I spent some more time on this, but I’m not sure how to get the compiler to
realize that we need the goog files.
For Event we have this:
goog.addDependency('../../../org/apache/royale/events/Event.js',
['org.apache.royale.events.Event'], ['goog.events.Event',
'org.apache.royale.events.IRoyaleEvent']);
But Royale Event subclasses goog.events.Event.
How do I tell the compiler that org.apache.royale.utils.string.sanitizeUrl
requires goog.html.SafeUrl ?
The same for org.apache.royale.utils.string.sanitizeHtml with
goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
Alex? Josh? Greg?
Thanks,
Harbs
> On Dec 12, 2021, at 2:13 AM, Harbs <[email protected]> wrote:
>
> I added code for sanitizing, but it’s not working because the goog.html files
> are not being copied. I don’t know what needs to be done to make that happen.
>
> Harbs
>
>> On Dec 12, 2021, at 2:12 AM, [email protected] wrote:
>>
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> harbs pushed a commit to branch feature/sanitize
>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git
>>
>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
>> Author: Harbs <[email protected]>
>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
>>
>> Added sanitizeUrl and sanitizeHtml
>> ---
>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++
>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++
>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
>> .../{CoreTester.as => SanitizeTest.as} | 59
>> ++++++++++++++--------
>> 5 files changed, 115 insertions(+), 21 deletions(-)
>>
>> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> index 21593fd..dd088eb 100644
>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> @@ -342,6 +342,8 @@ internal class CoreClasses
>> import org.apache.royale.utils.string.trimRight; trimRight;
>> import org.apache.royale.utils.string.trimLeft; trimLeft;
>> import org.apache.royale.utils.string.cacheBust; cacheBust;
>> + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
>> + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
>>
>> import org.apache.royale.utils.date.addDays; addDays;
>> import org.apache.royale.utils.date.addHours; addHours;
>> diff --git
>> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>> new file mode 100644
>> index 0000000..360ef63
>> --- /dev/null
>> +++
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>> @@ -0,0 +1,38 @@
>> +////////////////////////////////////////////////////////////////////////////////
>> +//
>> +// Licensed to the Apache Software Foundation (ASF) under one or more
>> +// contributor license agreements. See the NOTICE file distributed with
>> +// this work for additional information regarding copyright ownership.
>> +// The ASF licenses this file to You under the Apache License, Version 2.0
>> +// (the "License"); you may not use this file except in compliance with
>> +// the License. You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +//
>> +////////////////////////////////////////////////////////////////////////////////
>> +package org.apache.royale.utils.string
>> +{
>> + COMPILE::JS{
>> + import goog.html.sanitizer.HtmlSanitizer;
>> + import goog.html.SafeHtml;
>> + }
>> +
>> + public function sanitizeHtml(html:String):String
>> + {
>> + COMPILE::JS
>> + {
>> + return SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
>> + }
>> + //TODO sanitize in swf
>> + COMPILE::SWF
>> + {
>> + return html;
>> + }
>> + }
>> +}
>> \ No newline at end of file
>> diff --git
>> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>> new file mode 100644
>> index 0000000..cd4151d
>> --- /dev/null
>> +++
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>> @@ -0,0 +1,36 @@
>> +////////////////////////////////////////////////////////////////////////////////
>> +//
>> +// Licensed to the Apache Software Foundation (ASF) under one or more
>> +// contributor license agreements. See the NOTICE file distributed with
>> +// this work for additional information regarding copyright ownership.
>> +// The ASF licenses this file to You under the Apache License, Version 2.0
>> +// (the "License"); you may not use this file except in compliance with
>> +// the License. You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +//
>> +////////////////////////////////////////////////////////////////////////////////
>> +package org.apache.royale.utils.string
>> +{
>> + COMPILE::JS{
>> + import goog.html.SafeUrl;
>> + import goog.html.SafeUrl;
>> + }
>> + public function sanitizeUrl(url:String):String
>> + {
>> + COMPILE::JS{
>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
>> + }
>> +
>> + //TODO sanitize in swf
>> + COMPILE::SWF{
>> + return url;
>> + }
>> + }
>> +}
>> \ No newline at end of file
>> diff --git
>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> index c8adc02..9441daf 100644
>> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> @@ -42,5 +42,6 @@ package flexUnitTests
>> public var keyConverterTest:KeyConverterTest;
>> public var keyboardEventConverterTest:KeyboardEventConverterTest;
>> public var stringUtilsTest:StringUtilsTest;
>> + public var sanitizerTest:SanitizeTest;
>> }
>> }
>> diff --git
>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>> similarity index 50%
>> copy from
>> frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> copy to
>> frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>> index c8adc02..7173f52 100644
>> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>> @@ -18,29 +18,46 @@
>> ////////////////////////////////////////////////////////////////////////////////
>> package flexUnitTests
>> {
>> - import flexUnitTests.language.*
>> + import org.apache.royale.utils.string.*;
>> + import org.apache.royale.test.asserts.*;
>>
>> - [Suite]
>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
>> - public class CoreTester
>> - {
>> + public class SanitizeTest
>> + {
>> + [Before]
>> + public function setUp():void
>> + {
>> + }
>>
>> - //language tests
>> - public var languageTestIs:LanguageTesterTestIs;
>> - public var languageTestIntUint:LanguageTesterIntUint;
>> - public var languageTestVector:LanguageTesterTestVector;
>> - public var languageTestClass:LanguageTesterTestClass;
>> - public var languageTestLoopVariants:LanguageTesterTestLoopVariants;
>> - public var languageTestArraySort:LanguageTesterArraySort;
>> - public var languageTesttryCatch:LanguageTesterTestTryCatch;
>> + [After]
>> + public function tearDown():void
>> + {
>> + }
>>
>> - //core tests
>> - public var strandTesterTest:StrandTesterTest;
>> - public var binaryDataTesterTest:BinaryDataTesterTest;
>> - public var arrayUtilsTest:ArrayUtilsTest;
>> - public var dateUtilsTest:DateUtilsTest;
>> - public var keyConverterTest:KeyConverterTest;
>> - public var keyboardEventConverterTest:KeyboardEventConverterTest;
>> - public var stringUtilsTest:StringUtilsTest;
>> + [BeforeClass]
>> + public static function setUpBeforeClass():void
>> + {
>> + }
>> +
>> + [AfterClass]
>> + public static function tearDownAfterClass():void
>> + {
>> + }
>> +
>> + [Test]
>> + public function testHTML():void
>> + {
>> + var safeHtml:String = 'Hello <em>World</em>';
>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
>> + }
>> +
>> + [Test]
>> + public function testUrl():void
>> + {
>> + var safeUrl:String = "https://foobaz.com";
>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
>> + }
>> +
>> +
>> +
>> }
>> }
>
