-2.0 <
> >>>> http://www.apache.org/licenses/LICENSE-2.0>
> >>>>>>>> +//
> >>>>>>>> +// Unless required by applicable law or agreed to in writing,
> >>>> software
> >>>>>>>> +// distributed under the License is distributed on an "AS IS"
> >> BASIS,
> >>>>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
> or
> >>>> implied.
> >>>>>>>> +// See the License for the specific language governing
> permissions
> >>>> and
> >>>>>>>> +// limitations under the License.
> >>>>>>>> +//
> >>>>>>>>
> >>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +package org.apache.royale.utils.string
> >>>>>>>> +{
> >>>>>>>> + COMPILE::JS{
> >>>>>>>> + import goog.html.SafeUrl;
> >>>>>>>> + import goog.html.SafeUrl;
> >>>>>>>> + }
> >>>>>>>> + public function sanitizeUrl(url:String):String
> >>>>>>>> + {
> >>>>>>>> + COMPILE::JS{
> >>>>>>>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + //TODO sanitize in swf
> >>>>>>>> + COMPILE::SWF{
> >>>>>>>> + return url;
> >>>>>>>> + }
> >>>>>>>> + }
> >>>>>>>> +}
> >>>>>>>> \ No newline at end of file
> >>>>>>>> diff --git
> >>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> index c8adc02..9441daf 100644
> >>>>>>>> ---
> >>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> +++
> >>>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> @@ -42,5 +42,6 @@ package flexUnitTests
> >>>>>>>> public var keyConverterTest:KeyConverterTest;
> >>>>>>>> public var
> >>>> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>>>>>>> public var stringUtilsTest:StringUtilsTest;
> >>>>>>>> + public var sanitizerTest:SanitizeTest;
> >>>>>>>> }
> >>>>>>>> }
> >>>>>>>> diff --git
> >>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>>>> similarity index 50%
> >>>>>>>> copy from
> >>>> frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> copy to
> >>>> frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>>>> index c8adc02..7173f52 100644
> >>>>>>>> ---
> >>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> +++
> >>>>
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>>>> @@ -18,29 +18,46 @@
> >>>>>>>>
> >>>>
> >>
> ////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> package flexUnitTests
> >>>>>>>> {
> >>>>>>>> - import flexUnitTests.language.*
> >>>>>>>> + import org.apache.royale.utils.string.*;
> >>>>>>>> + import org.apache.royale.test.asserts.*;
> >>>>>>>>
> >>>>>>>> - [Suite]
> >>>>>>>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
> >>>>>>>> - public class CoreTester
> >>>>>>>> - {
> >>>>>>>> + public class SanitizeTest
> >>>>>>>> + {
> >>>>>>>> + [Before]
> >>>>>>>> + public function setUp():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>>
> >>>>>>>> - //language tests
> >>>>>>>> - public var languageTestIs:LanguageTesterTestIs;
> >>>>>>>> - public var languageTestIntUint:LanguageTesterIntUint;
> >>>>>>>> - public var languageTestVector:LanguageTesterTestVector;
> >>>>>>>> - public var languageTestClass:LanguageTesterTestClass;
> >>>>>>>> - public var
> >>>> languageTestLoopVariants:LanguageTesterTestLoopVariants;
> >>>>>>>> - public var languageTestArraySort:LanguageTesterArraySort;
> >>>>>>>> - public var
> languageTesttryCatch:LanguageTesterTestTryCatch;
> >>>>>>>> + [After]
> >>>>>>>> + public function tearDown():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>>
> >>>>>>>> - //core tests
> >>>>>>>> - public var strandTesterTest:StrandTesterTest;
> >>>>>>>> - public var binaryDataTesterTest:BinaryDataTesterTest;
> >>>>>>>> - public var arrayUtilsTest:ArrayUtilsTest;
> >>>>>>>> - public var dateUtilsTest:DateUtilsTest;
> >>>>>>>> - public var keyConverterTest:KeyConverterTest;
> >>>>>>>> - public var
> >>>> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>>>>>>> - public var stringUtilsTest:StringUtilsTest;
> >>>>>>>> + [BeforeClass]
> >>>>>>>> + public static function setUpBeforeClass():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + [AfterClass]
> >>>>>>>> + public static function tearDownAfterClass():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + [Test]
> >>>>>>>> + public function testHTML():void
> >>>>>>>> + {
> >>>>>>>> + var safeHtml:String = 'Hello <em>World</em>';
> >>>>>>>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + [Test]
> >>>>>>>> + public function testUrl():void
> >>>>>>>> + {
> >>>>>>>> + var safeUrl:String = "https://foobaz.com <
> >>>> https://foobaz.com/>"
> >>>>>>>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> +
> >>>>>>>> +
> >>>>>>>> }
> >>>>>>>> }
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>>
> >>
> >>
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
I had to modify the script here: https://github.com/apache/royale-asjs/blob/feature/sanitize/frameworks/downloads.xml#L286 <https://github.com/apache/royale-asjs/blob/develop/frameworks/downloads.xml#L286>
Adding the necessary files worked to get the goog.html files. I confirmed that the files ended up in the debug folder.
BUT, there’s no reference to requiring them in the compiled JS code.
That’s the bit I’m stuck on.
Why does using the following code not generate something akin to goog.require (or goog.addDependency) somewhere?
package org.apache.royale.utils.string
{
COMPILE::JS{
import goog.html.sanitizer.HtmlSanitizer;
import goog.html.SafeHtml;
}
public function sanitizeHtml(html:String):String
{
COMPILE::JS
{
return SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
}
//TODO sanitize in swf
COMPILE::SWF
{
return html;
}
}
}
> On Dec 14, 2021, at 10:00 PM, Josh Tynjala <jo...@bowlerhat.dev> wrote:
>
> I think that GCL.swc might be kind of a weird edge case. The .swc exists
> only to make the AS3 compiler happy. As I understand it, Closure Compiler
> analyzes our generated .js files to determine which .js files from Closure
> library are needed in the final output. I think we copy all of Closure
> library for a debug build, and it grabs what it needs automatically.
>
> Could it be that the Closure library .js files that you are trying to use
> are missing from the version of Closure library that we currently depend
> on? Maybe we need an upgrade? Or maybe we're simply excluding them in some
> way because they weren't being used.
>
> --
> Josh Tynjala
> Bowler Hat LLC <https://bowlerhat.dev>
>
>
> On Tue, Dec 14, 2021 at 10:58 AM Harbs <ha...@gmail.com> wrote:
>
>> Thanks for responding.
>>
>> Yes. I tried to add the definitions here.
>>
>>
>> https://github.com/apache/royale-typedefs/tree/feature/sanitize/GCL/src/main/royale/goog/html
>> <
>> https://github.com/apache/royale-typedefs/tree/feature/sanitize/GCL/src/main/royale/goog/html
>>>
>>
>> It helped to get the type definitions in
>> https://github.com/apache/royale-asjs/blob/1b12594c60420d3503f9e366f314c9d875e16ddb/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>> <
>> https://github.com/apache/royale-asjs/blob/1b12594c60420d3503f9e366f314c9d875e16ddb/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>>
>>
>> But the goog.html files were not referenced in the JS output. I also
>> changed the script that extracts the goog js files, but that did not help.
>>
>> Basically, GCL is like a regular swc library in that JS files are needed,
>> but it’s like a typedef file in that the JS doesn’t come from the swc
>> (IFAICT). I’m struggling to understand how the compiler builds the
>> dependencies from GCL.swc…
>>
>> Thanks,
>> Harbs
>>
>>> On Dec 14, 2021, at 8:11 PM, Josh Tynjala <jo...@bowlerhat.dev>
>> wrote:
>>>
>>> It looks like the GCL typedefs are defined here:
>>>
>>>
>> https://github.com/apache/royale-typedefs/tree/develop/GCL/src/main/royale/goog
>>>
>>> I think that so far we've included only the classes that we use in the
>>> framework, so if you need something that we haven't used before, you can
>>> add it here. It'll get included in the GCL .swc file, and then you can
>> use
>>> it in AS3/MXML.
>>>
>>> --
>>> Josh Tynjala
>>> Bowler Hat LLC <https://bowlerhat.dev>
>>>
>>>
>>> On Tue, Dec 14, 2021 at 9:42 AM Harbs <ha...@gmail.com> wrote:
>>>
>>>> Bump.
>>>>
>>>> I’m stuck on this issue. I need to understand how the GCL library works
>>>> for me to finish the sanitize functions.
>>>>
>>>> Thanks,
>>>> Harbs
>>>>
>>>>> On Dec 13, 2021, at 2:50 PM, Harbs <ha...@gmail.com> wrote:
>>>>>
>>>>> I created a page about swcs:
>>>> https://apache.github.io/royale-docs/libraries/library-basics <
>>>> https://apache.github.io/royale-docs/libraries/library-basics>
>>>>>
>>>>> I added a paragraph about the GCL swc, but I’m really not very clear on
>>>> how it works...
>>>>>
>>>>>> On Dec 12, 2021, at 5:46 PM, Harbs <harbs.lists@gmail.com <mailto:
>>>> harbs.lists@gmail.com>> wrote:
>>>>>>
>>>>>> I spent some more time on this, but I’m not sure how to get the
>>>> compiler to realize that we need the goog files.
>>>>>>
>>>>>> For Event we have this:
>>>>>>
>>>>>> goog.addDependency('../../../org/apache/royale/events/Event.js',
>>>> ['org.apache.royale.events.Event'], ['goog.events.Event',
>>>> 'org.apache.royale.events.IRoyaleEvent']);
>>>>>>
>>>>>> But Royale Event subclasses goog.events.Event.
>>>>>>
>>>>>> How do I tell the compiler that
>>>> org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl ?
>>>>>>
>>>>>> The same for org.apache.royale.utils.string.sanitizeHtml with
>>>> goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
>>>>>>
>>>>>> Alex? Josh? Greg?
>>>>>>
>>>>>> Thanks,
>>>>>> Harbs
>>>>>>
>>>>>>> On Dec 12, 2021, at 2:13 AM, Harbs <harbs.lists@gmail.com <mailto:
>>>> harbs.lists@gmail.com>> wrote:
>>>>>>>
>>>>>>> I added code for sanitizing, but it’s not working because the
>>>> goog.html files are not being copied. I don’t know what needs to be
>> done to
>>>> make that happen.
>>>>>>>
>>>>>>> Harbs
>>>>>>>
>>>>>>>> On Dec 12, 2021, at 2:12 AM, harbs@apache.org <mailto:
>>>> harbs@apache.org> wrote:
>>>>>>>>
>>>>>>>> This is an automated email from the ASF dual-hosted git repository.
>>>>>>>>
>>>>>>>> harbs pushed a commit to branch feature/sanitize
>>>>>>>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git <
>>>> https://gitbox.apache.org/repos/asf/royale-asjs.git>
>>>>>>>>
>>>>>>>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
>>>>>>>> Author: Harbs <harbs@in-tools.com <ma...@in-tools.com>>
>>>>>>>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
>>>>>>>>
>>>>>>>> Added sanitizeUrl and sanitizeHtml
>>>>>>>> ---
>>>>>>>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
>>>>>>>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38
>> ++++++++++++++
>>>>>>>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36
>> +++++++++++++
>>>>>>>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
>>>>>>>> .../{CoreTester.as => SanitizeTest.as} | 59
>>>> ++++++++++++++--------
>>>>>>>> 5 files changed, 115 insertions(+), 21 deletions(-)
>>>>>>>>
>>>>>>>> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>>> b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>>>>>>> index 21593fd..dd088eb 100644
>>>>>>>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>>>>>>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>>>>>>> @@ -342,6 +342,8 @@ internal class CoreClasses
>>>>>>>> import org.apache.royale.utils.string.trimRight; trimRight;
>>>>>>>> import org.apache.royale.utils.string.trimLeft; trimLeft;
>>>>>>>> import org.apache.royale.utils.string.cacheBust; cacheBust;
>>>>>>>> + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
>>>>>>>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
>>>>>>>>
>>>>>>>> import org.apache.royale.utils.date.addDays; addDays;
>>>>>>>> import org.apache.royale.utils.date.addHours; addHours;
>>>>>>>> diff --git
>>>>
>> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>>>
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>>>>>>> new file mode 100644
>>>>>>>> index 0000000..360ef63
>>>>>>>> --- /dev/null
>>>>>>>> +++
>>>>
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>>>>>>> @@ -0,0 +1,38 @@
>>>>>>>>
>>>>
>> +////////////////////////////////////////////////////////////////////////////////
>>>>>>>> +//
>>>>>>>> +// Licensed to the Apache Software Foundation (ASF) under one or
>>>> more
>>>>>>>> +// contributor license agreements. See the NOTICE file
>> distributed
>>>> with
>>>>>>>> +// this work for additional information regarding copyright
>>>> ownership.
