/** * Converts the input to the body of a JavaScript string by using {@code \n} style escapes. */ public static String escapeJsString(SoyData value) { if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.JS_STR_CHARS)) { return value.toString(); } return escapeJsString(value.toString()); }
/** * Checks that the input is part of the name of an innocuous element. */ public static String filterHtmlElementName(SoyData value) { return filterHtmlElementName(value.toString()); }
/** * Normalizes HTML to HTML making sure quotes, spaces and other specials are entity encoded * so that the result can be safely embedded in a valueless attribute. */ public static String normalizeHtmlNospace(SoyData value) { return normalizeHtmlNospace(value.toString()); }
@Override public SoyData apply(SoyData value, List<SoyData> args) { return value instanceof StringData ? value : SoyData.createFromExistingData(value.toString()); }
/** * Normalizes HTML to HTML making sure quotes and other specials are entity encoded. */ public static String normalizeHtml(SoyData value) { return normalizeHtml(value.toString()); }
/** * Makes sure that the input is a valid CSS identifier part, CLASS or ID part, quantity, or * CSS keyword part. */ public static String filterCssValue(SoyData value) { if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.CSS)) { return value.toString(); } return NullData.INSTANCE == value ? "" : filterCssValue(value.toString()); }
@Override public SoyData apply(SoyData value, List<SoyData> args) { return SoyData.createFromExistingData( NEWLINE_PATTERN.matcher(value.toString()).replaceAll("<br>")); }
/** * Converts the input to the body of a JavaScript regular expression literal. */ public static String escapeJsRegex(SoyData value) { return escapeJsRegex(value.toString()); }
/** * Converts a piece of URI content to a piece of URI content that can be safely embedded * in an HTML attribute by percent encoding. */ public static String normalizeUri(SoyData value) { return normalizeUri(value.toString()); }
/** * Converts plain text to HTML by entity escaping, stripping tags in sanitized content so the * result can safely be embedded in an unquoted HTML attribute value. */ public static String escapeHtmlAttributeNospace(SoyData value) { if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.HTML)) { // |escapeHtmlAttributeNospace should only be used on attribute values that cannot have tags. return stripHtmlTags(value.toString(), null, false); } return escapeHtmlAttributeNospace(value.toString()); }
/** * Converts the input to HTML by entity escaping, stripping tags in sanitized content so the * result can safely be embedded in an HTML attribute value. */ public static String escapeHtmlAttribute(SoyData value) { if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.HTML)) { // |escapeHtmlAttribute should only be used on attribute values that cannot have tags. return stripHtmlTags(value.toString(), null, true); } return escapeHtmlAttribute(value.toString()); }
/** * Converts the input to HTML suitable for use inside {@code <textarea>} by entity escaping. */ public static String escapeHtmlRcdata(SoyData value) { if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.HTML)) { // We can't allow tags in the output, because that would allow safe HTML containing // "<textarea>" to prematurely close the textarea. // Instead, we normalize which is semantics preserving in RCDATA. return normalizeHtml(value.toString()); } return escapeHtml(value.toString()); }
@Override public SoyData apply(SoyData value, List<SoyData> args) { String str = SoyBidiUtils.getBidiFormatter(bidiGlobalDirProvider.get().getStaticValue()) .unicodeWrap(value.toString(), true); return SoyData.createFromExistingData(str); }
/** * Converts the input to a piece of a URI by percent encoding assuming a UTF-8 encoding. */ public static String escapeUri(SoyData value) { if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.URI)) { return normalizeUri(value); } return escapeUri(value.toString()); }
@Override public SoyData apply(SoyData value, List<SoyData> args) { boolean isHtml = true; String html = SoyBidiUtils.getBidiFormatter(bidiGlobalDirProvider.get().getStaticValue()) .spanWrap(value.toString(), isHtml); // TODO(user): convert to HTML SanitizedContent when isHtml. return SoyData.createFromExistingData(html); }
/** * Makes sure that the given input doesn't specify a dangerous protocol and also * {@link #normalizeUri normalizes} it. */ public static String filterNormalizeUri(SoyData value) { if (isSanitizedContentOfKind(value, SanitizedContent.ContentKind.URI)) { return normalizeUri(value); } return filterNormalizeUri(value.toString()); }
@Override public SoyData apply(SoyData value, List<SoyData> args) { if (value instanceof SanitizedContent) { SanitizedContent sanitizedContent = (SanitizedContent) value; if (sanitizedContent.getContentKind() == SanitizedContent.ContentKind.HTML) { return value; } } return SoyData.createFromExistingData( EscapingConventions.EscapeHtml.INSTANCE.escape(value.toString())); }
public static SoyData $$plus(SoyData operand0, SoyData operand1) { if (operand0 instanceof NumberData && operand1 instanceof NumberData) { if (operand0 instanceof IntegerData && operand1 instanceof IntegerData) { return IntegerData.forValue(operand0.integerValue() + operand1.integerValue()); } else { return FloatData.forValue(operand0.numberValue() + operand1.numberValue()); } } else { // String concatenation. Note we're calling toString() instead of stringValue() in case one // of the operands needs to be coerced to a string. return StringData.forValue(operand0.toString() + operand1.toString()); } }
@Override protected SoyData visitPlusOpNode(PlusOpNode node) { SoyData operand0 = visit(node.getChild(0)); SoyData operand1 = visit(node.getChild(1)); if (operand0 instanceof IntegerData && operand1 instanceof IntegerData) { return convertResult(operand0.integerValue() + operand1.integerValue()); } else if (operand0 instanceof StringData || operand1 instanceof StringData) { // String concatenation. Note we're calling toString() instead of stringValue() in case one // of the operands needs to be coerced to a string. return convertResult(operand0.toString() + operand1.toString()); } else { return convertResult(operand0.numberValue() + operand1.numberValue()); } }