I rummaged through the js-debug output of examples/royale/ASDoc.
I was surprised that I could not find a goog.require of goog.events.EventTarget
from our code. There may have been a reason for that but I don't recall.
Maybe I missed it. Probably something to do with circular dependencies.
The reason I think the example runs is because there is an addDependency from
org.apache.royale.events.EventDispatcher to goog.events.EventTarget. That
should be enough to get the browser to load goog.events.eventtarget.js.
GCL.swc is in the -external-library-path, so it is definitely more like
playerglobal. The .as files are hand-translated definitions from the js files
in the Google Closure Library. The js code is expected to be loaded some other
way, probably via addDependency.
The downloads.xml subsets what Google Closure Library js files are factored
into the addDependency output. The full library of .js files is somewhat
wasteful so we subset to just the ones we need.
I might have time this weekend to spend more time getting it to work, but the
idea is that you add to GCL.swc the .as version of whatever JS file you need
from Google Closure Library, make sure the subset code in downloads.xml doesn't
delete it, and then if the transpiled output of, say, Label references
goog.html.SafeHtml, it should show up in the addDependency line for Label.
I didn't have time to pull down the branch and see if you did all of that.
Sounds like you're pretty close though.
HTH,
-Alex
On 12/15/21, 10:23 AM, "Josh Tynjala" <joshtynj...@bowlerhat.dev> wrote:
I investigated inside the compiler a bit, and it looks like we don't add
goog.require() calls for any of the goog.* symbols that we use (at least in
CoreJS and BasicJS). If a .swc file contains .js files in the right
location, the compiler assumes that those symbols need a goog.require()
call. However, GCL.swc does not contain any .js files, so the compiler
assumes that these symbols are provided by the browser/runtime instead.
Obviously, the browser doesn't provide them natively, so I suspect that
goog/base.js simply knows how to resolve goog.* symbols automatically
without a goog.require() call (similarly, Closure compiler should know how
to resolve them for release builds). Since we've been using a number of
goog.* symbols for years (our EventDispatcher is based on
goog.events.EventTarget, for instance), I think that the compiler is
behaving correctly here with your new goog.html.SafeHtml and
goog.html.sanitizer.HtmlSantizer symbols. I don't think they need a
goog.require() call.
When you try to run a project using the new sanitizeHtml() and
sanitizeUrl() functions that you created, do they work in both debug and
release builds? Or are they failing? If they're working, I think you're
good to go!
(By the way, you should probably do a "clean" build to test because the
compiler might have an optimization to skip copying Closure library if it
detects its presence in the output directory, so you might not get new .js
files that didn't exist in older SDKs)
--
Josh Tynjala
Bowler Hat LLC
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbowlerhat.dev%2F&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=PCAMFjCbGWNjlU2N9vosPe1lWr9dw52tTmyP1jpNC8k%3D&reserved=0>
On Tue, Dec 14, 2021 at 12:17 PM Harbs <harbs.li...@gmail.com> wrote:
> I had to modify the script here:
>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-asjs%2Fblob%2Ffeature%2Fsanitize%2Fframeworks%2Fdownloads.xml%23L286&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=tnqbKpyVfxgaCb8C%2FS36AUuLhu8KiAvDJlikXSPZ%2FtU%3D&reserved=0
> <
>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-asjs%2Fblob%2Fdevelop%2Fframeworks%2Fdownloads.xml%23L286&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=RxHIFdigmCvzz3U1YCLP5ytQ8Q%2FuIWF82P9rr1n3S2Q%3D&reserved=0
> >
>
> Adding the necessary files worked to get the goog.html files. I confirmed
> that the files ended up in the debug folder.
>
> BUT, there’s no reference to requiring them in the compiled JS code.
>
> That’s the bit I’m stuck on.
>
> Why does using the following code not generate something akin to
> goog.require (or goog.addDependency) somewhere?
