/** * Creates a new SafeHtml which contains, in order, the string representations of the given * {@code htmls}. */ public static SafeHtml concat(SafeHtml... htmls) { return concat(Arrays.asList(htmls)); }
/** * Converts, by HTML-escaping, an arbitrary string into a contract-compliant {@link SafeHtml}. */ public static SafeHtml htmlEscape(String text) { return create(htmlEscapeInternal(text)); }
/** * Creates a {@link SafeHtmlProto} wrapping the given {@code string}. No validation is performed. * * <p>If possible please use the production API in * {@link com.google.common.html.types.SafeHtmls} * instead. */ public static SafeHtmlProto newSafeHtmlProtoForTest(String string) { return SafeHtmls.toProto(newSafeHtmlForTest(string)); }
/** * Wraps a SafeScript inside a <script type="text/javascript"> tag. */ public static SafeHtml fromScript(SafeScript script) { return create("<script type=\"text/javascript\">" + script.getSafeScriptString() + "</script>"); }
/** Converts a {@link SafeHtmlProto} into a Soy {@link SanitizedContent} of kind HTML. */ public static SanitizedContent fromSafeHtmlProto(SafeHtmlProto html) { return SanitizedContent.create(SafeHtmls.fromProto(html).getSafeHtmlString(), ContentKind.HTML); }
/** * HTML-escapes and appends {@code text} to this element's content. * * @throws IllegalStateException if this builder represents a void element */ public SafeHtmlBuilder escapeAndAppendContent(String text) { // htmlEscape() unicode coerces in non-portable version. return appendContent(SafeHtmls.htmlEscape(text)); }
/** * Converts a Soy {@link SanitizedContent} of kind HTML into a {@link SafeHtmlProto}. * * @throws IllegalStateException if this SanitizedContent's content kind is not {@link * ContentKind#HTML}. */ public SafeHtmlProto toSafeHtmlProto() { Preconditions.checkState( getContentKind() == ContentKind.HTML, "toSafeHtmlProto() only valid for SanitizedContent of kind HTML, is: %s", getContentKind()); return SafeHtmls.toProto( UncheckedConversions.safeHtmlFromStringKnownToSatisfyTypeContract(getContent())); }
/** * Deserializes a SafeHtmlProto into a SafeHtml instance. * * <p>Protocol-message forms are intended to be opaque. The fields of the protocol message should * be considered encapsulated and are not intended for direct inspection or manipulation. Protocol * message forms of this type should be produced by {@link #toProto(SafeHtml)} or its * equivalent in other implementation languages. * * <p><b>Important:</b> It is unsafe to invoke this method on a protocol message that has been * received from an entity outside the application's trust domain. Data coming from the browser * is outside the application's trust domain. */ public static SafeHtml fromProto(SafeHtmlProto proto) { return create(proto.getPrivateDoNotAccessOrElseSafeHtmlWrappedValue()); }
/** Converts a {@link SafeHtmlProto} into a Soy {@link SanitizedContent} of kind HTML. */ public static SanitizedContent fromSafeHtmlProto(SafeHtmlProto html) { return SanitizedContent.create(SafeHtmls.fromProto(html).getSafeHtmlString(), ContentKind.HTML); }
/** * Converts an arbitrary string into an HTML comment by HTML-escaping the contents and embedding * the result between HTML comment markers. * * <p>Escaping is needed because Internet Explorer supports conditional comments and so may render * HTML markup within comments. */ public static SafeHtml comment(String text) { return create("<!--" + htmlEscapeInternal(text) + "-->"); }
/** * Converts a Soy {@link SanitizedContent} of kind HTML into a {@link SafeHtmlProto}. * * @throws IllegalStateException if this SanitizedContent's content kind is not {@link * ContentKind#HTML}. */ public SafeHtmlProto toSafeHtmlProto() { Preconditions.checkState( getContentKind() == ContentKind.HTML, "toSafeHtmlProto() only valid for SanitizedContent of kind HTML, is: %s", getContentKind()); return SafeHtmls.toProto( UncheckedConversions.safeHtmlFromStringKnownToSatisfyTypeContract(getContent())); }
