![]()
Writes known-safe HTML to a document.
Arguments:
|
code » | |||
![]()
Safely assigns a URL to an anchor element's href property.
If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
anchor's href property. If url is of type string however, it is first
sanitized using goog.html.SafeUrl.sanitize.
Example usage:
goog.dom.safe.setAnchorHref(anchorEl, url);
which is a safe alternative to
anchorEl.href = url;
The latter can result in XSS vulnerabilities if url is a
user-/attacker-controlled value.
Arguments:
|
code » | |||
![]()
Assigns known-safe HTML to an element's innerHTML property.
Arguments:
|
code » | |||
![]()
Safely assigns a URL to a Location object's href property.
If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
loc's href property. If url is of type string however, it is first sanitized
using goog.html.SafeUrl.sanitize.
Example usage:
goog.dom.safe.setLocationHref(document.location, redirectUrl);
which is a safe alternative to
document.location.href = redirectUrl;
The latter can result in XSS vulnerabilities if redirectUrl is a
user-/attacker-controlled value.
Arguments:
|
code » |