|
GWT 2.7.0 | |||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||
java.lang.Objectcom.google.gwt.safehtml.shared.SafeHtmlUtils
public final class SafeHtmlUtils
Utility class containing static methods for escaping and sanitizing strings.
| Field Summary | |
|---|---|
static SafeHtml |
EMPTY_SAFE_HTML
An empty String. |
| Method Summary | |
|---|---|
static SafeHtml |
fromSafeConstant(java.lang.String s)
Returns a SafeHtml constructed from a safe string, i.e., without escaping
the string. |
static SafeHtml |
fromString(java.lang.String s)
Returns a SafeHtml containing the escaped string. |
static SafeHtml |
fromTrustedString(java.lang.String s)
Returns a SafeHtml constructed from a trusted string, i.e., without
escaping the string. |
static java.lang.String |
htmlEscape(char c)
HTML-escapes a character. |
static java.lang.String |
htmlEscape(java.lang.String s)
HTML-escapes a string. |
static java.lang.String |
htmlEscapeAllowEntities(java.lang.String text)
HTML-escapes a string, but does not double-escape HTML-entities already present in the string. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final SafeHtml EMPTY_SAFE_HTML
| Method Detail |
|---|
public static SafeHtml fromSafeConstant(java.lang.String s)
SafeHtml constructed from a safe string, i.e., without escaping
the string.
Important: For this method to be able to honor the SafeHtml
contract, all uses of this method must satisfy the following constraints:
<a> tag is incomplete:
shb.appendHtmlConstant("<a href='").append(url)
The first constraint provides a sufficient condition that the argument (and
any HTML markup contained in it) originates from a trusted source. The
second constraint ensures the composability of SafeHtml values.
When executing client-side in Development Mode, or server-side with
assertions enabled, the argument is HTML-parsed and validated to satisfy
the second constraint (the server-side check can also be enabled
programmatically, see
SafeHtmlHostedModeUtils.maybeCheckCompleteHtml(String) for
details). For performance reasons, this check is not performed in
Production Mode on the client, and with assertions disabled on the server.
s - the string to be wrapped as a SafeHtml
s, wrapped as a SafeHtml
java.lang.IllegalArgumentException - if not running in Production Mode and
html violates the second constraintpublic static SafeHtml fromString(java.lang.String s)
SafeHtml containing the escaped string.
s - the input String
SafeHtml instancepublic static SafeHtml fromTrustedString(java.lang.String s)
SafeHtml constructed from a trusted string, i.e., without
escaping the string. No checks are performed. The calling code should be
carefully reviewed to ensure the argument meets the SafeHtml contract.
s - the input String
SafeHtml instancepublic static java.lang.String htmlEscape(char c)
& - & < - < > - > " - " ' - '
c - the character to be escaped
public static java.lang.String htmlEscape(java.lang.String s)
s - the string to be escaped
public static java.lang.String htmlEscapeAllowEntities(java.lang.String text)
text - the string to be escaped
|
GWT 2.7.0 | |||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||