>
> package org.apache.royale.utils.string
> {
> COMPILE::JS{
> import goog.html.sanitizer.HtmlSanitizer;
> import goog.html.SafeHtml;
> }
>
> public function sanitizeHtml(html:String):String
> {
> COMPILE::JS
> {
> return
> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
> }
> //TODO sanitize in swf
> COMPILE::SWF
> {
> return html;
> }
> }
> }
>
> > On Dec 14, 2021, at 10:00 PM, Josh Tynjala <joshtynj...@bowlerhat.dev>
> wrote:
> >
> > I think that GCL.swc might be kind of a weird edge case. The .swc exists
> > only to make the AS3 compiler happy. As I understand it, Closure
Compiler
> > analyzes our generated .js files to determine which .js files from
> Closure
> > library are needed in the final output. I think we copy all of Closure
> > library for a debug build, and it grabs what it needs automatically.
> >
> > Could it be that the Closure library .js files that you are trying to
use
> > are missing from the version of Closure library that we currently depend
> > on? Maybe we need an upgrade? Or maybe we're simply excluding them in
> some
> > way because they weren't being used.
> >
> > --
> > Josh Tynjala
> > Bowler Hat LLC
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbowlerhat.dev%2F&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=PCAMFjCbGWNjlU2N9vosPe1lWr9dw52tTmyP1jpNC8k%3D&reserved=0>
> >
> >
> > On Tue, Dec 14, 2021 at 10:58 AM Harbs <harbs.li...@gmail.com> wrote:
> >
> >> Thanks for responding.
> >>
> >> Yes. I tried to add the definitions here.
> >>
> >>
> >>
>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-typedefs%2Ftree%2Ffeature%2Fsanitize%2FGCL%2Fsrc%2Fmain%2Froyale%2Fgoog%2Fhtml&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=h8ocG584dnMkIZZdayZIt75OW0FbwqYRO0ZoJKDFpmU%3D&reserved=0
> >> <
> >>
>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-typedefs%2Ftree%2Ffeature%2Fsanitize%2FGCL%2Fsrc%2Fmain%2Froyale%2Fgoog%2Fhtml&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=h8ocG584dnMkIZZdayZIt75OW0FbwqYRO0ZoJKDFpmU%3D&reserved=0
> >>>
> >>
> >> It helped to get the type definitions in
> >>
>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-asjs%2Fblob%2F1b12594c60420d3503f9e366f314c9d875e16ddb%2Fframeworks%2Fprojects%2FCore%2Fsrc%2Fmain%2Froyale%2Forg%2Fapache%2Froyale%2Futils%2Fstring%2FsanitizeHtml.as&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rMEyAUQL3gjamRZhZozYQ7wmp%2B%2BWLXQu5LGzjNwF8wc%3D&reserved=0
> >> <
> >>
>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-asjs%2Fblob%2F1b12594c60420d3503f9e366f314c9d875e16ddb%2Fframeworks%2Fprojects%2FCore%2Fsrc%2Fmain%2Froyale%2Forg%2Fapache%2Froyale%2Futils%2Fstring%2FsanitizeHtml.as&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272412534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rMEyAUQL3gjamRZhZozYQ7wmp%2B%2BWLXQu5LGzjNwF8wc%3D&reserved=0
> >>>
> >>
> >> But the goog.html files were not referenced in the JS output. I also
> >> changed the script that extracts the goog js files, but that did not
> help.
> >>
> >> Basically, GCL is like a regular swc library in that JS files are
> needed,
> >> but it’s like a typedef file in that the JS doesn’t come from the swc
> >> (IFAICT). I’m struggling to understand how the compiler builds the
> >> dependencies from GCL.swc…
> >>
> >> Thanks,
> >> Harbs
> >>
> >>> On Dec 14, 2021, at 8:11 PM, Josh Tynjala <joshtynj...@bowlerhat.dev>
> >> wrote:
> >>>
> >>> It looks like the GCL typedefs are defined here:
> >>>
> >>>
> >>
>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Froyale-typedefs%2Ftree%2Fdevelop%2FGCL%2Fsrc%2Fmain%2Froyale%2Fgoog&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=R0ih%2FlOJOOvoqFeEx4rauiwDCGIeIy8qJZl23tqZjUQ%3D&reserved=0
> >>>
> >>> I think that so far we've included only the classes that we use in the
> >>> framework, so if you need something that we haven't used before, you
> can
> >>> add it here. It'll get included in the GCL .swc file, and then you can
> >> use
> >>> it in AS3/MXML.
