You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@royale.apache.org by ha...@apache.org on 2021/12/12 00:12:40 UTC

[royale-typedefs] branch feature/sanitize updated: Added typedefs for sanitize

This is an automated email from the ASF dual-hosted git repository.

harbs pushed a commit to branch feature/sanitize
in repository https://gitbox.apache.org/repos/asf/royale-typedefs.git


The following commit(s) were added to refs/heads/feature/sanitize by this push:
     new 8ee3d53  Added typedefs for sanitize
8ee3d53 is described below

commit 8ee3d5337b901a2d600177f0871e43b7c65bee32
Author: Harbs <ha...@in-tools.com>
AuthorDate: Sun Dec 12 02:12:31 2021 +0200

    Added typedefs for sanitize
---
 GCL/src/main/royale/goog/html/SafeHtml.as          | 25 +++++++++
 GCL/src/main/royale/goog/html/SafeUrl.as           | 65 ++++++++++++++++++++++
 .../royale/goog/html/sanitizer/HtmlSanitizer.as    | 25 +++++++++
 3 files changed, 115 insertions(+)

diff --git a/GCL/src/main/royale/goog/html/SafeHtml.as b/GCL/src/main/royale/goog/html/SafeHtml.as
new file mode 100644
index 0000000..cad4501
--- /dev/null
+++ b/GCL/src/main/royale/goog/html/SafeHtml.as
@@ -0,0 +1,25 @@
+// Copyright 2005 The Closure Library Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS-IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package goog.html
+{
+	/**
+	 * @externs
+	 */
+	public class SafeHtml
+	{
+		public native function SafeHtml();
+		public native static function unwrap(safeHtml:SafeHtml):String;
+
+	}
+}
\ No newline at end of file
diff --git a/GCL/src/main/royale/goog/html/SafeUrl.as b/GCL/src/main/royale/goog/html/SafeUrl.as
new file mode 100644
index 0000000..affa599
--- /dev/null
+++ b/GCL/src/main/royale/goog/html/SafeUrl.as
@@ -0,0 +1,65 @@
+// Copyright 2005 The Closure Library Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS-IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package goog.html
+{
+
+/**
+ * A string that is safe to use in URL context in DOM APIs and HTML documents.
+ *
+ * A SafeUrl is a string-like object that carries the security type contract
+ * that its value as a string will not cause untrusted script execution
+ * when evaluated as a hyperlink URL in a browser.
+ *
+ * Values of this type are guaranteed to be safe to use in URL/hyperlink
+ * contexts, such as assignment to URL-valued DOM properties, in the sense that
+ * the use will not result in a Cross-Site-Scripting vulnerability. Similarly,
+ * SafeUrls can be interpolated into the URL context of an HTML template (e.g.,
+ * inside a href attribute). However, appropriate HTML-escaping must still be
+ * applied.
+ *
+ * Note that, as documented in `goog.html.SafeUrl.unwrap`, this type's
+ * contract does not guarantee that instances are safe to interpolate into HTML
+ * without appropriate escaping.
+ *
+ * Note also that this type's contract does not imply any guarantees regarding
+ * the resource the URL refers to.  In particular, SafeUrls are <b>not</b>
+ * safe to use in a context where the referred-to resource is interpreted as
+ * trusted code, e.g., as the src of a script tag.
+ *
+ * Instances of this type must be created via the factory methods
+ * (`goog.html.SafeUrl.fromConstant`, `goog.html.SafeUrl.sanitize`),
+ * etc and not by invoking its constructor. The constructor intentionally takes
+ * an extra parameter that cannot be constructed outside of this file and the
+ * type is immutable; hence only a default instance corresponding to the empty
+ * string can be obtained via constructor invocation.
+ *
+ * @see goog.html.SafeUrl#fromConstant
+ * @see goog.html.SafeUrl#from
+ * @see goog.html.SafeUrl#sanitize
+ * @externs
+ * @final
+ * @struct
+ * @implements {goog.i18n.bidi.DirectionalString}
+ * @implements {goog.string.TypedString}
+ */
+	public class SafeUrl
+	{
+		public native function SafeUrl(value:String, token:Object);
+		public native static function unwrap(safeUrl:SafeUrl):String;
+		public native static function sanitize(url:String):SafeUrl;
+		public native static function isSafeMimeType(mimeType:String):Boolean;
+		public native static function fromBlob(blob:Blob):SafeUrl;
+		public native static function fromMediaSource(mediaSource:MediaSource):SafeUrl;
+	}
+}
\ No newline at end of file
diff --git a/GCL/src/main/royale/goog/html/sanitizer/HtmlSanitizer.as b/GCL/src/main/royale/goog/html/sanitizer/HtmlSanitizer.as
new file mode 100644
index 0000000..72bf37e
--- /dev/null
+++ b/GCL/src/main/royale/goog/html/sanitizer/HtmlSanitizer.as
@@ -0,0 +1,25 @@
+// Copyright 2005 The Closure Library Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS-IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package goog.html.sanitizer
+{
+	/**
+	 * @externs
+	 */
+	public class HtmlSanitizer
+	{
+		public native function HtmlSanitizer();
+		public native static function sanitize(html:String):SafeUrl;
+
+	}
+}
\ No newline at end of file