>>>>>>>> +// The ASF licenses this file to You under the Apache License,
>>>> Version 2.0
>>>>>>>> +// (the "License"); you may not use this file except in compliance
>>>> with
>>>>>>>> +// the License. You may obtain a copy of the License at
>>>>>>>> +//
>>>>>>>> +// http://www.apache.org/licenses/LICENSE-2.0 <
>>>> http://www.apache.org/licenses/LICENSE-2.0>
>>>>>>>> +//
>>>>>>>> +// Unless required by applicable law or agreed to in writing,
>>>> software
>>>>>>>> +// distributed under the License is distributed on an "AS IS"
>> BASIS,
>>>>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>> implied.
>>>>>>>> +// See the License for the specific language governing permissions
>>>> and
>>>>>>>> +// limitations under the License.
>>>>>>>> +//
>>>>>>>>
>>>>
>> +////////////////////////////////////////////////////////////////////////////////
>>>>>>>> +package org.apache.royale.utils.string
>>>>>>>> +{
>>>>>>>> + COMPILE::JS{
>>>>>>>> + import goog.html.sanitizer.HtmlSanitizer;
>>>>>>>> + import goog.html.SafeHtml;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + public function sanitizeHtml(html:String):String
>>>>>>>> + {
>>>>>>>> + COMPILE::JS
>>>>>>>> + {
>>>>>>>> + return
>>>> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
>>>>>>>> + }
>>>>>>>> + //TODO sanitize in swf
>>>>>>>> + COMPILE::SWF
>>>>>>>> + {
>>>>>>>> + return html;
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> +}
>>>>>>>> \ No newline at end of file
>>>>>>>> diff --git
>>>>
>> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>>>
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>>>>>>> new file mode 100644
>>>>>>>> index 0000000..cd4151d
>>>>>>>> --- /dev/null
>>>>>>>> +++
>>>>
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>>>>>>> @@ -0,0 +1,36 @@
>>>>>>>>
>>>>
>> +////////////////////////////////////////////////////////////////////////////////
>>>>>>>> +//
>>>>>>>> +// Licensed to the Apache Software Foundation (ASF) under one or
>>>> more
>>>>>>>> +// contributor license agreements. See the NOTICE file
>> distributed
>>>> with
>>>>>>>> +// this work for additional information regarding copyright
>>>> ownership.
>>>>>>>> +// The ASF licenses this file to You under the Apache License,
>>>> Version 2.0
>>>>>>>> +// (the "License"); you may not use this file except in compliance
>>>> with
>>>>>>>> +// the License. You may obtain a copy of the License at
>>>>>>>> +//
>>>>>>>> +// http://www.apache.org/licenses/LICENSE-2.0 <
>>>> http://www.apache.org/licenses/LICENSE-2.0>
>>>>>>>> +//
>>>>>>>> +// Unless required by applicable law or agreed to in writing,
>>>> software
>>>>>>>> +// distributed under the License is distributed on an "AS IS"
>> BASIS,
>>>>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>> implied.
>>>>>>>> +// See the License for the specific language governing permissions
>>>> and
>>>>>>>> +// limitations under the License.
>>>>>>>> +//
>>>>>>>>
>>>>
>> +////////////////////////////////////////////////////////////////////////////////
>>>>>>>> +package org.apache.royale.utils.string
>>>>>>>> +{
>>>>>>>> + COMPILE::JS{
>>>>>>>> + import goog.html.SafeUrl;
>>>>>>>> + import goog.html.SafeUrl;
>>>>>>>> + }
>>>>>>>> + public function sanitizeUrl(url:String):String
>>>>>>>> + {
>>>>>>>> + COMPILE::JS{
>>>>>>>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + //TODO sanitize in swf
>>>>>>>> + COMPILE::SWF{
>>>>>>>> + return url;
>>>>>>>> + }
>>>>>>>> + }
>>>>>>>> +}
>>>>>>>> \ No newline at end of file
>>>>>>>> diff --git
>>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>>>>>> index c8adc02..9441daf 100644
>>>>>>>> ---
>>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>>>>>> +++
>>>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>>>>>> @@ -42,5 +42,6 @@ package flexUnitTests
>>>>>>>> public var keyConverterTest:KeyConverterTest;
>>>>>>>> public var
>>>> keyboardEventConverterTest:KeyboardEventConverterTest;
>>>>>>>> public var stringUtilsTest:StringUtilsTest;
>>>>>>>> + public var sanitizerTest:SanitizeTest;
>>>>>>>> }
>>>>>>>> }
>>>>>>>> diff --git
>>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>>>>>>> similarity index 50%
>>>>>>>> copy from
>>>> frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>>>>>> copy to
>>>> frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>>>>>>> index c8adc02..7173f52 100644
>>>>>>>> ---
>>>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>>>>>> +++
>>>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>>>>>>> @@ -18,29 +18,46 @@
>>>>>>>>
>>>>
>> ////////////////////////////////////////////////////////////////////////////////
>>>>>>>> package flexUnitTests
>>>>>>>> {
>>>>>>>> - import flexUnitTests.language.*
>>>>>>>> + import org.apache.royale.utils.string.*;
>>>>>>>> + import org.apache.royale.test.asserts.*;
>>>>>>>>
>>>>>>>> - [Suite]
>>>>>>>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
>>>>>>>> - public class CoreTester
>>>>>>>> - {
>>>>>>>> + public class SanitizeTest
>>>>>>>> + {
>>>>>>>> + [Before]
>>>>>>>> + public function setUp():void
>>>>>>>> + {
>>>>>>>> + }
>>>>>>>>
>>>>>>>> - //language tests
>>>>>>>> - public var languageTestIs:LanguageTesterTestIs;
>>>>>>>> - public var languageTestIntUint:LanguageTesterIntUint;
>>>>>>>> - public var languageTestVector:LanguageTesterTestVector;
>>>>>>>> - public var languageTestClass:LanguageTesterTestClass;
>>>>>>>> - public var
>>>> languageTestLoopVariants:LanguageTesterTestLoopVariants;
>>>>>>>> - public var languageTestArraySort:LanguageTesterArraySort;
>>>>>>>> - public var languageTesttryCatch:LanguageTesterTestTryCatch;
>>>>>>>> + [After]
>>>>>>>> + public function tearDown():void
>>>>>>>> + {
>>>>>>>> + }
>>>>>>>>
>>>>>>>> - //core tests
>>>>>>>> - public var strandTesterTest:StrandTesterTest;
>>>>>>>> - public var binaryDataTesterTest:BinaryDataTesterTest;
>>>>>>>> - public var arrayUtilsTest:ArrayUtilsTest;
>>>>>>>> - public var dateUtilsTest:DateUtilsTest;
>>>>>>>> - public var keyConverterTest:KeyConverterTest;
>>>>>>>> - public var
>>>> keyboardEventConverterTest:KeyboardEventConverterTest;
>>>>>>>> - public var stringUtilsTest:StringUtilsTest;
>>>>>>>> + [BeforeClass]
>>>>>>>> + public static function setUpBeforeClass():void
>>>>>>>> + {
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + [AfterClass]
>>>>>>>> + public static function tearDownAfterClass():void
>>>>>>>> + {
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + [Test]
>>>>>>>> + public function testHTML():void
>>>>>>>> + {
>>>>>>>> + var safeHtml:String = 'Hello <em>World</em>';
>>>>>>>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + [Test]
>>>>>>>> + public function testUrl():void
>>>>>>>> + {
>>>>>>>> + var safeUrl:String = "https://foobaz.com <
>>>> https://foobaz.com/>"
>>>>>>>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> +
>>>>>>>> +
>>>>>>>> }
>>>>>>>> }
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>
>>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Josh Tynjala <jo...@bowlerhat.dev>.
I think that GCL.swc might be kind of a weird edge case. The .swc exists
only to make the AS3 compiler happy. As I understand it, Closure Compiler
analyzes our generated .js files to determine which .js files from Closure
library are needed in the final output. I think we copy all of Closure
library for a debug build, and it grabs what it needs automatically.
Could it be that the Closure library .js files that you are trying to use
are missing from the version of Closure library that we currently depend
on? Maybe we need an upgrade? Or maybe we're simply excluding them in some
way because they weren't being used.
--
Josh Tynjala
Bowler Hat LLC <https://bowlerhat.dev>
On Tue, Dec 14, 2021 at 10:58 AM Harbs <ha...@gmail.com> wrote:
> Thanks for responding.
>
> Yes. I tried to add the definitions here.
>
>
> https://github.com/apache/royale-typedefs/tree/feature/sanitize/GCL/src/main/royale/goog/html
> <
> https://github.com/apache/royale-typedefs/tree/feature/sanitize/GCL/src/main/royale/goog/html
> >
>
> It helped to get the type definitions in
> https://github.com/apache/royale-asjs/blob/1b12594c60420d3503f9e366f314c9d875e16ddb/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> <
> https://github.com/apache/royale-asjs/blob/1b12594c60420d3503f9e366f314c9d875e16ddb/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >
>
> But the goog.html files were not referenced in the JS output. I also
> changed the script that extracts the goog js files, but that did not help.
>
> Basically, GCL is like a regular swc library in that JS files are needed,
> but it’s like a typedef file in that the JS doesn’t come from the swc
> (IFAICT). I’m struggling to understand how the compiler builds the
> dependencies from GCL.swc…
>
> Thanks,
> Harbs
>
> > On Dec 14, 2021, at 8:11 PM, Josh Tynjala <jo...@bowlerhat.dev>
> wrote:
> >
> > It looks like the GCL typedefs are defined here:
> >
> >
> https://github.com/apache/royale-typedefs/tree/develop/GCL/src/main/royale/goog
> >
> > I think that so far we've included only the classes that we use in the
> > framework, so if you need something that we haven't used before, you can
> > add it here. It'll get included in the GCL .swc file, and then you can
> use
> > it in AS3/MXML.
> >
> > --
> > Josh Tynjala
> > Bowler Hat LLC <https://bowlerhat.dev>
> >
> >
> > On Tue, Dec 14, 2021 at 9:42 AM Harbs <ha...@gmail.com> wrote:
> >
> >> Bump.
> >>
> >> I’m stuck on this issue. I need to understand how the GCL library works
> >> for me to finish the sanitize functions.
> >>
> >> Thanks,
> >> Harbs
> >>
> >>> On Dec 13, 2021, at 2:50 PM, Harbs <ha...@gmail.com> wrote:
> >>>
> >>> I created a page about swcs:
> >> https://apache.github.io/royale-docs/libraries/library-basics <
> >> https://apache.github.io/royale-docs/libraries/library-basics>
> >>>
> >>> I added a paragraph about the GCL swc, but I’m really not very clear on
> >> how it works...
> >>>
> >>>> On Dec 12, 2021, at 5:46 PM, Harbs <harbs.lists@gmail.com <mailto:
> >> harbs.lists@gmail.com>> wrote:
> >>>>
> >>>> I spent some more time on this, but I’m not sure how to get the
> >> compiler to realize that we need the goog files.
> >>>>
> >>>> For Event we have this:
> >>>>
> >>>> goog.addDependency('../../../org/apache/royale/events/Event.js',
> >> ['org.apache.royale.events.Event'], ['goog.events.Event',
> >> 'org.apache.royale.events.IRoyaleEvent']);
> >>>>
> >>>> But Royale Event subclasses goog.events.Event.