> >>>
> >>> --
> >>> Josh Tynjala
> >>> Bowler Hat LLC
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbowlerhat.dev%2F&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=fOUE%2F6%2FhCLZuoCx3hRbjqaWVFz3gPyPbQ6i8au3FJq4%3D&reserved=0>
> >>>
> >>>
> >>> On Tue, Dec 14, 2021 at 9:42 AM Harbs <harbs.li...@gmail.com> wrote:
> >>>
> >>>> Bump.
> >>>>
> >>>> I’m stuck on this issue. I need to understand how the GCL library
> works
> >>>> for me to finish the sanitize functions.
> >>>>
> >>>> Thanks,
> >>>> Harbs
> >>>>
> >>>>> On Dec 13, 2021, at 2:50 PM, Harbs <harbs.li...@gmail.com> wrote:
> >>>>>
> >>>>> I created a page about swcs:
> >>>>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapache.github.io%2Froyale-docs%2Flibraries%2Flibrary-basics&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y7PobUrKQzALV4RuUj0xc0854ELyioyvJtxZXEj%2F8dw%3D&reserved=0
<
> >>>>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapache.github.io%2Froyale-docs%2Flibraries%2Flibrary-basics&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y7PobUrKQzALV4RuUj0xc0854ELyioyvJtxZXEj%2F8dw%3D&reserved=0>
> >>>>>
> >>>>> I added a paragraph about the GCL swc, but I’m really not very clear
> on
> >>>> how it works...
> >>>>>
> >>>>>> On Dec 12, 2021, at 5:46 PM, Harbs <harbs.li...@gmail.com <mailto:
> >>>> harbs.li...@gmail.com>> wrote:
> >>>>>>
> >>>>>> I spent some more time on this, but I’m not sure how to get the
> >>>> compiler to realize that we need the goog files.
> >>>>>>
> >>>>>> For Event we have this:
> >>>>>>
> >>>>>> goog.addDependency('../../../org/apache/royale/events/Event.js',
> >>>> ['org.apache.royale.events.Event'], ['goog.events.Event',
> >>>> 'org.apache.royale.events.IRoyaleEvent']);
> >>>>>>
> >>>>>> But Royale Event subclasses goog.events.Event.
> >>>>>>
> >>>>>> How do I tell the compiler that
> >>>> org.apache.royale.utils.string.sanitizeUrl requires goog.html.SafeUrl
> ?
> >>>>>>
> >>>>>> The same for org.apache.royale.utils.string.sanitizeHtml with
> >>>> goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.
> >>>>>>
> >>>>>> Alex? Josh? Greg?
> >>>>>>
> >>>>>> Thanks,
> >>>>>> Harbs
> >>>>>>
> >>>>>>> On Dec 12, 2021, at 2:13 AM, Harbs <harbs.li...@gmail.com <mailto:
> >>>> harbs.li...@gmail.com>> wrote:
> >>>>>>>
> >>>>>>> I added code for sanitizing, but it’s not working because the
> >>>> goog.html files are not being copied. I don’t know what needs to be
> >> done to
> >>>> make that happen.
> >>>>>>>
> >>>>>>> Harbs
> >>>>>>>
> >>>>>>>> On Dec 12, 2021, at 2:12 AM, ha...@apache.org <mailto:
> >>>> ha...@apache.org> wrote:
> >>>>>>>>
> >>>>>>>> This is an automated email from the ASF dual-hosted git
> repository.
