/** * Creates a {@link SafeScriptProto} wrapping the given {@code string}. No validation is * performed. * * <p>If possible please use the production API in * {@link com.google.common.html.types.SafeScripts} * instead. */ public static SafeScriptProto newSafeScriptProtoForTest(String string) { return SafeScripts.toProto(newSafeScriptForTest(string)); }
/** * Creates a SafeScript from the given compile-time constant string {@code script}. */ public static SafeScript fromConstant(@CompileTimeConstant final String script) { if (script.length() == 0) { return SafeScript.EMPTY; } return create(script); }
/** Converts a {@link SafeScriptProto} into a Soy {@link SanitizedContent} of kind JS. */ public static SanitizedContent fromSafeScriptProto(SafeScriptProto script) { return SanitizedContent.create( SafeScripts.fromProto(script).getSafeScriptString(), ContentKind.JS); }
/** Converts a {@link SafeScriptProto} into a Soy {@link SanitizedContent} of kind JS. */ public static SanitizedContent fromSafeScriptProto(SafeScriptProto script) { return SanitizedContent.create( SafeScripts.fromProto(script).getSafeScriptString(), ContentKind.JS); }
/** * Converts a Soy {@link SanitizedContent} of kind JS into a {@link SafeScriptProto}. * * @throws IllegalStateException if this SanitizedContent's content kind is not {@link * ContentKind#JS}. */ public SafeScriptProto toSafeScriptProto() { Preconditions.checkState( getContentKind() == ContentKind.JS, "toSafeScriptProto() only valid for SanitizedContent of kind JS, is: %s", getContentKind()); return SafeScripts.toProto( UncheckedConversions.safeScriptFromStringKnownToSatisfyTypeContract(getContent())); }
/** * Deserializes a SafeScriptProto into a SafeScript instance. * * <p>Protocol-message forms are intended to be opaque. The fields of the protocol message should * be considered encapsulated and are not intended for direct inspection or manipulation. Protocol * message forms of this type should be produced by {@link #toProto(SafeScript)} or its equivalent * in other implementation languages. * * <p><b>Important:</b> It is unsafe to invoke this method on a protocol message that has been * received from an entity outside the application's trust domain. Data coming from the browser * is outside the application's trust domain. */ public static SafeScript fromProto(SafeScriptProto proto) { return create(proto.getPrivateDoNotAccessOrElseSafeScriptWrappedValue()); }
/** * Converts a Soy {@link SanitizedContent} of kind JS into a {@link SafeScriptProto}. * * @throws IllegalStateException if this SanitizedContent's content kind is not {@link * ContentKind#JS}. */ public SafeScriptProto toSafeScriptProto() { Preconditions.checkState( getContentKind() == ContentKind.JS, "toSafeScriptProto() only valid for SanitizedContent of kind JS, is: %s", getContentKind()); return SafeScripts.toProto( UncheckedConversions.safeScriptFromStringKnownToSatisfyTypeContract(getContent())); }
/** * Creates a SafeScript from the given compile-time constant {@code resourceName} using the given * {@code charset}. * * <p>This performs ZERO VALIDATION of the data. We assume that resources should be safe because * they are part of the binary, and therefore not attacker controlled. * * @param contextClass Class relative to which to load the resource. */ @GwtIncompatible("Resources") public static SafeScript fromResource( Class<?> contextClass, @CompileTimeConstant final String resourceName, Charset charset) throws IOException { return create(Resources.toString(Resources.getResource(contextClass, resourceName), charset)); }