> >>>>
> >>>> How do I tell the compiler that
> >> org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl ?
> >>>>
> >>>> The same for org.apache.royale.utils.string.sanitizeHtml with
> >> goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
> >>>>
> >>>> Alex? Josh? Greg?
> >>>>
> >>>> Thanks,
> >>>> Harbs
> >>>>
> >>>>> On Dec 12, 2021, at 2:13 AM, Harbs <harbs.lists@gmail.com <mailto:
> >> harbs.lists@gmail.com>> wrote:
> >>>>>
> >>>>> I added code for sanitizing, but it’s not working because the
> >> goog.html files are not being copied. I don’t know what needs to be
> done to
> >> make that happen.
> >>>>>
> >>>>> Harbs
> >>>>>
> >>>>>> On Dec 12, 2021, at 2:12 AM, harbs@apache.org <mailto:
> >> harbs@apache.org> wrote:
> >>>>>>
> >>>>>> This is an automated email from the ASF dual-hosted git repository.
> >>>>>>
> >>>>>> harbs pushed a commit to branch feature/sanitize
> >>>>>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git <
> >> https://gitbox.apache.org/repos/asf/royale-asjs.git>
> >>>>>>
> >>>>>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
> >>>>>> Author: Harbs <harbs@in-tools.com <ma...@in-tools.com>>
> >>>>>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
> >>>>>>
> >>>>>> Added sanitizeUrl and sanitizeHtml
> >>>>>> ---
> >>>>>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
> >>>>>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38
> ++++++++++++++
> >>>>>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36
> +++++++++++++
> >>>>>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
> >>>>>> .../{CoreTester.as => SanitizeTest.as} | 59
> >> ++++++++++++++--------
> >>>>>> 5 files changed, 115 insertions(+), 21 deletions(-)
> >>>>>>
> >>>>>> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >> b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>> index 21593fd..dd088eb 100644
> >>>>>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>> @@ -342,6 +342,8 @@ internal class CoreClasses
> >>>>>> import org.apache.royale.utils.string.trimRight; trimRight;
> >>>>>> import org.apache.royale.utils.string.trimLeft; trimLeft;
> >>>>>> import org.apache.royale.utils.string.cacheBust; cacheBust;
> >>>>>> + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
> >>>>>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
> >>>>>>
> >>>>>> import org.apache.royale.utils.date.addDays; addDays;
> >>>>>> import org.apache.royale.utils.date.addHours; addHours;
> >>>>>> diff --git
> >>
> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>>> new file mode 100644
> >>>>>> index 0000000..360ef63
> >>>>>> --- /dev/null
> >>>>>> +++
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>>> @@ -0,0 +1,38 @@
> >>>>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>> +//
> >>>>>> +// Licensed to the Apache Software Foundation (ASF) under one or
> >> more
> >>>>>> +// contributor license agreements. See the NOTICE file
> distributed
> >> with
> >>>>>> +// this work for additional information regarding copyright
> >> ownership.
> >>>>>> +// The ASF licenses this file to You under the Apache License,
> >> Version 2.0
> >>>>>> +// (the "License"); you may not use this file except in compliance
> >> with
> >>>>>> +// the License. You may obtain a copy of the License at
> >>>>>> +//
> >>>>>> +// http://www.apache.org/licenses/LICENSE-2.0 <
> >> http://www.apache.org/licenses/LICENSE-2.0>
> >>>>>> +//
> >>>>>> +// Unless required by applicable law or agreed to in writing,
> >> software
> >>>>>> +// distributed under the License is distributed on an "AS IS"
> BASIS,
> >>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> >> implied.
> >>>>>> +// See the License for the specific language governing permissions
> >> and
> >>>>>> +// limitations under the License.
> >>>>>> +//
> >>>>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>> +package org.apache.royale.utils.string
> >>>>>> +{
> >>>>>> + COMPILE::JS{
> >>>>>> + import goog.html.sanitizer.HtmlSanitizer;
> >>>>>> + import goog.html.SafeHtml;
> >>>>>> + }
> >>>>>> +
> >>>>>> + public function sanitizeHtml(html:String):String
> >>>>>> + {
> >>>>>> + COMPILE::JS
> >>>>>> + {
> >>>>>> + return
> >> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
> >>>>>> + }
> >>>>>> + //TODO sanitize in swf
> >>>>>> + COMPILE::SWF
> >>>>>> + {
> >>>>>> + return html;
> >>>>>> + }
> >>>>>> + }
> >>>>>> +}
> >>>>>> \ No newline at end of file
> >>>>>> diff --git
> >>
> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>>> new file mode 100644
> >>>>>> index 0000000..cd4151d
> >>>>>> --- /dev/null
> >>>>>> +++
> >>
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>>> @@ -0,0 +1,36 @@
> >>>>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>> +//
> >>>>>> +// Licensed to the Apache Software Foundation (ASF) under one or
> >> more
> >>>>>> +// contributor license agreements. See the NOTICE file
> distributed
> >> with
> >>>>>> +// this work for additional information regarding copyright
> >> ownership.
> >>>>>> +// The ASF licenses this file to You under the Apache License,
> >> Version 2.0
> >>>>>> +// (the "License"); you may not use this file except in compliance
> >> with
> >>>>>> +// the License. You may obtain a copy of the License at
> >>>>>> +//
> >>>>>> +// http://www.apache.org/licenses/LICENSE-2.0 <
> >> http://www.apache.org/licenses/LICENSE-2.0>
> >>>>>> +//
> >>>>>> +// Unless required by applicable law or agreed to in writing,
> >> software
> >>>>>> +// distributed under the License is distributed on an "AS IS"
> BASIS,
> >>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> >> implied.
> >>>>>> +// See the License for the specific language governing permissions
> >> and
> >>>>>> +// limitations under the License.
> >>>>>> +//
> >>>>>>
> >>
> +////////////////////////////////////////////////////////////////////////////////
> >>>>>> +package org.apache.royale.utils.string
> >>>>>> +{
> >>>>>> + COMPILE::JS{
> >>>>>> + import goog.html.SafeUrl;
> >>>>>> + import goog.html.SafeUrl;
> >>>>>> + }
> >>>>>> + public function sanitizeUrl(url:String):String
> >>>>>> + {
> >>>>>> + COMPILE::JS{
> >>>>>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
> >>>>>> + }
> >>>>>> +
> >>>>>> + //TODO sanitize in swf
> >>>>>> + COMPILE::SWF{
> >>>>>> + return url;
> >>>>>> + }
> >>>>>> + }
> >>>>>> +}
> >>>>>> \ No newline at end of file
> >>>>>> diff --git
> >> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>> index c8adc02..9441daf 100644
> >>>>>> ---
> >> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>> +++
> >> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>> @@ -42,5 +42,6 @@ package flexUnitTests
> >>>>>> public var keyConverterTest:KeyConverterTest;
> >>>>>> public var
> >> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>>>>> public var stringUtilsTest:StringUtilsTest;
> >>>>>> + public var sanitizerTest:SanitizeTest;
> >>>>>> }
> >>>>>> }
> >>>>>> diff --git
> >> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>> similarity index 50%
> >>>>>> copy from
> >> frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>> copy to
> >> frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>> index c8adc02..7173f52 100644
> >>>>>> ---
> >> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>> +++
> >> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>> @@ -18,29 +18,46 @@
> >>>>>>
> >>
> ////////////////////////////////////////////////////////////////////////////////
> >>>>>> package flexUnitTests
> >>>>>> {
> >>>>>> - import flexUnitTests.language.*
> >>>>>> + import org.apache.royale.utils.string.*;
> >>>>>> + import org.apache.royale.test.asserts.*;
> >>>>>>
> >>>>>> - [Suite]
> >>>>>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
> >>>>>> - public class CoreTester
> >>>>>> - {
> >>>>>> + public class SanitizeTest
> >>>>>> + {
> >>>>>> + [Before]
> >>>>>> + public function setUp():void
> >>>>>> + {
> >>>>>> + }
> >>>>>>
> >>>>>> - //language tests
> >>>>>> - public var languageTestIs:LanguageTesterTestIs;
> >>>>>> - public var languageTestIntUint:LanguageTesterIntUint;
> >>>>>> - public var languageTestVector:LanguageTesterTestVector;
> >>>>>> - public var languageTestClass:LanguageTesterTestClass;
> >>>>>> - public var
> >> languageTestLoopVariants:LanguageTesterTestLoopVariants;
> >>>>>> - public var languageTestArraySort:LanguageTesterArraySort;
> >>>>>> - public var languageTesttryCatch:LanguageTesterTestTryCatch;
> >>>>>> + [After]
> >>>>>> + public function tearDown():void
> >>>>>> + {
> >>>>>> + }
> >>>>>>
> >>>>>> - //core tests
> >>>>>> - public var strandTesterTest:StrandTesterTest;
> >>>>>> - public var binaryDataTesterTest:BinaryDataTesterTest;
> >>>>>> - public var arrayUtilsTest:ArrayUtilsTest;
> >>>>>> - public var dateUtilsTest:DateUtilsTest;
> >>>>>> - public var keyConverterTest:KeyConverterTest;
> >>>>>> - public var
> >> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>>>>> - public var stringUtilsTest:StringUtilsTest;
> >>>>>> + [BeforeClass]
> >>>>>> + public static function setUpBeforeClass():void
> >>>>>> + {
> >>>>>> + }
> >>>>>> +
> >>>>>> + [AfterClass]
> >>>>>> + public static function tearDownAfterClass():void
> >>>>>> + {
> >>>>>> + }
> >>>>>> +
> >>>>>> + [Test]
> >>>>>> + public function testHTML():void
> >>>>>> + {
> >>>>>> + var safeHtml:String = 'Hello <em>World</em>';
> >>>>>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
> >>>>>> + }
> >>>>>> +
> >>>>>> + [Test]
> >>>>>> + public function testUrl():void
> >>>>>> + {
> >>>>>> + var safeUrl:String = "https://foobaz.com <
> >> https://foobaz.com/>"
> >>>>>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
> >>>>>> + }
> >>>>>> +
> >>>>>> +
> >>>>>> +
> >>>>>> }
> >>>>>> }
> >>>>>
> >>>>
> >>>
> >>
> >>
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
Thanks for responding.
Yes. I tried to add the definitions here.
https://github.com/apache/royale-typedefs/tree/feature/sanitize/GCL/src/main/royale/goog/html <https://github.com/apache/royale-typedefs/tree/feature/sanitize/GCL/src/main/royale/goog/html>
It helped to get the type definitions in https://github.com/apache/royale-asjs/blob/1b12594c60420d3503f9e366f314c9d875e16ddb/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as <https://github.com/apache/royale-asjs/blob/1b12594c60420d3503f9e366f314c9d875e16ddb/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as>
But the goog.html files were not referenced in the JS output. I also changed the script that extracts the goog js files, but that did not help.
Basically, GCL is like a regular swc library in that JS files are needed, but it’s like a typedef file in that the JS doesn’t come from the swc (IFAICT). I’m struggling to understand how the compiler builds the dependencies from GCL.swc…
Thanks,
Harbs
> On Dec 14, 2021, at 8:11 PM, Josh Tynjala <jo...@bowlerhat.dev> wrote:
>
> It looks like the GCL typedefs are defined here:
>
> https://github.com/apache/royale-typedefs/tree/develop/GCL/src/main/royale/goog
>
> I think that so far we've included only the classes that we use in the
> framework, so if you need something that we haven't used before, you can
> add it here. It'll get included in the GCL .swc file, and then you can use
> it in AS3/MXML.
>
> --
> Josh Tynjala
> Bowler Hat LLC <https://bowlerhat.dev>
>
>
> On Tue, Dec 14, 2021 at 9:42 AM Harbs <ha...@gmail.com> wrote:
>
>> Bump.
>>
>> I’m stuck on this issue. I need to understand how the GCL library works
>> for me to finish the sanitize functions.
