attribute_rewriter.js

// Copyright 2014 The Closure Library Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS-IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.


goog.provide('goog.labs.html.AttributeRewriter');
goog.provide('goog.labs.html.AttributeValue');
goog.provide('goog.labs.html.attributeRewriterPresubmitWorkaround');


/**
 * The type of an attribute value.
 * <p>
 * Many HTML attributes contain structured data like URLs, CSS, or even entire
 * HTML documents, so the type is a union of several variants.
 *
 * @typedef {(string |
 *            goog.html.SafeHtml | goog.html.SafeStyle | goog.html.SafeUrl)}
 */
goog.labs.html.AttributeValue;


/**
 * A function that takes an attribute value, and returns a safe value.
 * <p>
 * Since rewriters can be chained, a rewriter must be able to accept the output
 * of another rewriter, instead of just a string though a rewriter that coerces
 * its input to a string before checking its safety will fail safe.
 * <p>
 * The meaning of the result is:
 * <table>
 *   <tr><td>{@code null}</td>
 *       <td>Unsafe.  The attribute should not be output.</tr>
 *   <tr><td>a string</td>
 *       <td>The plain text (not HTML-entity encoded) of a safe attribute
 *           value.</td>
 *   <tr><td>a {@link goog.html.SafeHtml}</td>
 *       <td>A fragment that is safe to be included as embedded HTML as in
 *           {@code <iframe srchtml="...">}.</td></tr>
 *   <tr><td>a {@link goog.html.SafeUrl}</td>
 *       <td>A URL that does not need to be further checked against the URL
 *           white-list.</td></tr>
 *   <tr><td>a {@link goog.html.SafeStyle}</td>
 *       <td>A safe value for a <code>style="..."</code> attribute.</td></tr>
 * </table>
 * <p>
 * Implementations are responsible for making sure that "safe" complies with
 * the contract established by the safe string types in {@link goog.html}.
 * </p>
 *
 * @typedef {function(goog.labs.html.AttributeValue) :
 *           goog.labs.html.AttributeValue}
 */
goog.labs.html.AttributeRewriter;


/**
 * g4 presubmit complains about requires of this file because its clients
 * don't use any symbols from it outside JSCompiler comment annotations.
 * genjsdeps.sh doesn't generate the right dependency graph unless this
 * file is required.
 * Clients can mention this noop.
 */
goog.labs.html.attributeRewriterPresubmitWorkaround = function() {};