com.google.gwt.safecss.shared.SafeStylesUtils
|
GWT 2.3.0 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public final class SafeStylesUtils
Utility class containing static methods for creating SafeStyles.
| Method Summary | |
|---|---|
static SafeStyles |
fromTrustedString(java.lang.String s)
Returns a SafeStyles constructed from a trusted string, i.e.,
without escaping the string. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Method Detail |
|---|
public static SafeStyles fromTrustedString(java.lang.String s)
Returns a SafeStyles constructed from a trusted string, i.e.,
without escaping the string. No checks are performed. The calling code
should be carefully reviewed to ensure the argument meets the
SafeStyles contract.
Generally, SafeStyles should be of the form
cssPropertyName:value;, where neither the name nor the value
contain malicious scripts.
SafeStyles may never contain literal angle brackets. Otherwise, it
could be unsafe to place a SafeStyles into a <style> tag
(where it can't be HTML escaped). For example, if the SafeStyles
containing "
font: 'foo <style><script>evil</script>'" is
used in a style sheet in a <style> tag, this could then break out of
the style context into HTML.
The following example values comply with this type's contract:
width: 1em;height:1em;width: 1em;height: 1em;background:url('http://url');The following example values do not comply with this type's contract:
background: red (missing a trailing semi-colon)background: (missing a value and a trailing semi-colon)1em (missing an attribute name, which provides context for the value)
s - the input String
SafeStyles instance
|
GWT 2.3.0 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||