>>
>> Thanks,
>> Harbs
>>
>>> On Dec 13, 2021, at 2:50 PM, Harbs <ha...@gmail.com> wrote:
>>>
>>> I created a page about swcs:
>> https://apache.github.io/royale-docs/libraries/library-basics <
>> https://apache.github.io/royale-docs/libraries/library-basics>
>>>
>>> I added a paragraph about the GCL swc, but I’m really not very clear on
>> how it works...
>>>
>>>> On Dec 12, 2021, at 5:46 PM, Harbs <harbs.lists@gmail.com <mailto:
>> harbs.lists@gmail.com>> wrote:
>>>>
>>>> I spent some more time on this, but I’m not sure how to get the
>> compiler to realize that we need the goog files.
>>>>
>>>> For Event we have this:
>>>>
>>>> goog.addDependency('../../../org/apache/royale/events/Event.js',
>> ['org.apache.royale.events.Event'], ['goog.events.Event',
>> 'org.apache.royale.events.IRoyaleEvent']);
>>>>
>>>> But Royale Event subclasses goog.events.Event.
>>>>
>>>> How do I tell the compiler that
>> org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl ?
>>>>
>>>> The same for org.apache.royale.utils.string.sanitizeHtml with
>> goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
>>>>
>>>> Alex? Josh? Greg?
>>>>
>>>> Thanks,
>>>> Harbs
>>>>
>>>>> On Dec 12, 2021, at 2:13 AM, Harbs <harbs.lists@gmail.com <mailto:
>> harbs.lists@gmail.com>> wrote:
>>>>>
>>>>> I added code for sanitizing, but it’s not working because the
>> goog.html files are not being copied. I don’t know what needs to be done to
>> make that happen.
>>>>>
>>>>> Harbs
>>>>>
>>>>>> On Dec 12, 2021, at 2:12 AM, harbs@apache.org <mailto:
>> harbs@apache.org> wrote:
>>>>>>
>>>>>> This is an automated email from the ASF dual-hosted git repository.
>>>>>>
>>>>>> harbs pushed a commit to branch feature/sanitize
>>>>>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git <
>> https://gitbox.apache.org/repos/asf/royale-asjs.git>
>>>>>>
>>>>>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
>>>>>> Author: Harbs <harbs@in-tools.com <ma...@in-tools.com>>
>>>>>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
>>>>>>
>>>>>> Added sanitizeUrl and sanitizeHtml
>>>>>> ---
>>>>>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
>>>>>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++
>>>>>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++
>>>>>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
>>>>>> .../{CoreTester.as => SanitizeTest.as} | 59
>> ++++++++++++++--------
>>>>>> 5 files changed, 115 insertions(+), 21 deletions(-)
>>>>>>
>>>>>> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>>>>> index 21593fd..dd088eb 100644
>>>>>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>>>>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>>>>> @@ -342,6 +342,8 @@ internal class CoreClasses
>>>>>> import org.apache.royale.utils.string.trimRight; trimRight;
>>>>>> import org.apache.royale.utils.string.trimLeft; trimLeft;
>>>>>> import org.apache.royale.utils.string.cacheBust; cacheBust;
>>>>>> + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
>>>>>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
>>>>>>
>>>>>> import org.apache.royale.utils.date.addDays; addDays;
>>>>>> import org.apache.royale.utils.date.addHours; addHours;
>>>>>> diff --git
>> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>>>>> new file mode 100644
>>>>>> index 0000000..360ef63
>>>>>> --- /dev/null
>>>>>> +++
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>>>>> @@ -0,0 +1,38 @@
>>>>>>
>> +////////////////////////////////////////////////////////////////////////////////
>>>>>> +//
>>>>>> +// Licensed to the Apache Software Foundation (ASF) under one or
>> more
>>>>>> +// contributor license agreements. See the NOTICE file distributed
>> with
>>>>>> +// this work for additional information regarding copyright
>> ownership.
>>>>>> +// The ASF licenses this file to You under the Apache License,
>> Version 2.0
>>>>>> +// (the "License"); you may not use this file except in compliance
>> with
>>>>>> +// the License. You may obtain a copy of the License at
>>>>>> +//
>>>>>> +// http://www.apache.org/licenses/LICENSE-2.0 <
>> http://www.apache.org/licenses/LICENSE-2.0>
>>>>>> +//
>>>>>> +// Unless required by applicable law or agreed to in writing,
>> software
>>>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>>>>>> +// See the License for the specific language governing permissions
>> and
>>>>>> +// limitations under the License.
>>>>>> +//
>>>>>>
>> +////////////////////////////////////////////////////////////////////////////////
>>>>>> +package org.apache.royale.utils.string
>>>>>> +{
>>>>>> + COMPILE::JS{
>>>>>> + import goog.html.sanitizer.HtmlSanitizer;
>>>>>> + import goog.html.SafeHtml;
>>>>>> + }
>>>>>> +
>>>>>> + public function sanitizeHtml(html:String):String
>>>>>> + {
>>>>>> + COMPILE::JS
>>>>>> + {
>>>>>> + return
>> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
>>>>>> + }
>>>>>> + //TODO sanitize in swf
>>>>>> + COMPILE::SWF
>>>>>> + {
>>>>>> + return html;
>>>>>> + }
>>>>>> + }
>>>>>> +}
>>>>>> \ No newline at end of file
>>>>>> diff --git
>> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>>>>> new file mode 100644
>>>>>> index 0000000..cd4151d
>>>>>> --- /dev/null
>>>>>> +++
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>>>>> @@ -0,0 +1,36 @@
>>>>>>
>> +////////////////////////////////////////////////////////////////////////////////
>>>>>> +//
>>>>>> +// Licensed to the Apache Software Foundation (ASF) under one or
>> more
>>>>>> +// contributor license agreements. See the NOTICE file distributed
>> with
>>>>>> +// this work for additional information regarding copyright
>> ownership.
>>>>>> +// The ASF licenses this file to You under the Apache License,
>> Version 2.0
>>>>>> +// (the "License"); you may not use this file except in compliance
>> with
>>>>>> +// the License. You may obtain a copy of the License at
>>>>>> +//
>>>>>> +// http://www.apache.org/licenses/LICENSE-2.0 <
>> http://www.apache.org/licenses/LICENSE-2.0>
>>>>>> +//
>>>>>> +// Unless required by applicable law or agreed to in writing,
>> software
>>>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>>>>>> +// See the License for the specific language governing permissions
>> and
>>>>>> +// limitations under the License.
>>>>>> +//
>>>>>>
>> +////////////////////////////////////////////////////////////////////////////////
>>>>>> +package org.apache.royale.utils.string
>>>>>> +{
>>>>>> + COMPILE::JS{
>>>>>> + import goog.html.SafeUrl;
>>>>>> + import goog.html.SafeUrl;
>>>>>> + }
>>>>>> + public function sanitizeUrl(url:String):String
>>>>>> + {
>>>>>> + COMPILE::JS{
>>>>>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
>>>>>> + }
>>>>>> +
>>>>>> + //TODO sanitize in swf
>>>>>> + COMPILE::SWF{
>>>>>> + return url;
>>>>>> + }
>>>>>> + }
>>>>>> +}
>>>>>> \ No newline at end of file
>>>>>> diff --git
>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>>>> index c8adc02..9441daf 100644
>>>>>> ---
>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>>>> +++
>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>>>> @@ -42,5 +42,6 @@ package flexUnitTests
>>>>>> public var keyConverterTest:KeyConverterTest;
>>>>>> public var
>> keyboardEventConverterTest:KeyboardEventConverterTest;
>>>>>> public var stringUtilsTest:StringUtilsTest;
>>>>>> + public var sanitizerTest:SanitizeTest;
>>>>>> }
>>>>>> }
>>>>>> diff --git
>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>>>>> similarity index 50%
>>>>>> copy from
>> frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>>>> copy to
>> frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>>>>> index c8adc02..7173f52 100644
>>>>>> ---
>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>>>> +++
>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>>>>> @@ -18,29 +18,46 @@
>>>>>>
>> ////////////////////////////////////////////////////////////////////////////////
>>>>>> package flexUnitTests
>>>>>> {
>>>>>> - import flexUnitTests.language.*
>>>>>> + import org.apache.royale.utils.string.*;
>>>>>> + import org.apache.royale.test.asserts.*;
>>>>>>
>>>>>> - [Suite]
>>>>>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
>>>>>> - public class CoreTester
>>>>>> - {
>>>>>> + public class SanitizeTest
>>>>>> + {
>>>>>> + [Before]
>>>>>> + public function setUp():void
>>>>>> + {
>>>>>> + }
>>>>>>
>>>>>> - //language tests
>>>>>> - public var languageTestIs:LanguageTesterTestIs;
>>>>>> - public var languageTestIntUint:LanguageTesterIntUint;
>>>>>> - public var languageTestVector:LanguageTesterTestVector;
>>>>>> - public var languageTestClass:LanguageTesterTestClass;
>>>>>> - public var
>> languageTestLoopVariants:LanguageTesterTestLoopVariants;
>>>>>> - public var languageTestArraySort:LanguageTesterArraySort;
>>>>>> - public var languageTesttryCatch:LanguageTesterTestTryCatch;
>>>>>> + [After]
>>>>>> + public function tearDown():void
>>>>>> + {
>>>>>> + }
>>>>>>
>>>>>> - //core tests
>>>>>> - public var strandTesterTest:StrandTesterTest;
>>>>>> - public var binaryDataTesterTest:BinaryDataTesterTest;
>>>>>> - public var arrayUtilsTest:ArrayUtilsTest;
>>>>>> - public var dateUtilsTest:DateUtilsTest;
>>>>>> - public var keyConverterTest:KeyConverterTest;
>>>>>> - public var
>> keyboardEventConverterTest:KeyboardEventConverterTest;
>>>>>> - public var stringUtilsTest:StringUtilsTest;
>>>>>> + [BeforeClass]
>>>>>> + public static function setUpBeforeClass():void
>>>>>> + {
>>>>>> + }
>>>>>> +
>>>>>> + [AfterClass]
>>>>>> + public static function tearDownAfterClass():void
>>>>>> + {
>>>>>> + }
>>>>>> +
>>>>>> + [Test]
>>>>>> + public function testHTML():void
>>>>>> + {
>>>>>> + var safeHtml:String = 'Hello <em>World</em>';
>>>>>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
>>>>>> + }
>>>>>> +
>>>>>> + [Test]
>>>>>> + public function testUrl():void
>>>>>> + {
>>>>>> + var safeUrl:String = "https://foobaz.com <
>> https://foobaz.com/>"
>>>>>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
>>>>>> + }
>>>>>> +
>>>>>> +
>>>>>> +
>>>>>> }
>>>>>> }
>>>>>
>>>>
>>>
>>
>>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Josh Tynjala <jo...@bowlerhat.dev>.
It looks like the GCL typedefs are defined here:
https://github.com/apache/royale-typedefs/tree/develop/GCL/src/main/royale/goog
I think that so far we've included only the classes that we use in the
framework, so if you need something that we haven't used before, you can
add it here. It'll get included in the GCL .swc file, and then you can use
it in AS3/MXML.
--
Josh Tynjala
Bowler Hat LLC <https://bowlerhat.dev>
On Tue, Dec 14, 2021 at 9:42 AM Harbs <ha...@gmail.com> wrote:
> Bump.
>
> I’m stuck on this issue. I need to understand how the GCL library works
> for me to finish the sanitize functions.
>
> Thanks,
> Harbs
>
> > On Dec 13, 2021, at 2:50 PM, Harbs <ha...@gmail.com> wrote:
> >
> > I created a page about swcs:
> https://apache.github.io/royale-docs/libraries/library-basics <
> https://apache.github.io/royale-docs/libraries/library-basics>
> >
> > I added a paragraph about the GCL swc, but I’m really not very clear on
> how it works...
> >
> >> On Dec 12, 2021, at 5:46 PM, Harbs <harbs.lists@gmail.com <mailto:
> harbs.lists@gmail.com>> wrote:
> >>
> >> I spent some more time on this, but I’m not sure how to get the
> compiler to realize that we need the goog files.
> >>
> >> For Event we have this:
> >>
> >> goog.addDependency('../../../org/apache/royale/events/Event.js',
> ['org.apache.royale.events.Event'], ['goog.events.Event',
> 'org.apache.royale.events.IRoyaleEvent']);
> >>
> >> But Royale Event subclasses goog.events.Event.