/** * Wraps a SafeStyleSheet inside a <style type="text/css"> tag. */ public static SafeHtml fromStyleSheet(SafeStyleSheet safeStyleSheet) { Preconditions.checkArgument(!safeStyleSheet.getSafeStyleSheetString().contains("<")); return create("<style type=\"text/css\">" + safeStyleSheet.getSafeStyleSheetString() + "</style>"); }
/** * Creates a <script type="text/javascript" src="<i>url</i>"><script> where the * {@code src} attribute points to the given {@code trustedResourceUrl}. * The tag has a nonce attribute populated from the provided CSP nonce value. */ public static SafeHtml fromScriptUrlWithCspNonce(TrustedResourceUrl trustedResourceUrl, String cspNonce) { String escapedUrl = htmlEscapeInternal(trustedResourceUrl.getTrustedResourceUrlString()); return create("<script type=\"text/javascript\" nonce=\"" + htmlEscapeInternal(cspNonce) + "\" src=\"" + escapedUrl + "\"></script>"); }
/** * Creates a new SafeHtml which contains, in order, the string representations of the given * {@code htmls}. */ public static SafeHtml concat(Iterable<SafeHtml> htmls) { int concatLength = 0; for (SafeHtml html : htmls) { concatLength += html.getSafeHtmlString().length(); } StringBuilder result = new StringBuilder(concatLength); for (SafeHtml html : htmls) { result.append(html.getSafeHtmlString()); } return create(result.toString()); }
/** * Creates a <script defer type="text/javascript" src="<i>url</i>"><script> where the * {@code src} attribute points to the given {@code trustedResourceUrl}. * The tag has a nonce attribute populated from the provided CSP nonce value. */ public static SafeHtml fromScriptUrlWithCspNonceDeferred(TrustedResourceUrl trustedResourceUrl, String cspNonce) { String escapedUrl = htmlEscapeInternal(trustedResourceUrl.getTrustedResourceUrlString()); return create("<script defer type=\"text/javascript\" nonce=\"" + htmlEscapeInternal(cspNonce) + "\" src=\"" + escapedUrl + "\"></script>"); }
@CheckReturnValue public SafeHtml build() { StringBuilder sb = new StringBuilder("<" + elementName); for (Map.Entry<String, String> entry : attributes.entrySet()) { sb.append(" " + entry.getKey() + "=\"" + escapeHtmlInternal(entry.getValue()) + "\""); } boolean isVoid = VOID_ELEMENTS.contains(elementName); if (isVoid && useSlashOnVoid) { sb.append("/"); } sb.append(">"); if (!isVoid) { for (SafeHtml content : contents) { sb.append(content.getSafeHtmlString()); } sb.append("</" + elementName + ">"); } return SafeHtmls.create(sb.toString()); }
/** * Creates a <script type="text/javascript" src="<i>url</i>"><script> where the * {@code src} attribute points to the given {@code trustedResourceUrl}. */ public static SafeHtml fromScriptUrl(TrustedResourceUrl trustedResourceUrl) { String escapedUrl = htmlEscapeInternal(trustedResourceUrl.getTrustedResourceUrlString()); return create("<script type=\"text/javascript\" src=\"" + escapedUrl + "\"></script>"); }
/** * Creates a <script defer type="text/javascript" src="<i>url</i>"><script> where the * {@code src} attribute points to the given {@code trustedResourceUrl}. */ public static SafeHtml fromScriptUrlDeferred(TrustedResourceUrl trustedResourceUrl) { String escapedUrl = htmlEscapeInternal(trustedResourceUrl.getTrustedResourceUrlString()); return create("<script defer type=\"text/javascript\" src=\"" + escapedUrl + "\"></script>"); }
/** * Creates a <style type="text/css" src="<i>url</i>"><style> where the * {@code src} attribute points to the given {@code trustedResourceUrl}. */ public static SafeHtml fromStyleUrl(TrustedResourceUrl trustedResourceUrl) { String escapedUrl = htmlEscapeInternal(trustedResourceUrl.getTrustedResourceUrlString()); return create("<style type=\"text/css\" src=\"" + escapedUrl + "\"></style>"); }
/** * Wraps a SafeScript inside a <script type="text/javascript"> tag. * The tag has a nonce attribute populated from the provided CSP nonce value. */ public static SafeHtml fromScriptWithCspNonce(SafeScript script, String cspNonce) { return create("<script type=\"text/javascript\" nonce=\"" + htmlEscapeInternal(cspNonce) + "\">" + script.getSafeScriptString() + "</script>"); }