Add @IsTrustedResourceUrl and @IsSafeUrl type annotations.
Change-Id: I8cde528b350c8b064fc5830a888b8bc1c3a375e1
Review-Link: https://gwt-review.googlesource.com/#/c/14073/
diff --git a/user/src/com/google/gwt/dom/builder/client/DomAnchorBuilder.java b/user/src/com/google/gwt/dom/builder/client/DomAnchorBuilder.java
index 70a24fd..a333d12 100644
--- a/user/src/com/google/gwt/dom/builder/client/DomAnchorBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/client/DomAnchorBuilder.java
@@ -18,6 +18,7 @@
import com.google.gwt.dom.builder.shared.AnchorBuilder;
import com.google.gwt.dom.client.AnchorElement;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* DOM-based implementation of {@link AnchorBuilder}.
@@ -42,7 +43,7 @@
}
@Override
- public AnchorBuilder href(String href) {
+ public AnchorBuilder href(@IsSafeUri String href) {
assertCanAddAttribute().setHref(href);
return this;
}
diff --git a/user/src/com/google/gwt/dom/builder/client/DomFormBuilder.java b/user/src/com/google/gwt/dom/builder/client/DomFormBuilder.java
index 491e6e4..317ebc3 100644
--- a/user/src/com/google/gwt/dom/builder/client/DomFormBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/client/DomFormBuilder.java
@@ -18,6 +18,7 @@
import com.google.gwt.dom.builder.shared.FormBuilder;
import com.google.gwt.dom.client.FormElement;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* DOM-based implementation of {@link FormBuilder}.
@@ -42,7 +43,7 @@
}
@Override
- public FormBuilder action(String action) {
+ public FormBuilder action(@IsSafeUri String action) {
assertCanAddAttribute().setAction(action);
return this;
}
diff --git a/user/src/com/google/gwt/dom/builder/client/DomFrameBuilder.java b/user/src/com/google/gwt/dom/builder/client/DomFrameBuilder.java
index 87818a6..8e2736a 100644
--- a/user/src/com/google/gwt/dom/builder/client/DomFrameBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/client/DomFrameBuilder.java
@@ -18,6 +18,7 @@
import com.google.gwt.dom.builder.shared.FrameBuilder;
import com.google.gwt.dom.client.FrameElement;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
/**
* DOM-based implementation of {@link FrameBuilder}.
@@ -78,13 +79,13 @@
}
@Override
- public FrameBuilder src(SafeUri src) {
+ public FrameBuilder src(@IsTrustedResourceUri SafeUri src) {
assertCanAddAttribute().setSrc(src);
return this;
}
@Override
- public FrameBuilder src(String src) {
+ public FrameBuilder src(@IsTrustedResourceUri String src) {
assertCanAddAttribute().setSrc(src);
return this;
}
diff --git a/user/src/com/google/gwt/dom/builder/client/DomIFrameBuilder.java b/user/src/com/google/gwt/dom/builder/client/DomIFrameBuilder.java
index e987b49..eadad8b 100644
--- a/user/src/com/google/gwt/dom/builder/client/DomIFrameBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/client/DomIFrameBuilder.java
@@ -20,6 +20,7 @@
import com.google.gwt.dom.client.IFrameElement;
import com.google.gwt.safehtml.shared.SafeHtml;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* DOM-based implementation of {@link IFrameBuilder}.
@@ -84,7 +85,7 @@
}
@Override
- public IFrameBuilder src(String src) {
+ public IFrameBuilder src(@IsSafeUri String src) {
assertCanAddAttribute().setSrc(src);
return this;
}
diff --git a/user/src/com/google/gwt/dom/builder/client/DomLinkBuilder.java b/user/src/com/google/gwt/dom/builder/client/DomLinkBuilder.java
index 8476db8..c64330d 100644
--- a/user/src/com/google/gwt/dom/builder/client/DomLinkBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/client/DomLinkBuilder.java
@@ -17,6 +17,7 @@
import com.google.gwt.dom.builder.shared.LinkBuilder;
import com.google.gwt.dom.client.LinkElement;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
/**
* DOM-based implementation of {@link LinkBuilder}.
@@ -35,7 +36,7 @@
}
@Override
- public LinkBuilder href(String href) {
+ public LinkBuilder href(@IsTrustedResourceUri String href) {
assertCanAddAttribute().setHref(href);
return this;
}
diff --git a/user/src/com/google/gwt/dom/builder/client/DomScriptBuilder.java b/user/src/com/google/gwt/dom/builder/client/DomScriptBuilder.java
index 6b9446c..5d57182 100644
--- a/user/src/com/google/gwt/dom/builder/client/DomScriptBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/client/DomScriptBuilder.java
@@ -18,6 +18,7 @@
import com.google.gwt.dom.builder.shared.ScriptBuilder;
import com.google.gwt.dom.client.ScriptElement;
import com.google.gwt.safehtml.shared.SafeHtml;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
/**
* DOM-based implementation of {@link ScriptBuilder}.