> >>
> >> How do I tell the compiler that
> org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl ?
> >>
> >> The same for org.apache.royale.utils.string.sanitizeHtml with
> goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
> >>
> >> Alex? Josh? Greg?
> >>
> >> Thanks,
> >> Harbs
> >>
> >>> On Dec 12, 2021, at 2:13 AM, Harbs <harbs.lists@gmail.com <mailto:
> harbs.lists@gmail.com>> wrote:
> >>>
> >>> I added code for sanitizing, but it’s not working because the
> goog.html files are not being copied. I don’t know what needs to be done to
> make that happen.
> >>>
> >>> Harbs
> >>>
> >>>> On Dec 12, 2021, at 2:12 AM, harbs@apache.org <mailto:
> harbs@apache.org> wrote:
> >>>>
> >>>> This is an automated email from the ASF dual-hosted git repository.
> >>>>
> >>>> harbs pushed a commit to branch feature/sanitize
> >>>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git <
> https://gitbox.apache.org/repos/asf/royale-asjs.git>
> >>>>
> >>>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
> >>>> Author: Harbs <harbs@in-tools.com <ma...@in-tools.com>>
> >>>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
> >>>>
> >>>> Added sanitizeUrl and sanitizeHtml
> >>>> ---
> >>>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
> >>>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++
> >>>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++
> >>>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
> >>>> .../{CoreTester.as => SanitizeTest.as} | 59
> ++++++++++++++--------
> >>>> 5 files changed, 115 insertions(+), 21 deletions(-)
> >>>>
> >>>> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>> index 21593fd..dd088eb 100644
> >>>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>> @@ -342,6 +342,8 @@ internal class CoreClasses
> >>>> import org.apache.royale.utils.string.trimRight; trimRight;
> >>>> import org.apache.royale.utils.string.trimLeft; trimLeft;
> >>>> import org.apache.royale.utils.string.cacheBust; cacheBust;
> >>>> + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
> >>>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
> >>>>
> >>>> import org.apache.royale.utils.date.addDays; addDays;
> >>>> import org.apache.royale.utils.date.addHours; addHours;
> >>>> diff --git
> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>> new file mode 100644
> >>>> index 0000000..360ef63
> >>>> --- /dev/null
> >>>> +++
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>> @@ -0,0 +1,38 @@
> >>>>
> +////////////////////////////////////////////////////////////////////////////////
> >>>> +//
> >>>> +// Licensed to the Apache Software Foundation (ASF) under one or
> more
> >>>> +// contributor license agreements. See the NOTICE file distributed
> with
> >>>> +// this work for additional information regarding copyright
> ownership.
> >>>> +// The ASF licenses this file to You under the Apache License,
> Version 2.0
> >>>> +// (the "License"); you may not use this file except in compliance
> with
> >>>> +// the License. You may obtain a copy of the License at
> >>>> +//
> >>>> +// http://www.apache.org/licenses/LICENSE-2.0 <
> http://www.apache.org/licenses/LICENSE-2.0>
> >>>> +//
> >>>> +// Unless required by applicable law or agreed to in writing,
> software
> >>>> +// distributed under the License is distributed on an "AS IS" BASIS,
> >>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> >>>> +// See the License for the specific language governing permissions
> and
> >>>> +// limitations under the License.
> >>>> +//
> >>>>
> +////////////////////////////////////////////////////////////////////////////////
> >>>> +package org.apache.royale.utils.string
> >>>> +{
> >>>> + COMPILE::JS{
> >>>> + import goog.html.sanitizer.HtmlSanitizer;
> >>>> + import goog.html.SafeHtml;
> >>>> + }
> >>>> +
> >>>> + public function sanitizeHtml(html:String):String
> >>>> + {
> >>>> + COMPILE::JS
> >>>> + {
> >>>> + return
> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
> >>>> + }
> >>>> + //TODO sanitize in swf
> >>>> + COMPILE::SWF
> >>>> + {
> >>>> + return html;
> >>>> + }
> >>>> + }
> >>>> +}
> >>>> \ No newline at end of file
> >>>> diff --git
> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>> new file mode 100644
> >>>> index 0000000..cd4151d
> >>>> --- /dev/null
> >>>> +++
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>> @@ -0,0 +1,36 @@
> >>>>
> +////////////////////////////////////////////////////////////////////////////////
> >>>> +//
> >>>> +// Licensed to the Apache Software Foundation (ASF) under one or
> more
> >>>> +// contributor license agreements. See the NOTICE file distributed
> with
> >>>> +// this work for additional information regarding copyright
> ownership.
> >>>> +// The ASF licenses this file to You under the Apache License,
> Version 2.0
> >>>> +// (the "License"); you may not use this file except in compliance
> with
> >>>> +// the License. You may obtain a copy of the License at
> >>>> +//
> >>>> +// http://www.apache.org/licenses/LICENSE-2.0 <
> http://www.apache.org/licenses/LICENSE-2.0>
> >>>> +//
> >>>> +// Unless required by applicable law or agreed to in writing,
> software
> >>>> +// distributed under the License is distributed on an "AS IS" BASIS,
> >>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> >>>> +// See the License for the specific language governing permissions
> and
> >>>> +// limitations under the License.
> >>>> +//
> >>>>
> +////////////////////////////////////////////////////////////////////////////////
> >>>> +package org.apache.royale.utils.string
> >>>> +{
> >>>> + COMPILE::JS{
> >>>> + import goog.html.SafeUrl;
> >>>> + import goog.html.SafeUrl;
> >>>> + }
> >>>> + public function sanitizeUrl(url:String):String
> >>>> + {
> >>>> + COMPILE::JS{
> >>>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
> >>>> + }
> >>>> +
> >>>> + //TODO sanitize in swf
> >>>> + COMPILE::SWF{
> >>>> + return url;
> >>>> + }
> >>>> + }
> >>>> +}
> >>>> \ No newline at end of file
> >>>> diff --git
> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>> index c8adc02..9441daf 100644
> >>>> ---
> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>> +++
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>> @@ -42,5 +42,6 @@ package flexUnitTests
> >>>> public var keyConverterTest:KeyConverterTest;
> >>>> public var
> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>>> public var stringUtilsTest:StringUtilsTest;
> >>>> + public var sanitizerTest:SanitizeTest;
> >>>> }
> >>>> }
> >>>> diff --git
> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>> similarity index 50%
> >>>> copy from
> frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>> copy to
> frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>> index c8adc02..7173f52 100644
> >>>> ---
> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>> +++
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>> @@ -18,29 +18,46 @@
> >>>>
> ////////////////////////////////////////////////////////////////////////////////
> >>>> package flexUnitTests
> >>>> {
> >>>> - import flexUnitTests.language.*
> >>>> + import org.apache.royale.utils.string.*;
> >>>> + import org.apache.royale.test.asserts.*;
> >>>>
> >>>> - [Suite]
> >>>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
> >>>> - public class CoreTester
> >>>> - {
> >>>> + public class SanitizeTest
> >>>> + {
> >>>> + [Before]
> >>>> + public function setUp():void
> >>>> + {
> >>>> + }
> >>>>
> >>>> - //language tests
> >>>> - public var languageTestIs:LanguageTesterTestIs;
> >>>> - public var languageTestIntUint:LanguageTesterIntUint;
> >>>> - public var languageTestVector:LanguageTesterTestVector;
> >>>> - public var languageTestClass:LanguageTesterTestClass;
> >>>> - public var
> languageTestLoopVariants:LanguageTesterTestLoopVariants;
> >>>> - public var languageTestArraySort:LanguageTesterArraySort;
> >>>> - public var languageTesttryCatch:LanguageTesterTestTryCatch;
> >>>> + [After]
> >>>> + public function tearDown():void
> >>>> + {
> >>>> + }
> >>>>
> >>>> - //core tests
> >>>> - public var strandTesterTest:StrandTesterTest;
> >>>> - public var binaryDataTesterTest:BinaryDataTesterTest;
> >>>> - public var arrayUtilsTest:ArrayUtilsTest;
> >>>> - public var dateUtilsTest:DateUtilsTest;
> >>>> - public var keyConverterTest:KeyConverterTest;
> >>>> - public var
> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>>> - public var stringUtilsTest:StringUtilsTest;
> >>>> + [BeforeClass]
> >>>> + public static function setUpBeforeClass():void
> >>>> + {
> >>>> + }
> >>>> +
> >>>> + [AfterClass]
> >>>> + public static function tearDownAfterClass():void
> >>>> + {
> >>>> + }
> >>>> +
> >>>> + [Test]
> >>>> + public function testHTML():void
> >>>> + {
> >>>> + var safeHtml:String = 'Hello <em>World</em>';
> >>>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
> >>>> + }
> >>>> +
> >>>> + [Test]
> >>>> + public function testUrl():void
> >>>> + {
> >>>> + var safeUrl:String = "https://foobaz.com <
> https://foobaz.com/>"
> >>>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
> >>>> + }
> >>>> +
> >>>> +
> >>>> +
> >>>> }
> >>>> }
> >>>
> >>
> >
>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
Bump.
I’m stuck on this issue. I need to understand how the GCL library works for me to finish the sanitize functions.
Thanks,
Harbs
> On Dec 13, 2021, at 2:50 PM, Harbs <ha...@gmail.com> wrote:
>
> I created a page about swcs: https://apache.github.io/royale-docs/libraries/library-basics <https://apache.github.io/royale-docs/libraries/library-basics>
>
> I added a paragraph about the GCL swc, but I’m really not very clear on how it works...
>
>> On Dec 12, 2021, at 5:46 PM, Harbs <harbs.lists@gmail.com <ma...@gmail.com>> wrote:
>>
>> I spent some more time on this, but I’m not sure how to get the compiler to realize that we need the goog files.
>>
>> For Event we have this:
>>
>> goog.addDependency('../../../org/apache/royale/events/Event.js', ['org.apache.royale.events.Event'], ['goog.events.Event', 'org.apache.royale.events.IRoyaleEvent']);
>>
>> But Royale Event subclasses goog.events.Event.
>>
>> How do I tell the compiler that org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl ?
>>
>> The same for org.apache.royale.utils.string.sanitizeHtml with goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
>>
>> Alex? Josh? Greg?
>>
>> Thanks,
>> Harbs
>>
>>> On Dec 12, 2021, at 2:13 AM, Harbs <harbs.lists@gmail.com <ma...@gmail.com>> wrote:
>>>
>>> I added code for sanitizing, but it’s not working because the goog.html files are not being copied. I don’t know what needs to be done to make that happen.
>>>
>>> Harbs
>>>
>>>> On Dec 12, 2021, at 2:12 AM, harbs@apache.org <ma...@apache.org> wrote:
>>>>
>>>> This is an automated email from the ASF dual-hosted git repository.
>>>>
>>>> harbs pushed a commit to branch feature/sanitize
>>>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git <https://gitbox.apache.org/repos/asf/royale-asjs.git>
>>>>
>>>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
>>>> Author: Harbs <harbs@in-tools.com <ma...@in-tools.com>>
>>>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
>>>>
>>>> Added sanitizeUrl and sanitizeHtml
>>>> ---
>>>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
>>>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++
>>>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++
>>>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
>>>> .../{CoreTester.as => SanitizeTest.as} | 59 ++++++++++++++--------
>>>> 5 files changed, 115 insertions(+), 21 deletions(-)
>>>>
>>>> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>>> index 21593fd..dd088eb 100644
>>>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>>> @@ -342,6 +342,8 @@ internal class CoreClasses
>>>> import org.apache.royale.utils.string.trimRight; trimRight;
>>>> import org.apache.royale.utils.string.trimLeft; trimLeft;
>>>> import org.apache.royale.utils.string.cacheBust; cacheBust;
>>>> + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
>>>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
>>>>
>>>> import org.apache.royale.utils.date.addDays; addDays;
>>>> import org.apache.royale.utils.date.addHours; addHours;
>>>> diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>>> new file mode 100644
>>>> index 0000000..360ef63
>>>> --- /dev/null
>>>> +++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>>> @@ -0,0 +1,38 @@
>>>> +////////////////////////////////////////////////////////////////////////////////
>>>> +//
>>>> +// Licensed to the Apache Software Foundation (ASF) under one or more
>>>> +// contributor license agreements. See the NOTICE file distributed with
>>>> +// this work for additional information regarding copyright ownership.