> >>>>>>>>
> >>>>>>>> harbs pushed a commit to branch feature/sanitize
> >>>>>>>> in repository
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitbox.apache.org%2Frepos%2Fasf%2Froyale-asjs.git&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cjwsK7G%2Bf4ZHnhy1TzAuwg5He%2BA1Kfa750Xf34eRt04%3D&reserved=0
> <
> >>>>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitbox.apache.org%2Frepos%2Fasf%2Froyale-asjs.git&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cjwsK7G%2Bf4ZHnhy1TzAuwg5He%2BA1Kfa750Xf34eRt04%3D&reserved=0>
> >>>>>>>>
> >>>>>>>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
> >>>>>>>> Author: Harbs <ha...@in-tools.com <mailto:ha...@in-tools.com>>
> >>>>>>>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
> >>>>>>>>
> >>>>>>>> Added sanitizeUrl and sanitizeHtml
> >>>>>>>> ---
> >>>>>>>> .../projects/Core/src/main/royale/CoreClasses.as | 2 +
> >>>>>>>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38
> >> ++++++++++++++
> >>>>>>>> .../org/apache/royale/utils/string/sanitizeUrl.as | 36
> >> +++++++++++++
> >>>>>>>> .../src/test/royale/flexUnitTests/CoreTester.as | 1 +
> >>>>>>>> .../{CoreTester.as => SanitizeTest.as} | 59
> >>>> ++++++++++++++--------
> >>>>>>>> 5 files changed, 115 insertions(+), 21 deletions(-)
> >>>>>>>>
> >>>>>>>> diff --git
> a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>> b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>>>> index 21593fd..dd088eb 100644
> >>>>>>>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>>>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
> >>>>>>>> @@ -342,6 +342,8 @@ internal class CoreClasses
> >>>>>>>> import org.apache.royale.utils.string.trimRight; trimRight;
> >>>>>>>> import org.apache.royale.utils.string.trimLeft; trimLeft;
> >>>>>>>> import org.apache.royale.utils.string.cacheBust; cacheBust;
> >>>>>>>> + import org.apache.royale.utils.string.sanitizeHtml;
> sanitizeHtml;
> >>>>>>>> + import org.apache.royale.utils.string.sanitizeUrl;
sanitizeUrl;
> >>>>>>>>
> >>>>>>>> import org.apache.royale.utils.date.addDays; addDays;
> >>>>>>>> import org.apache.royale.utils.date.addHours; addHours;
> >>>>>>>> diff --git
> >>>>
> >>
>
a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>
> >>
>
b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>>>>> new file mode 100644
> >>>>>>>> index 0000000..360ef63
> >>>>>>>> --- /dev/null
> >>>>>>>> +++
> >>>>
> >>
>
b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
> >>>>>>>> @@ -0,0 +1,38 @@
> >>>>>>>>
> >>>>
> >>
>
+////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +//
> >>>>>>>> +// Licensed to the Apache Software Foundation (ASF) under one
or
> >>>> more
> >>>>>>>> +// contributor license agreements. See the NOTICE file
> >> distributed
> >>>> with
> >>>>>>>> +// this work for additional information regarding copyright
> >>>> ownership.
> >>>>>>>> +// The ASF licenses this file to You under the Apache License,
> >>>> Version 2.0
> >>>>>>>> +// (the "License"); you may not use this file except in
> compliance
> >>>> with
> >>>>>>>> +// the License. You may obtain a copy of the License at
> >>>>>>>> +//
> >>>>>>>> +//
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache.org%2Flicenses%2FLICENSE-2.0&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Mt5oPTNRZf7FwnbGbb1VLtFPskH3IjMpvdcAyq9QM8Q%3D&reserved=0
<
> >>>>
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache.org%2Flicenses%2FLICENSE-2.0&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Mt5oPTNRZf7FwnbGbb1VLtFPskH3IjMpvdcAyq9QM8Q%3D&reserved=0>
> >>>>>>>> +//
> >>>>>>>> +// Unless required by applicable law or agreed to in writing,
> >>>> software
> >>>>>>>> +// distributed under the License is distributed on an "AS IS"
> >> BASIS,
> >>>>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
> or
> >>>> implied.
> >>>>>>>> +// See the License for the specific language governing
> permissions
> >>>> and
> >>>>>>>> +// limitations under the License.
