@Immutable @JsType public final class SafeHtml extends Object
A SafeHtml is a string-like object that carries the security type contract that its value as a string will not cause untrusted script execution when evaluated as HTML in a browser.
Values of this type are guaranteed to be safe to use in HTML contexts, such as, assignment to the innerHTML DOM property, or interpolation into a HTML template in HTML PC_DATA context, in the sense that the use will not result in a Cross-Site-Scripting vulnerability.
Modifier and Type | Field and Description |
---|---|
static SafeHtml |
EMPTY
The SafeHtml wrapping an empty string.
|
Modifier and Type | Method and Description |
---|---|
boolean |
equals(Object other) |
String |
getSafeHtmlString()
Returns this value's underlying string.
|
int |
hashCode() |
String |
toString()
Returns a debug representation of this value's underlying string, NOT the string representation
of the SafeHtml.
|
public static final SafeHtml EMPTY
public String toString()
Having toString()
return a debug representation is intentional. This type has
a GWT-compiled JavaScript version; JavaScript has no static typing and a distinct method
method name provides a modicum of type-safety.
toString
in class Object
getSafeHtmlString()
public String getSafeHtmlString()