>>>> +// The ASF licenses this file to You under the Apache License, Version 2.0
>>>> +// (the "License"); you may not use this file except in compliance with
>>>> +// the License. You may obtain a copy of the License at
>>>> +//
>>>> +// http://www.apache.org/licenses/LICENSE-2.0 <http://www.apache.org/licenses/LICENSE-2.0>
>>>> +//
>>>> +// Unless required by applicable law or agreed to in writing, software
>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>>> +// See the License for the specific language governing permissions and
>>>> +// limitations under the License.
>>>> +//
>>>> +////////////////////////////////////////////////////////////////////////////////
>>>> +package org.apache.royale.utils.string
>>>> +{
>>>> + COMPILE::JS{
>>>> + import goog.html.sanitizer.HtmlSanitizer;
>>>> + import goog.html.SafeHtml;
>>>> + }
>>>> +
>>>> + public function sanitizeHtml(html:String):String
>>>> + {
>>>> + COMPILE::JS
>>>> + {
>>>> + return SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
>>>> + }
>>>> + //TODO sanitize in swf
>>>> + COMPILE::SWF
>>>> + {
>>>> + return html;
>>>> + }
>>>> + }
>>>> +}
>>>> \ No newline at end of file
>>>> diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>>> new file mode 100644
>>>> index 0000000..cd4151d
>>>> --- /dev/null
>>>> +++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>>> @@ -0,0 +1,36 @@
>>>> +////////////////////////////////////////////////////////////////////////////////
>>>> +//
>>>> +// Licensed to the Apache Software Foundation (ASF) under one or more
>>>> +// contributor license agreements. See the NOTICE file distributed with
>>>> +// this work for additional information regarding copyright ownership.
>>>> +// The ASF licenses this file to You under the Apache License, Version 2.0
>>>> +// (the "License"); you may not use this file except in compliance with
>>>> +// the License. You may obtain a copy of the License at
>>>> +//
>>>> +// http://www.apache.org/licenses/LICENSE-2.0 <http://www.apache.org/licenses/LICENSE-2.0>
>>>> +//
>>>> +// Unless required by applicable law or agreed to in writing, software
>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>>> +// See the License for the specific language governing permissions and
>>>> +// limitations under the License.
>>>> +//
>>>> +////////////////////////////////////////////////////////////////////////////////
>>>> +package org.apache.royale.utils.string
>>>> +{
>>>> + COMPILE::JS{
>>>> + import goog.html.SafeUrl;
>>>> + import goog.html.SafeUrl;
>>>> + }
>>>> + public function sanitizeUrl(url:String):String
>>>> + {
>>>> + COMPILE::JS{
>>>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
>>>> + }
>>>> +
>>>> + //TODO sanitize in swf
>>>> + COMPILE::SWF{
>>>> + return url;
>>>> + }
>>>> + }
>>>> +}
>>>> \ No newline at end of file
>>>> diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>> index c8adc02..9441daf 100644
>>>> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>> @@ -42,5 +42,6 @@ package flexUnitTests
>>>> public var keyConverterTest:KeyConverterTest;
>>>> public var keyboardEventConverterTest:KeyboardEventConverterTest;
>>>> public var stringUtilsTest:StringUtilsTest;
>>>> + public var sanitizerTest:SanitizeTest;
>>>> }
>>>> }
>>>> diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>>> similarity index 50%
>>>> copy from frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>> copy to frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>>> index c8adc02..7173f52 100644
>>>> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>>> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>>> @@ -18,29 +18,46 @@
>>>> ////////////////////////////////////////////////////////////////////////////////
>>>> package flexUnitTests
>>>> {
>>>> - import flexUnitTests.language.*
>>>> + import org.apache.royale.utils.string.*;
>>>> + import org.apache.royale.test.asserts.*;
>>>>
>>>> - [Suite]
>>>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
>>>> - public class CoreTester
>>>> - {
>>>> + public class SanitizeTest
>>>> + {
>>>> + [Before]
>>>> + public function setUp():void
>>>> + {
>>>> + }
>>>>
>>>> - //language tests
>>>> - public var languageTestIs:LanguageTesterTestIs;
>>>> - public var languageTestIntUint:LanguageTesterIntUint;
>>>> - public var languageTestVector:LanguageTesterTestVector;
>>>> - public var languageTestClass:LanguageTesterTestClass;
>>>> - public var languageTestLoopVariants:LanguageTesterTestLoopVariants;
>>>> - public var languageTestArraySort:LanguageTesterArraySort;
>>>> - public var languageTesttryCatch:LanguageTesterTestTryCatch;
>>>> + [After]
>>>> + public function tearDown():void
>>>> + {
>>>> + }
>>>>
>>>> - //core tests
>>>> - public var strandTesterTest:StrandTesterTest;
>>>> - public var binaryDataTesterTest:BinaryDataTesterTest;
>>>> - public var arrayUtilsTest:ArrayUtilsTest;
>>>> - public var dateUtilsTest:DateUtilsTest;
>>>> - public var keyConverterTest:KeyConverterTest;
>>>> - public var keyboardEventConverterTest:KeyboardEventConverterTest;
>>>> - public var stringUtilsTest:StringUtilsTest;
>>>> + [BeforeClass]
>>>> + public static function setUpBeforeClass():void
>>>> + {
>>>> + }
>>>> +
>>>> + [AfterClass]
>>>> + public static function tearDownAfterClass():void
>>>> + {
>>>> + }
>>>> +
>>>> + [Test]
>>>> + public function testHTML():void
>>>> + {
>>>> + var safeHtml:String = 'Hello <em>World</em>';
>>>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
>>>> + }
>>>> +
>>>> + [Test]
>>>> + public function testUrl():void
>>>> + {
>>>> + var safeUrl:String = "https://foobaz.com <https://foobaz.com/>"
>>>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
>>>> + }
>>>> +
>>>> +
>>>> +
>>>> }
>>>> }
>>>
>>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
Thanks
> On Dec 14, 2021, at 8:51 PM, Andrew Wetmore <co...@gmail.com> wrote:
>
> I have made some minor text changes to the file, which is a nice addition.
>
> Basically, I made the headings consistently sentence case (they were a mix
> of sentence case and title case), changed passive voice to active voice
> wherever I could, and tweaked a couple of minor things.
>
> a
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Andrew Wetmore <co...@gmail.com>.
I have made some minor text changes to the file, which is a nice addition.
Basically, I made the headings consistently sentence case (they were a mix
of sentence case and title case), changed passive voice to active voice
wherever I could, and tweaked a couple of minor things.
a
On Mon, Dec 13, 2021 at 8:51 AM Harbs <ha...@gmail.com> wrote:
> I created a page about swcs:
> https://apache.github.io/royale-docs/libraries/library-basics <
> https://apache.github.io/royale-docs/libraries/library-basics>
>
> I added a paragraph about the GCL swc, but I’m really not very clear on
> how it works...
>
> > On Dec 12, 2021, at 5:46 PM, Harbs <ha...@gmail.com> wrote:
> >
> > I spent some more time on this, but I’m not sure how to get the compiler
> to realize that we need the goog files.
> >
> > For Event we have this:
> >
> > goog.addDependency('../../../org/apache/royale/events/Event.js',
> ['org.apache.royale.events.Event'], ['goog.events.Event',
> 'org.apache.royale.events.IRoyaleEvent']);
> >
> > But Royale Event subclasses goog.events.Event.
> >
> > How do I tell the compiler that
> org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl ?
> >
> > The same for org.apache.royale.utils.string.sanitizeHtml with
> goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
> >
> > Alex? Josh? Greg?
> >
> > Thanks,
> > Harbs
> >
> >> On Dec 12, 2021, at 2:13 AM, Harbs <ha...@gmail.com> wrote:
> >>
> >> I added code for sanitizing, but it’s not working because the goog.html
> files are not being copied. I don’t know what needs to be done to make that
> happen.
> >>
> >> Harbs
> >>
> >>> On Dec 12, 2021, at 2:12 AM, harbs@apache.org wrote:
> >>>
> >>> This is an automated email from the ASF dual-hosted git repository.
> >>>
> >>> harbs pushed a commit to branch feature/sanitize
> >>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git
> >>>
> >>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
> >>> Author: Harbs <ha...@in-tools.com>
> >>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
> >>>
> >>> Added sanitizeUrl and sanitizeHtml
> >>> ---
> >>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
> >>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++
> >>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++
> >>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
> >>> .../{CoreTester.as => SanitizeTest.as} | 59
> ++++++++++++++--------
> >>> 5 files changed, 115 insertions(+), 21 deletions(-)
> >>>
> >>> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>> index 21593fd..dd088eb 100644
> >>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>> @@ -342,6 +342,8 @@ internal class CoreClasses
> >>> import org.apache.royale.utils.string.trimRight; trimRight;
> >>> import org.apache.royale.utils.string.trimLeft; trimLeft;
> >>> import org.apache.royale.utils.string.cacheBust; cacheBust;
> >>> + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
> >>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
> >>>
> >>> import org.apache.royale.utils.date.addDays; addDays;
> >>> import org.apache.royale.utils.date.addHours; addHours;
> >>> diff --git
> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>> new file mode 100644
> >>> index 0000000..360ef63
> >>> --- /dev/null
> >>> +++
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>> @@ -0,0 +1,38 @@
> >>>
> +////////////////////////////////////////////////////////////////////////////////
> >>> +//
> >>> +// Licensed to the Apache Software Foundation (ASF) under one or more
> >>> +// contributor license agreements. See the NOTICE file distributed
> with
> >>> +// this work for additional information regarding copyright
> ownership.
> >>> +// The ASF licenses this file to You under the Apache License,
> Version 2.0
> >>> +// (the "License"); you may not use this file except in compliance
> with
> >>> +// the License. You may obtain a copy of the License at
> >>> +//
> >>> +// http://www.apache.org/licenses/LICENSE-2.0
> >>> +//
> >>> +// Unless required by applicable law or agreed to in writing,
> software
> >>> +// distributed under the License is distributed on an "AS IS" BASIS,
> >>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> >>> +// See the License for the specific language governing permissions
> and
> >>> +// limitations under the License.
> >>> +//
> >>>
> +////////////////////////////////////////////////////////////////////////////////
> >>> +package org.apache.royale.utils.string
> >>> +{
> >>> + COMPILE::JS{
> >>> + import goog.html.sanitizer.HtmlSanitizer;
> >>> + import goog.html.SafeHtml;
> >>> + }
> >>> +
> >>> + public function sanitizeHtml(html:String):String
> >>> + {
> >>> + COMPILE::JS
> >>> + {
> >>> + return
> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
> >>> + }
> >>> + //TODO sanitize in swf
> >>> + COMPILE::SWF
> >>> + {
> >>> + return html;
> >>> + }
> >>> + }
> >>> +}
> >>> \ No newline at end of file
> >>> diff --git
> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>> new file mode 100644
> >>> index 0000000..cd4151d
> >>> --- /dev/null
> >>> +++
> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>> @@ -0,0 +1,36 @@
> >>>
> +////////////////////////////////////////////////////////////////////////////////
> >>> +//
> >>> +// Licensed to the Apache Software Foundation (ASF) under one or more
> >>> +// contributor license agreements. See the NOTICE file distributed
> with
> >>> +// this work for additional information regarding copyright
> ownership.
> >>> +// The ASF licenses this file to You under the Apache License,
> Version 2.0
> >>> +// (the "License"); you may not use this file except in compliance
> with
> >>> +// the License. You may obtain a copy of the License at
> >>> +//
> >>> +// http://www.apache.org/licenses/LICENSE-2.0
> >>> +//
> >>> +// Unless required by applicable law or agreed to in writing,
> software
> >>> +// distributed under the License is distributed on an "AS IS" BASIS,
> >>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> >>> +// See the License for the specific language governing permissions
> and
> >>> +// limitations under the License.