@@ -46,7 +47,7 @@
}
@Override
- public ScriptBuilder src(String src) {
+ public ScriptBuilder src(@IsTrustedResourceUri String src) {
assertCanAddAttribute().setSrc(src);
return this;
}
diff --git a/user/src/com/google/gwt/dom/builder/client/DomStylesBuilder.java b/user/src/com/google/gwt/dom/builder/client/DomStylesBuilder.java
index 3de6c76..03ab7b5 100644
--- a/user/src/com/google/gwt/dom/builder/client/DomStylesBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/client/DomStylesBuilder.java
@@ -39,6 +39,7 @@
import com.google.gwt.regexp.shared.MatchResult;
import com.google.gwt.regexp.shared.RegExp;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
import java.util.Locale;
@@ -404,7 +405,7 @@
}
@Override
- public StylesBuilder trustedBackgroundImage(String value) {
+ public StylesBuilder trustedBackgroundImage(@IsSafeUri String value) {
delegate.assertCanAddStyleProperty().setBackgroundImage(value);
return this;
}
diff --git a/user/src/com/google/gwt/dom/builder/shared/AnchorBuilder.java b/user/src/com/google/gwt/dom/builder/shared/AnchorBuilder.java
index 6108bde..8454dd4 100644
--- a/user/src/com/google/gwt/dom/builder/shared/AnchorBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/AnchorBuilder.java
@@ -16,6 +16,7 @@
package com.google.gwt.dom.builder.shared;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* Builds an anchor element.
@@ -47,7 +48,7 @@
* href="http://www.w3.org/TR/1999/REC-html401-19991224/struct/links.html#adef-href">W3C
* HTML Specification</a>
*/
- AnchorBuilder href(String href);
+ AnchorBuilder href(@IsSafeUri String href);
/**
* Language code of the linked resource.
diff --git a/user/src/com/google/gwt/dom/builder/shared/FormBuilder.java b/user/src/com/google/gwt/dom/builder/shared/FormBuilder.java
index b2cdd1a..11f3b90 100644
--- a/user/src/com/google/gwt/dom/builder/shared/FormBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/FormBuilder.java
@@ -16,6 +16,7 @@
package com.google.gwt.dom.builder.shared;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* Builds an form element.
@@ -47,7 +48,7 @@
* href="http://www.w3.org/TR/1999/REC-html401-19991224/interact/forms.html#adef-action">W3C
* HTML Specification</a>
*/
- FormBuilder action(String action);
+ FormBuilder action(@IsSafeUri String action);
/**
* The content type of the submitted form, generally
diff --git a/user/src/com/google/gwt/dom/builder/shared/FrameBuilder.java b/user/src/com/google/gwt/dom/builder/shared/FrameBuilder.java
index dd471b5..bc98851 100644
--- a/user/src/com/google/gwt/dom/builder/shared/FrameBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/FrameBuilder.java
@@ -16,6 +16,7 @@
package com.google.gwt.dom.builder.shared;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
/**
* Builds an frame element.
@@ -101,7 +102,7 @@
* href="http://www.w3.org/TR/1999/REC-html401-19991224/present/frames.html#adef-src-FRAME">W3C
* HTML Specification</a>
*/
- FrameBuilder src(SafeUri src);
+ FrameBuilder src(@IsTrustedResourceUri SafeUri src);
/**
* A URI designating the initial frame contents.
@@ -110,5 +111,5 @@
* href="http://www.w3.org/TR/1999/REC-html401-19991224/present/frames.html#adef-src-FRAME">W3C
* HTML Specification</a>
*/
- FrameBuilder src(String src);
+ FrameBuilder src(@IsTrustedResourceUri String src);
}
diff --git a/user/src/com/google/gwt/dom/builder/shared/HtmlAnchorBuilder.java b/user/src/com/google/gwt/dom/builder/shared/HtmlAnchorBuilder.java
index 759cec4..f7e6ba0 100644
--- a/user/src/com/google/gwt/dom/builder/shared/HtmlAnchorBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/HtmlAnchorBuilder.java
@@ -16,6 +16,7 @@
package com.google.gwt.dom.builder.shared;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* HTML-based implementation of {@link AnchorBuilder}.
@@ -38,7 +39,7 @@
}
@Override
- public AnchorBuilder href(String href) {
+ public AnchorBuilder href(@IsSafeUri String href) {
return trustedAttribute("href", href);
}
diff --git a/user/src/com/google/gwt/dom/builder/shared/HtmlFormBuilder.java b/user/src/com/google/gwt/dom/builder/shared/HtmlFormBuilder.java
index f59cdd3..ca6694d 100644
--- a/user/src/com/google/gwt/dom/builder/shared/HtmlFormBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/HtmlFormBuilder.java
@@ -16,6 +16,7 @@
package com.google.gwt.dom.builder.shared;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* HTML-based implementation of {@link FormBuilder}.