> >>>>>>>> +//
> >>>>>>>>
> >>>>
> >>
>
+////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +package org.apache.royale.utils.string
> >>>>>>>> +{
> >>>>>>>> + COMPILE::JS{
> >>>>>>>> + import goog.html.sanitizer.HtmlSanitizer;
> >>>>>>>> + import goog.html.SafeHtml;
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + public function sanitizeHtml(html:String):String
> >>>>>>>> + {
> >>>>>>>> + COMPILE::JS
> >>>>>>>> + {
> >>>>>>>> + return
> >>>> SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
> >>>>>>>> + }
> >>>>>>>> + //TODO sanitize in swf
> >>>>>>>> + COMPILE::SWF
> >>>>>>>> + {
> >>>>>>>> + return html;
> >>>>>>>> + }
> >>>>>>>> + }
> >>>>>>>> +}
> >>>>>>>> \ No newline at end of file
> >>>>>>>> diff --git
> >>>>
> >>
>
a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>
> >>
>
b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>>>>> new file mode 100644
> >>>>>>>> index 0000000..cd4151d
> >>>>>>>> --- /dev/null
> >>>>>>>> +++
> >>>>
> >>
>
b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
> >>>>>>>> @@ -0,0 +1,36 @@
> >>>>>>>>
> >>>>
> >>
>
+////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +//
> >>>>>>>> +// Licensed to the Apache Software Foundation (ASF) under one
or
> >>>> more
> >>>>>>>> +// contributor license agreements. See the NOTICE file
> >> distributed
> >>>> with
> >>>>>>>> +// this work for additional information regarding copyright
> >>>> ownership.
> >>>>>>>> +// The ASF licenses this file to You under the Apache License,
> >>>> Version 2.0
> >>>>>>>> +// (the "License"); you may not use this file except in
> compliance
> >>>> with
> >>>>>>>> +// the License. You may obtain a copy of the License at
> >>>>>>>> +//
> >>>>>>>> +//
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache.org%2Flicenses%2FLICENSE-2.0&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Mt5oPTNRZf7FwnbGbb1VLtFPskH3IjMpvdcAyq9QM8Q%3D&reserved=0
<
> >>>>
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache.org%2Flicenses%2FLICENSE-2.0&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Mt5oPTNRZf7FwnbGbb1VLtFPskH3IjMpvdcAyq9QM8Q%3D&reserved=0>
> >>>>>>>> +//
> >>>>>>>> +// Unless required by applicable law or agreed to in writing,
> >>>> software
> >>>>>>>> +// distributed under the License is distributed on an "AS IS"
> >> BASIS,
> >>>>>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
> or
> >>>> implied.
> >>>>>>>> +// See the License for the specific language governing
> permissions
> >>>> and
> >>>>>>>> +// limitations under the License.
> >>>>>>>> +//
> >>>>>>>>
> >>>>
> >>
>
+////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> +package org.apache.royale.utils.string
> >>>>>>>> +{
> >>>>>>>> + COMPILE::JS{
> >>>>>>>> + import goog.html.SafeUrl;
> >>>>>>>> + import goog.html.SafeUrl;
> >>>>>>>> + }
> >>>>>>>> + public function sanitizeUrl(url:String):String
> >>>>>>>> + {
> >>>>>>>> + COMPILE::JS{
> >>>>>>>> + return SafeUrl.unwrap(SafeUrl.sanitize(url));
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + //TODO sanitize in swf
> >>>>>>>> + COMPILE::SWF{
> >>>>>>>> + return url;
> >>>>>>>> + }
> >>>>>>>> + }
> >>>>>>>> +}
> >>>>>>>> \ No newline at end of file
> >>>>>>>> diff --git
> >>>>
a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>
b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> index c8adc02..9441daf 100644
> >>>>>>>> ---
> >>>>
a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> +++
> >>>>
b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> @@ -42,5 +42,6 @@ package flexUnitTests
> >>>>>>>> public var keyConverterTest:KeyConverterTest;
> >>>>>>>> public var
> >>>> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>>>>>>> public var stringUtilsTest:StringUtilsTest;