> >>> +//
> >>>
> +////////////////////////////////////////////////////////////////////////////////
> >>> +package org.apache.royale.utils.string
> >>> +{
> >>> + COMPILE::JS{
> >>> + import goog.html.SafeUrl;
> >>> + import goog.html.SafeUrl;
> >>> + }
> >>> + public function sanitizeUrl(url:String):String
> >>> + {
> >>> + COMPILE::JS{
> >>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
> >>> + }
> >>> +
> >>> + //TODO sanitize in swf
> >>> + COMPILE::SWF{
> >>> + return url;
> >>> + }
> >>> + }
> >>> +}
> >>> \ No newline at end of file
> >>> diff --git
> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>> index c8adc02..9441daf 100644
> >>> ---
> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>> +++
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>> @@ -42,5 +42,6 @@ package flexUnitTests
> >>> public var keyConverterTest:KeyConverterTest;
> >>> public var keyboardEventConverterTest:KeyboardEventConverterTest;
> >>> public var stringUtilsTest:StringUtilsTest;
> >>> + public var sanitizerTest:SanitizeTest;
> >>> }
> >>> }
> >>> diff --git
> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>> similarity index 50%
> >>> copy from
> frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>> copy to
> frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>> index c8adc02..7173f52 100644
> >>> ---
> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>> +++
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>> @@ -18,29 +18,46 @@
> >>>
> ////////////////////////////////////////////////////////////////////////////////
> >>> package flexUnitTests
> >>> {
> >>> - import flexUnitTests.language.*
> >>> + import org.apache.royale.utils.string.*;
> >>> + import org.apache.royale.test.asserts.*;
> >>>
> >>> - [Suite]
> >>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
> >>> - public class CoreTester
> >>> - {
> >>> + public class SanitizeTest
> >>> + {
> >>> + [Before]
> >>> + public function setUp():void
> >>> + {
> >>> + }
> >>>
> >>> - //language tests
> >>> - public var languageTestIs:LanguageTesterTestIs;
> >>> - public var languageTestIntUint:LanguageTesterIntUint;
> >>> - public var languageTestVector:LanguageTesterTestVector;
> >>> - public var languageTestClass:LanguageTesterTestClass;
> >>> - public var
> languageTestLoopVariants:LanguageTesterTestLoopVariants;
> >>> - public var languageTestArraySort:LanguageTesterArraySort;
> >>> - public var languageTesttryCatch:LanguageTesterTestTryCatch;
> >>> + [After]
> >>> + public function tearDown():void
> >>> + {
> >>> + }
> >>>
> >>> - //core tests
> >>> - public var strandTesterTest:StrandTesterTest;
> >>> - public var binaryDataTesterTest:BinaryDataTesterTest;
> >>> - public var arrayUtilsTest:ArrayUtilsTest;
> >>> - public var dateUtilsTest:DateUtilsTest;
> >>> - public var keyConverterTest:KeyConverterTest;
> >>> - public var
> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>> - public var stringUtilsTest:StringUtilsTest;
> >>> + [BeforeClass]
> >>> + public static function setUpBeforeClass():void
> >>> + {
> >>> + }
> >>> +
> >>> + [AfterClass]
> >>> + public static function tearDownAfterClass():void
> >>> + {
> >>> + }
> >>> +
> >>> + [Test]
> >>> + public function testHTML():void
> >>> + {
> >>> + var safeHtml:String = 'Hello <em>World</em>';
> >>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
> >>> + }
> >>> +
> >>> + [Test]
> >>> + public function testUrl():void
> >>> + {
> >>> + var safeUrl:String = "https://foobaz.com"
> >>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
> >>> + }
> >>> +
> >>> +
> >>> +
> >>> }
> >>> }
> >>
> >
>
>
--
Andrew Wetmore
Editor, Moose House Publications <https://moosehousepress.com/>
Editor-Writer, The Apache Software Foundation <https://apache.org/>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
I created a page about swcs: https://apache.github.io/royale-docs/libraries/library-basics <https://apache.github.io/royale-docs/libraries/library-basics>
I added a paragraph about the GCL swc, but I’m really not very clear on how it works...
> On Dec 12, 2021, at 5:46 PM, Harbs <ha...@gmail.com> wrote:
>
> I spent some more time on this, but I’m not sure how to get the compiler to realize that we need the goog files.
>
> For Event we have this:
>
> goog.addDependency('../../../org/apache/royale/events/Event.js', ['org.apache.royale.events.Event'], ['goog.events.Event', 'org.apache.royale.events.IRoyaleEvent']);
>
> But Royale Event subclasses goog.events.Event.
>
> How do I tell the compiler that org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl ?
>
> The same for org.apache.royale.utils.string.sanitizeHtml with goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
>
> Alex? Josh? Greg?
>
> Thanks,
> Harbs
>
>> On Dec 12, 2021, at 2:13 AM, Harbs <ha...@gmail.com> wrote:
>>
>> I added code for sanitizing, but it’s not working because the goog.html files are not being copied. I don’t know what needs to be done to make that happen.
>>
>> Harbs
>>
>>> On Dec 12, 2021, at 2:12 AM, harbs@apache.org wrote:
>>>
>>> This is an automated email from the ASF dual-hosted git repository.
>>>
>>> harbs pushed a commit to branch feature/sanitize
>>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git
>>>
>>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
>>> Author: Harbs <ha...@in-tools.com>
>>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
>>>
>>> Added sanitizeUrl and sanitizeHtml
>>> ---
>>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
>>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++
>>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++
>>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
>>> .../{CoreTester.as => SanitizeTest.as} | 59 ++++++++++++++--------
>>> 5 files changed, 115 insertions(+), 21 deletions(-)
>>>
>>> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>> index 21593fd..dd088eb 100644
>>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>>> @@ -342,6 +342,8 @@ internal class CoreClasses
>>> import org.apache.royale.utils.string.trimRight; trimRight;
>>> import org.apache.royale.utils.string.trimLeft; trimLeft;
>>> import org.apache.royale.utils.string.cacheBust; cacheBust;
>>> + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
>>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
>>>
>>> import org.apache.royale.utils.date.addDays; addDays;
>>> import org.apache.royale.utils.date.addHours; addHours;
>>> diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>> new file mode 100644
>>> index 0000000..360ef63
>>> --- /dev/null
>>> +++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>> @@ -0,0 +1,38 @@
>>> +////////////////////////////////////////////////////////////////////////////////
>>> +//
>>> +// Licensed to the Apache Software Foundation (ASF) under one or more
>>> +// contributor license agreements. See the NOTICE file distributed with
>>> +// this work for additional information regarding copyright ownership.
>>> +// The ASF licenses this file to You under the Apache License, Version 2.0
>>> +// (the "License"); you may not use this file except in compliance with
>>> +// the License. You may obtain a copy of the License at
>>> +//
>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>> +//
>>> +// Unless required by applicable law or agreed to in writing, software
>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>> +// See the License for the specific language governing permissions and
>>> +// limitations under the License.
>>> +//
>>> +////////////////////////////////////////////////////////////////////////////////
>>> +package org.apache.royale.utils.string
>>> +{
>>> + COMPILE::JS{
>>> + import goog.html.sanitizer.HtmlSanitizer;
>>> + import goog.html.SafeHtml;
>>> + }
>>> +
>>> + public function sanitizeHtml(html:String):String
>>> + {
>>> + COMPILE::JS
>>> + {
>>> + return SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
>>> + }
>>> + //TODO sanitize in swf
>>> + COMPILE::SWF
>>> + {
>>> + return html;
>>> + }
>>> + }
>>> +}
>>> \ No newline at end of file
>>> diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>> new file mode 100644
>>> index 0000000..cd4151d
>>> --- /dev/null
>>> +++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>> @@ -0,0 +1,36 @@
>>> +////////////////////////////////////////////////////////////////////////////////
>>> +//
>>> +// Licensed to the Apache Software Foundation (ASF) under one or more
>>> +// contributor license agreements. See the NOTICE file distributed with
>>> +// this work for additional information regarding copyright ownership.
>>> +// The ASF licenses this file to You under the Apache License, Version 2.0
>>> +// (the "License"); you may not use this file except in compliance with
>>> +// the License. You may obtain a copy of the License at
>>> +//
>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>> +//
>>> +// Unless required by applicable law or agreed to in writing, software
>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>> +// See the License for the specific language governing permissions and
>>> +// limitations under the License.
>>> +//
>>> +////////////////////////////////////////////////////////////////////////////////
>>> +package org.apache.royale.utils.string
>>> +{
>>> + COMPILE::JS{
>>> + import goog.html.SafeUrl;
>>> + import goog.html.SafeUrl;
>>> + }
>>> + public function sanitizeUrl(url:String):String
>>> + {
>>> + COMPILE::JS{
>>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
>>> + }
>>> +
>>> + //TODO sanitize in swf
>>> + COMPILE::SWF{
>>> + return url;
>>> + }
>>> + }
>>> +}
>>> \ No newline at end of file
>>> diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>> index c8adc02..9441daf 100644
>>> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>> @@ -42,5 +42,6 @@ package flexUnitTests
>>> public var keyConverterTest:KeyConverterTest;
>>> public var keyboardEventConverterTest:KeyboardEventConverterTest;
>>> public var stringUtilsTest:StringUtilsTest;
>>> + public var sanitizerTest:SanitizeTest;
>>> }
>>> }
>>> diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>> similarity index 50%
>>> copy from frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>> copy to frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>> index c8adc02..7173f52 100644
>>> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>>> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>>> @@ -18,29 +18,46 @@
>>> ////////////////////////////////////////////////////////////////////////////////
>>> package flexUnitTests
>>> {
>>> - import flexUnitTests.language.*
>>> + import org.apache.royale.utils.string.*;
>>> + import org.apache.royale.test.asserts.*;
>>>
>>> - [Suite]
>>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
>>> - public class CoreTester
>>> - {
>>> + public class SanitizeTest
>>> + {
>>> + [Before]
>>> + public function setUp():void
>>> + {
>>> + }
>>>
>>> - //language tests
>>> - public var languageTestIs:LanguageTesterTestIs;
>>> - public var languageTestIntUint:LanguageTesterIntUint;
>>> - public var languageTestVector:LanguageTesterTestVector;
>>> - public var languageTestClass:LanguageTesterTestClass;
>>> - public var languageTestLoopVariants:LanguageTesterTestLoopVariants;
>>> - public var languageTestArraySort:LanguageTesterArraySort;
>>> - public var languageTesttryCatch:LanguageTesterTestTryCatch;
>>> + [After]
>>> + public function tearDown():void
>>> + {
>>> + }
>>>
>>> - //core tests
>>> - public var strandTesterTest:StrandTesterTest;
>>> - public var binaryDataTesterTest:BinaryDataTesterTest;
>>> - public var arrayUtilsTest:ArrayUtilsTest;
>>> - public var dateUtilsTest:DateUtilsTest;
>>> - public var keyConverterTest:KeyConverterTest;
>>> - public var keyboardEventConverterTest:KeyboardEventConverterTest;
>>> - public var stringUtilsTest:StringUtilsTest;
>>> + [BeforeClass]
>>> + public static function setUpBeforeClass():void
>>> + {
>>> + }
>>> +
>>> + [AfterClass]
>>> + public static function tearDownAfterClass():void
>>> + {
>>> + }
>>> +
>>> + [Test]
>>> + public function testHTML():void
>>> + {
>>> + var safeHtml:String = 'Hello <em>World</em>';
>>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
>>> + }
>>> +
>>> + [Test]
>>> + public function testUrl():void
>>> + {
>>> + var safeUrl:String = "https://foobaz.com"
>>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
>>> + }
>>> +
>>> +
>>> +
>>> }
>>> }
>>
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
I spent some more time on this, but I’m not sure how to get the compiler to realize that we need the goog files.
For Event we have this:
goog.addDependency('../../../org/apache/royale/events/Event.js', ['org.apache.royale.events.Event'], ['goog.events.Event', 'org.apache.royale.events.IRoyaleEvent']);
But Royale Event subclasses goog.events.Event.
