public static String genNewSanitizedContent( String innerExprText, SanitizedContent.ContentKind contentKind) { return "new " + SanitizedContent.class.getCanonicalName() + "(" + innerExprText + ", " + SanitizedContent.ContentKind.class.getCanonicalName() + "." + contentKind.name() + ")"; }
private void enforceContentKind() { if (expectedContentKind == SanitizedContent.ContentKind.TEXT) { // Allow any template to be called as text. This is consistent with the fact that // kind="text" templates can call any other template. return; } if (!contentKind.isPresent()) { throw new IllegalStateException( "Cannot render a non strict template as '" + Ascii.toLowerCase(expectedContentKind.name()) + "'"); } if (expectedContentKind != contentKind.get()) { throw new IllegalStateException( "Expected template to be kind=\"" + Ascii.toLowerCase(expectedContentKind.name()) + "\" but was kind=\"" + Ascii.toLowerCase(contentKind.get().name()) + "\": " + templateName); } } }
private void enforceContentKind() { if (expectedContentKind == SanitizedContent.ContentKind.TEXT) { // Allow any template to be called as text. This is consistent with the fact that // kind="text" templates can call any other template. return; } if (!contentKind.isPresent()) { throw new IllegalStateException( "Cannot render a non strict template '" + templateName + "' as '" + Ascii.toLowerCase(expectedContentKind.name()) + "'"); } if (expectedContentKind != contentKind.get()) { throw new IllegalStateException( "Expected template '" + templateName + "' to be kind=\"" + Ascii.toLowerCase(expectedContentKind.name()) + "\" but was kind=\"" + Ascii.toLowerCase(contentKind.get().name()) + "\""); } } }
printDirective instanceof SanitizedContentOperator ? SanitizedContentKind.valueOf( ((SanitizedContentOperator) printDirective).getContentKind().name()) : null; if (contentKind == null || contentKind != escapingMode.contentKind) {
printDirective instanceof SanitizedContentOperator ? SanitizedContentKind.valueOf( ((SanitizedContentOperator) printDirective).getContentKind().name()) : null; if (contentKind == null || contentKind != escapingMode.contentKind) {
private void enforceContentKind(TemplateNode template) { if (expectedContentKind == SanitizedContent.ContentKind.TEXT) { // Allow any template to be called as text. This is consistent with the fact that // kind="text" templates can call any other template. return; } if (template.getContentKind() == null) { throw new SoyTofuException( "Expected template to be autoescape=\"strict\" " + "but was autoescape=\"" + template.getAutoescapeMode().getAttributeValue() + "\": " + template.getTemplateName()); } SanitizedContentKind expectedAsSanitizedContentKind = SanitizedContentKind.valueOf(expectedContentKind.name()); if (expectedAsSanitizedContentKind != template.getContentKind()) { throw new SoyTofuException( "Expected template to be kind=\"" + expectedAsSanitizedContentKind.asAttributeValue() + "\" but was kind=\"" + template.getContentKind().asAttributeValue() + "\": " + template.getTemplateName()); } } }
private void enforceContentKind(TemplateNode template) { if (expectedContentKind == SanitizedContent.ContentKind.TEXT) { // Allow any template to be called as text. This is consistent with the fact that // kind="text" templates can call any other template. return; } if (template.getContentKind() == null) { throw new SoyTofuException( "Cannot render a non strict template '" + templateName + "' as '" + Ascii.toLowerCase(expectedContentKind.name()) + "'"); } SanitizedContentKind expectedAsSanitizedContentKind = SanitizedContentKind.valueOf(expectedContentKind.name()); if (expectedAsSanitizedContentKind != template.getContentKind()) { throw new SoyTofuException( "Expected template '" + template.getTemplateName() + "' to be kind=\"" + expectedAsSanitizedContentKind.asAttributeValue() + "\" but was kind=\"" + template.getContentKind().asAttributeValue() + "\""); } } }
/** * Wraps an expression with the proper SanitizedContent constructor. * * <p>NOTE: The pyExpr provided must be properly escaped for the given ContentKind. Please talk to * ISE (ise@) for any questions or concerns. * * @param contentKind The kind of sanitized content. * @param pyExpr The expression to wrap. * @deprecated this method is not safe to use without a security review. Do not use it. */ @Deprecated public static PyExpr wrapAsSanitizedContent(ContentKind contentKind, PyExpr pyExpr) { String sanitizer = NodeContentKinds.toPySanitizedContentOrdainer( SanitizedContentKind.valueOf(contentKind.name())); String approval = "sanitize.IActuallyUnderstandSoyTypeSafetyAndHaveSecurityApproval(" + "'Internally created Sanitization.')"; return new PyExpr( sanitizer + "(" + pyExpr.getText() + ", approval=" + approval + ")", Integer.MAX_VALUE); }
/** * Wraps with the proper SanitizedContent constructor if contentKind is non-null. * * @param contentKind The kind of sanitized content. * @param jsExpr The expression to wrap. * @deprecated This method is not safe to use without a security review, please migrate away from * it. */ @Deprecated public static JsExpr maybeWrapAsSanitizedContent( @Nullable ContentKind contentKind, JsExpr jsExpr) { if (contentKind == null) { return jsExpr; } else { return wrapWithFunction( NodeContentKinds.toJsSanitizedContentOrdainer( SanitizedContentKind.valueOf(contentKind.name())), jsExpr); } } }
/** * Wraps an expression with the proper SanitizedContent constructor. * * <p>NOTE: The pyExpr provided must be properly escaped for the given ContentKind. Please talk to * ISE (ise@) for any questions or concerns. * * @param contentKind The kind of sanitized content. * @param pyExpr The expression to wrap. * @deprecated this method is not safe to use without a security review. Do not use it. */ @Deprecated public static PyExpr wrapAsSanitizedContent(ContentKind contentKind, PyExpr pyExpr) { String sanitizer = NodeContentKinds.toPySanitizedContentOrdainer( SanitizedContentKind.valueOf(contentKind.name())); String approval = "sanitize.IActuallyUnderstandSoyTypeSafetyAndHaveSecurityApproval(" + "'Internally created Sanitization.')"; return new PyExpr( sanitizer + "(" + pyExpr.getText() + ", approval=" + approval + ")", Integer.MAX_VALUE); }
/** * Wraps with the proper SanitizedContent constructor if contentKind is non-null. * * @param contentKind The kind of sanitized content. * @param jsExpr The expression to wrap. * @deprecated This method is not safe to use without a security review, please migrate away from * it. */ @Deprecated public static JsExpr maybeWrapAsSanitizedContent( @Nullable ContentKind contentKind, JsExpr jsExpr) { if (contentKind == null) { return jsExpr; } else { return wrapWithFunction( NodeContentKinds.toJsSanitizedContentOrdainer( SanitizedContentKind.valueOf(contentKind.name())), jsExpr); } } }