> >>>>>>>> + public var sanitizerTest:SanitizeTest;
> >>>>>>>> }
> >>>>>>>> }
> >>>>>>>> diff --git
> >>>>
a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>>>> similarity index 50%
> >>>>>>>> copy from
> >>>> frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> copy to
> >>>>
frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>>>> index c8adc02..7173f52 100644
> >>>>>>>> ---
> >>>>
a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
> >>>>>>>> +++
> >>>>
> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
> >>>>>>>> @@ -18,29 +18,46 @@
> >>>>>>>>
> >>>>
> >>
>
////////////////////////////////////////////////////////////////////////////////
> >>>>>>>> package flexUnitTests
> >>>>>>>> {
> >>>>>>>> - import flexUnitTests.language.*
> >>>>>>>> + import org.apache.royale.utils.string.*;
> >>>>>>>> + import org.apache.royale.test.asserts.*;
> >>>>>>>>
> >>>>>>>> - [Suite]
> >>>>>>>> - [RunWith("org.apache.royale.test.runners.SuiteRunner")]
> >>>>>>>> - public class CoreTester
> >>>>>>>> - {
> >>>>>>>> + public class SanitizeTest
> >>>>>>>> + {
> >>>>>>>> + [Before]
> >>>>>>>> + public function setUp():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>>
> >>>>>>>> - //language tests
> >>>>>>>> - public var languageTestIs:LanguageTesterTestIs;
> >>>>>>>> - public var languageTestIntUint:LanguageTesterIntUint;
> >>>>>>>> - public var languageTestVector:LanguageTesterTestVector;
> >>>>>>>> - public var languageTestClass:LanguageTesterTestClass;
> >>>>>>>> - public var
> >>>> languageTestLoopVariants:LanguageTesterTestLoopVariants;
> >>>>>>>> - public var
languageTestArraySort:LanguageTesterArraySort;
> >>>>>>>> - public var
> languageTesttryCatch:LanguageTesterTestTryCatch;
> >>>>>>>> + [After]
> >>>>>>>> + public function tearDown():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>>
> >>>>>>>> - //core tests
> >>>>>>>> - public var strandTesterTest:StrandTesterTest;
> >>>>>>>> - public var binaryDataTesterTest:BinaryDataTesterTest;
> >>>>>>>> - public var arrayUtilsTest:ArrayUtilsTest;
> >>>>>>>> - public var dateUtilsTest:DateUtilsTest;
> >>>>>>>> - public var keyConverterTest:KeyConverterTest;
> >>>>>>>> - public var
> >>>> keyboardEventConverterTest:KeyboardEventConverterTest;
> >>>>>>>> - public var stringUtilsTest:StringUtilsTest;
> >>>>>>>> + [BeforeClass]
> >>>>>>>> + public static function setUpBeforeClass():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + [AfterClass]
> >>>>>>>> + public static function tearDownAfterClass():void
> >>>>>>>> + {
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + [Test]
> >>>>>>>> + public function testHTML():void
> >>>>>>>> + {
> >>>>>>>> + var safeHtml:String = 'Hello <em>World</em>';
> >>>>>>>> + assertEquals(safeHtml, sanitizeHtml(safeHtml));
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> + [Test]
> >>>>>>>> + public function testUrl():void
> >>>>>>>> + {
> >>>>>>>> + var safeUrl:String =
"https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffoobaz.com%2F&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=sW70HprBrdaIt4SxYwWUZWX0S8ymZtjJX7VLReJNvnE%3D&reserved=0
<
> >>>>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffoobaz.com%2F&data=04%7C01%7Caharui%40adobe.com%7Cc4170cca02de4214f42d08d9bff7c0b7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637751894272422491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=sW70HprBrdaIt4SxYwWUZWX0S8ymZtjJX7VLReJNvnE%3D&reserved=0>"
> >>>>>>>> + assertEquals(safeUrl, sanitizeUrl(safeUrl));
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> +
> >>>>>>>> +
> >>>>>>>> }
> >>>>>>>> }
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>>
> >>
> >>
>
>