How do I tell the compiler that org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl ?
The same for org.apache.royale.utils.string.sanitizeHtml with goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
Alex? Josh? Greg?
Thanks,
Harbs
> On Dec 12, 2021, at 2:13 AM, Harbs <ha...@gmail.com> wrote:
>
> I added code for sanitizing, but it’s not working because the goog.html files are not being copied. I don’t know what needs to be done to make that happen.
>
> Harbs
>
>> On Dec 12, 2021, at 2:12 AM, harbs@apache.org wrote:
>>
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> harbs pushed a commit to branch feature/sanitize
>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git
>>
>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
>> Author: Harbs <ha...@in-tools.com>
>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
>>
>> Added sanitizeUrl and sanitizeHtml
>> ---
>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++
>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++
>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
>> .../{CoreTester.as => SanitizeTest.as} | 59 ++++++++++++++--------
>> 5 files changed, 115 insertions(+), 21 deletions(-)
>>
>> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> index 21593fd..dd088eb 100644
>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> @@ -342,6 +342,8 @@ internal class CoreClasses
>> import org.apache.royale.utils.string.trimRight; trimRight;
>> import org.apache.royale.utils.string.trimLeft; trimLeft;
>> import org.apache.royale.utils.string.cacheBust; cacheBust;
>> + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
>>
>> import org.apache.royale.utils.date.addDays; addDays;
>> import org.apache.royale.utils.date.addHours; addHours;
>> diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>> new file mode 100644
>> index 0000000..360ef63
>> --- /dev/null
>> +++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>> @@ -0,0 +1,38 @@
>> +////////////////////////////////////////////////////////////////////////////////
>> +//
>> +// Licensed to the Apache Software Foundation (ASF) under one or more
>> +// contributor license agreements. See the NOTICE file distributed with
>> +// this work for additional information regarding copyright ownership.
>> +// The ASF licenses this file to You under the Apache License, Version 2.0
>> +// (the "License"); you may not use this file except in compliance with
>> +// the License. You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +//
>> +////////////////////////////////////////////////////////////////////////////////
>> +package org.apache.royale.utils.string
>> +{
>> + COMPILE::JS{
>> + import goog.html.sanitizer.HtmlSanitizer;
>> + import goog.html.SafeHtml;
>> + }
>> +
>> + public function sanitizeHtml(html:String):String
>> + {
>> + COMPILE::JS
>> + {
>> + return SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
>> + }
>> + //TODO sanitize in swf
>> + COMPILE::SWF
>> + {
>> + return html;
>> + }
>> + }
>> +}
>> \ No newline at end of file
>> diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>> new file mode 100644
>> index 0000000..cd4151d
>> --- /dev/null
>> +++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>> @@ -0,0 +1,36 @@
>> +////////////////////////////////////////////////////////////////////////////////
>> +//
>> +// Licensed to the Apache Software Foundation (ASF) under one or more
>> +// contributor license agreements. See the NOTICE file distributed with
>> +// this work for additional information regarding copyright ownership.
>> +// The ASF licenses this file to You under the Apache License, Version 2.0
>> +// (the "License"); you may not use this file except in compliance with
>> +// the License. You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +//
>> +////////////////////////////////////////////////////////////////////////////////
>> +package org.apache.royale.utils.string
>> +{
>> + COMPILE::JS{
>> + import goog.html.SafeUrl;
>> + import goog.html.SafeUrl;
>> + }
>> + public function sanitizeUrl(url:String):String
>> + {
>> + COMPILE::JS{
>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
>> + }
>> +
>> + //TODO sanitize in swf
>> + COMPILE::SWF{
>> + return url;
>> + }
>> + }
>> +}
>> \ No newline at end of file
>> diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> index c8adc02..9441daf 100644
>> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> @@ -42,5 +42,6 @@ package flexUnitTests
>> public var keyConverterTest:KeyConverterTest;
>> public var keyboardEventConverterTest:KeyboardEventConverterTest;
>> public var stringUtilsTest:StringUtilsTest;
>> + public var sanitizerTest:SanitizeTest;
>> }
>> }
>> diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>> similarity index 50%
>> copy from frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> copy to frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>> index c8adc02..7173f52 100644
>> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>> @@ -18,29 +18,46 @@
>> ////////////////////////////////////////////////////////////////////////////////
>> package flexUnitTests
>> {
>> - import flexUnitTests.language.*
>> + import org.apache.royale.utils.string.*;
>> + import org.apache.royale.test.asserts.*;
>>
>> - [Suite]
>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
>> - public class CoreTester
>> - {
>> + public class SanitizeTest
>> + {
>> + [Before]
>> + public function setUp():void
>> + {
>> + }
>>
>> - //language tests
>> - public var languageTestIs:LanguageTesterTestIs;
>> - public var languageTestIntUint:LanguageTesterIntUint;
>> - public var languageTestVector:LanguageTesterTestVector;
>> - public var languageTestClass:LanguageTesterTestClass;
>> - public var languageTestLoopVariants:LanguageTesterTestLoopVariants;
>> - public var languageTestArraySort:LanguageTesterArraySort;
>> - public var languageTesttryCatch:LanguageTesterTestTryCatch;
>> + [After]
>> + public function tearDown():void
>> + {
>> + }
>>
>> - //core tests
>> - public var strandTesterTest:StrandTesterTest;
>> - public var binaryDataTesterTest:BinaryDataTesterTest;
>> - public var arrayUtilsTest:ArrayUtilsTest;
>> - public var dateUtilsTest:DateUtilsTest;
>> - public var keyConverterTest:KeyConverterTest;
>> - public var keyboardEventConverterTest:KeyboardEventConverterTest;
>> - public var stringUtilsTest:StringUtilsTest;
>> + [BeforeClass]
>> + public static function setUpBeforeClass():void
>> + {
>> + }
>> +
>> + [AfterClass]
>> + public static function tearDownAfterClass():void
>> + {
>> + }
>> +
>> + [Test]
>> + public function testHTML():void
>> + {
>> + var safeHtml:String = 'Hello <em>World</em>';
>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
>> + }
>> +
>> + [Test]
>> + public function testUrl():void
>> + {
>> + var safeUrl:String = "https://foobaz.com"
>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
>> + }
>> +
>> +
>> +
>> }
>> }
>
Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml
Posted by Harbs <ha...@gmail.com>.
I added code for sanitizing, but it’s not working because the goog.html files are not being copied. I don’t know what needs to be done to make that happen.
Harbs
> On Dec 12, 2021, at 2:12 AM, harbs@apache.org wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> harbs pushed a commit to branch feature/sanitize
> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git
>
> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
> Author: Harbs <ha...@in-tools.com>
> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
>
> Added sanitizeUrl and sanitizeHtml
> ---
> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
> .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++
> .../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++
> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
> .../{CoreTester.as => SanitizeTest.as} | 59 ++++++++++++++--------
> 5 files changed, 115 insertions(+), 21 deletions(-)
>
> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> index 21593fd..dd088eb 100644
> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> @@ -342,6 +342,8 @@ internal class CoreClasses
> import org.apache.royale.utils.string.trimRight; trimRight;
> import org.apache.royale.utils.string.trimLeft; trimLeft;
> import org.apache.royale.utils.string.cacheBust; cacheBust;
> + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
>
> import org.apache.royale.utils.date.addDays; addDays;
> import org.apache.royale.utils.date.addHours; addHours;
> diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> new file mode 100644
> index 0000000..360ef63
> --- /dev/null
> +++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> @@ -0,0 +1,38 @@
> +////////////////////////////////////////////////////////////////////////////////
> +//
> +// Licensed to the Apache Software Foundation (ASF) under one or more
> +// contributor license agreements. See the NOTICE file distributed with
> +// this work for additional information regarding copyright ownership.
> +// The ASF licenses this file to You under the Apache License, Version 2.0
> +// (the "License"); you may not use this file except in compliance with
> +// the License. You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +//
> +////////////////////////////////////////////////////////////////////////////////
> +package org.apache.royale.utils.string
> +{
> + COMPILE::JS{
> + import goog.html.sanitizer.HtmlSanitizer;
> + import goog.html.SafeHtml;
> + }
> +
> + public function sanitizeHtml(html:String):String
> + {
> + COMPILE::JS
> + {
> + return SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
> + }
> + //TODO sanitize in swf
> + COMPILE::SWF
> + {
> + return html;
> + }
> + }
> +}
> \ No newline at end of file
> diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> new file mode 100644
> index 0000000..cd4151d
> --- /dev/null
> +++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> @@ -0,0 +1,36 @@
> +////////////////////////////////////////////////////////////////////////////////
> +//
> +// Licensed to the Apache Software Foundation (ASF) under one or more
> +// contributor license agreements. See the NOTICE file distributed with
> +// this work for additional information regarding copyright ownership.
> +// The ASF licenses this file to You under the Apache License, Version 2.0
> +// (the "License"); you may not use this file except in compliance with
> +// the License. You may obtain a copy of the License at
> +//
> +// http://www.apache.org/licenses/LICENSE-2.0
> +//
> +// Unless required by applicable law or agreed to in writing, software
> +// distributed under the License is distributed on an "AS IS" BASIS,
> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +// See the License for the specific language governing permissions and
> +// limitations under the License.
> +//
> +////////////////////////////////////////////////////////////////////////////////
> +package org.apache.royale.utils.string
> +{
> + COMPILE::JS{
> + import goog.html.SafeUrl;
> + import goog.html.SafeUrl;
> + }
> + public function sanitizeUrl(url:String):String
> + {
> + COMPILE::JS{
> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
> + }
> +
> + //TODO sanitize in swf
> + COMPILE::SWF{
> + return url;
> + }
> + }
> +}
> \ No newline at end of file
> diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> index c8adc02..9441daf 100644
> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> @@ -42,5 +42,6 @@ package flexUnitTests
> public var keyConverterTest:KeyConverterTest;
> public var keyboardEventConverterTest:KeyboardEventConverterTest;
> public var stringUtilsTest:StringUtilsTest;
> + public var sanitizerTest:SanitizeTest;
> }
> }
> diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> similarity index 50%
> copy from frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> copy to frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> index c8adc02..7173f52 100644
> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> @@ -18,29 +18,46 @@
> ////////////////////////////////////////////////////////////////////////////////
> package flexUnitTests
> {
> - import flexUnitTests.language.*
> + import org.apache.royale.utils.string.*;
> + import org.apache.royale.test.asserts.*;
>
> - [Suite]
> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
> - public class CoreTester
> - {
> + public class SanitizeTest
> + {
> + [Before]
> + public function setUp():void
> + {
> + }
>
> - //language tests
> - public var languageTestIs:LanguageTesterTestIs;
> - public var languageTestIntUint:LanguageTesterIntUint;
> - public var languageTestVector:LanguageTesterTestVector;
> - public var languageTestClass:LanguageTesterTestClass;
> - public var languageTestLoopVariants:LanguageTesterTestLoopVariants;
> - public var languageTestArraySort:LanguageTesterArraySort;
> - public var languageTesttryCatch:LanguageTesterTestTryCatch;
> + [After]
> + public function tearDown():void
> + {
> + }
>
> - //core tests
> - public var strandTesterTest:StrandTesterTest;
> - public var binaryDataTesterTest:BinaryDataTesterTest;
> - public var arrayUtilsTest:ArrayUtilsTest;
> - public var dateUtilsTest:DateUtilsTest;
> - public var keyConverterTest:KeyConverterTest;
> - public var keyboardEventConverterTest:KeyboardEventConverterTest;
> - public var stringUtilsTest:StringUtilsTest;
> + [BeforeClass]
> + public static function setUpBeforeClass():void
> + {
> + }
> +
> + [AfterClass]
> + public static function tearDownAfterClass():void
> + {
> + }
> +
> + [Test]
> + public function testHTML():void
> + {
> + var safeHtml:String = 'Hello <em>World</em>';
> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
> + }
> +
> + [Test]
> + public function testUrl():void
> + {
> + var safeUrl:String = "https://foobaz.com"
> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
> + }
> +
> +
> +
> }
> }