/** * Creates a {@link SafeStyleSheet} wrapping the given {@code string}. No validation is performed. * * <p>If possible please use the production API in * {@link com.google.common.html.types.SafeStyleSheets} * instead. */ public static SafeStyleSheet newSafeStyleSheetForTest(String string) { return UncheckedConversions.safeStyleSheetFromStringKnownToSatisfyTypeContract(string); }
/** * Converts a Soy {@link SanitizedContent} of kind CSS into a {@link SafeStyleSheet}. * * <p>To ensure correct behavior and usage, the SanitizedContent object should fulfill the * contract of SafeStyleSheet - the CSS content should represent the top-level content of a style * element within HTML. * * @throws IllegalStateException if this SanitizedContent's content kind is not {@link * ContentKind#CSS}. */ public SafeStyleSheet toSafeStyleSheet() { Preconditions.checkState( getContentKind() == ContentKind.CSS, "toSafeStyleSheet() only valid for SanitizedContent of kind CSS, is: %s", getContentKind()); // Sanity check: Try to prevent accidental misuse when this is not really a stylesheet but // instead just a declaration list (i.e. a SafeStyle). This does fail to accept a stylesheet // that is only a comment or only @imports; if you have a legitimate reason for this, it would // be fine to make this more sophisticated, but in practice it's unlikely and keeping this check // simple helps ensure it is fast. Note that this isn't a true security boundary, but a // best-effort attempt to preserve SafeStyleSheet's semantical guarantees. Preconditions.checkState( getContent().isEmpty() || getContent().indexOf('{') > 0, "Calling toSafeStyleSheet() with content that doesn't look like a stylesheet"); return UncheckedConversions.safeStyleSheetFromStringKnownToSatisfyTypeContract(getContent()); }
/** * Converts a Soy {@link SanitizedContent} of kind CSS into a {@link SafeStyleSheet}. * * <p>To ensure correct behavior and usage, the SanitizedContent object should fulfill the * contract of SafeStyleSheet - the CSS content should represent the top-level content of a style * element within HTML. * * @throws IllegalStateException if this SanitizedContent's content kind is not {@link * ContentKind#CSS}. */ public SafeStyleSheet toSafeStyleSheet() { Preconditions.checkState( getContentKind() == ContentKind.CSS, "toSafeStyleSheet() only valid for SanitizedContent of kind CSS, is: %s", getContentKind()); // Sanity check: Try to prevent accidental misuse when this is not really a stylesheet but // instead just a declaration list (i.e. a SafeStyle). This does fail to accept a stylesheet // that is only a comment or only @imports; if you have a legitimate reason for this, it would // be fine to make this more sophisticated, but in practice it's unlikely and keeping this check // simple helps ensure it is fast. Note that this isn't a true security boundary, but a // best-effort attempt to preserve SafeStyleSheet's semantical guarantees. Preconditions.checkState( getContent().isEmpty() || getContent().indexOf('{') > 0, "Calling toSafeStyleSheet() with content that doesn't look like a stylesheet"); return UncheckedConversions.safeStyleSheetFromStringKnownToSatisfyTypeContract(getContent()); }