labs.html

Classes

goog.labs.html.Sanitizer
A sanitizer that converts untrusted, messy HTML into more regular HTML that cannot abuse high-authority constructs like the ability to execute arbitrary JavaScript.

Public Protected Private

Global Functions

goog.labs.html.attributeRewriterPresubmitWorkaround()
g4 presubmit complains about requires of this file because its clients don't use any symbols from it outside JSCompiler comment annotations. genjsdeps.sh doesn't generate the right dependency graph unless this file is required. Clients can mention this noop.
code »

Global Properties

goog.labs.html.AttributeRewriter :
A function that takes an attribute value, and returns a safe value.

Since rewriters can be chained, a rewriter must be able to accept the output of another rewriter, instead of just a string though a rewriter that coerces its input to a string before checking its safety will fail safe.

The meaning of the result is:

nullUnsafe. The attribute should not be output.
a stringThe plain text (not HTML-entity encoded) of a safe attribute value.
a goog.html.SafeHtmlA fragment that is safe to be included as embedded HTML as in <iframe srchtml="...">.
a goog.html.SafeUrlA URL that does not need to be further checked against the URL white-list.
a goog.html.SafeStyleA safe value for a style="..." attribute.

Implementations are responsible for making sure that "safe" complies with the contract established by the safe string types in goog.html.

Code »
goog.labs.html.AttributeValue :
The type of an attribute value.

Many HTML attributes contain structured data like URLs, CSS, or even entire HTML documents, so the type is a union of several variants.

Code »
goog.labs.html.SanitizerTest :
No description.
Code »
goog.labs.html.scrubber :
No description.
Code »

Package labs

Package Reference