@@ -37,7 +38,7 @@
}
@Override
- public FormBuilder action(String action) {
+ public FormBuilder action(@IsSafeUri String action) {
return trustedAttribute("action", action);
}
diff --git a/user/src/com/google/gwt/dom/builder/shared/HtmlFrameBuilder.java b/user/src/com/google/gwt/dom/builder/shared/HtmlFrameBuilder.java
index 5a43e1d..870ea9e 100644
--- a/user/src/com/google/gwt/dom/builder/shared/HtmlFrameBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/HtmlFrameBuilder.java
@@ -16,6 +16,8 @@
package com.google.gwt.dom.builder.shared;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
+import com.google.gwt.safehtml.shared.annotations.SuppressIsTrustedResourceUriCastCheck;
/**
* HTML-based implementation of {@link FrameBuilder}.
@@ -67,12 +69,13 @@
}
@Override
- public FrameBuilder src(SafeUri src) {
+ @SuppressIsTrustedResourceUriCastCheck
+ public FrameBuilder src(@IsTrustedResourceUri SafeUri src) {
return src(src.asString());
}
@Override
- public FrameBuilder src(String src) {
+ public FrameBuilder src(@IsTrustedResourceUri String src) {
return trustedAttribute("src", src);
}
}
diff --git a/user/src/com/google/gwt/dom/builder/shared/HtmlIFrameBuilder.java b/user/src/com/google/gwt/dom/builder/shared/HtmlIFrameBuilder.java
index e8c1ed8..6af0a3d 100644
--- a/user/src/com/google/gwt/dom/builder/shared/HtmlIFrameBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/HtmlIFrameBuilder.java
@@ -17,6 +17,7 @@
import com.google.gwt.safehtml.shared.SafeHtml;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* HTML-based implementation of {@link IFrameBuilder}.
@@ -74,7 +75,7 @@
}
@Override
- public IFrameBuilder src(String src) {
+ public IFrameBuilder src(@IsSafeUri String src) {
return trustedAttribute("src", src);
}
diff --git a/user/src/com/google/gwt/dom/builder/shared/HtmlLinkBuilder.java b/user/src/com/google/gwt/dom/builder/shared/HtmlLinkBuilder.java
index 79ff254..2fb35ee 100644
--- a/user/src/com/google/gwt/dom/builder/shared/HtmlLinkBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/HtmlLinkBuilder.java
@@ -14,6 +14,7 @@
* the License.
*/
package com.google.gwt.dom.builder.shared;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
/**
* HTML-based implementation of {@link LinkBuilder}.
@@ -30,7 +31,7 @@
}
@Override
- public LinkBuilder href(String href) {
+ public LinkBuilder href(@IsTrustedResourceUri String href) {
return trustedAttribute("href", href);
}
diff --git a/user/src/com/google/gwt/dom/builder/shared/HtmlScriptBuilder.java b/user/src/com/google/gwt/dom/builder/shared/HtmlScriptBuilder.java
index 343b15d..69558ef 100644
--- a/user/src/com/google/gwt/dom/builder/shared/HtmlScriptBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/HtmlScriptBuilder.java
@@ -16,6 +16,7 @@
package com.google.gwt.dom.builder.shared;
import com.google.gwt.safehtml.shared.SafeHtml;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
/**
* HTML-based implementation of {@link ScriptBuilder}.
@@ -43,7 +44,7 @@
}
@Override
- public ScriptBuilder src(String src) {
+ public ScriptBuilder src(@IsTrustedResourceUri String src) {
return trustedAttribute("src", src);
}
diff --git a/user/src/com/google/gwt/dom/builder/shared/HtmlStylesBuilder.java b/user/src/com/google/gwt/dom/builder/shared/HtmlStylesBuilder.java
index 1ae46fa..07a4290 100644
--- a/user/src/com/google/gwt/dom/builder/shared/HtmlStylesBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/HtmlStylesBuilder.java
@@ -38,6 +38,7 @@
import com.google.gwt.regexp.shared.RegExp;
import com.google.gwt.safecss.shared.SafeStylesUtils;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
import java.util.HashMap;
import java.util.Locale;
@@ -341,7 +342,7 @@
}
@Override
- public StylesBuilder trustedBackgroundImage(String value) {
+ public StylesBuilder trustedBackgroundImage(@IsSafeUri String value) {
return delegate.styleProperty(SafeStylesUtils.forTrustedBackgroundImage(value));
}
diff --git a/user/src/com/google/gwt/dom/builder/shared/IFrameBuilder.java b/user/src/com/google/gwt/dom/builder/shared/IFrameBuilder.java
index cee2403..572f86c 100644
--- a/user/src/com/google/gwt/dom/builder/shared/IFrameBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/IFrameBuilder.java
@@ -17,6 +17,7 @@
import com.google.gwt.safehtml.shared.SafeHtml;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* Builds an iframe element.
@@ -107,7 +108,7 @@
* href="http://www.w3.org/TR/1999/REC-html401-19991224/present/frames.html#adef-src-FRAME">W3C
* HTML Specification</a>
*/
- IFrameBuilder src(String src);
+ IFrameBuilder src(@IsSafeUri String src);
/**
* Throws {@link UnsupportedOperationException}.
diff --git a/user/src/com/google/gwt/dom/builder/shared/LinkBuilder.java b/user/src/com/google/gwt/dom/builder/shared/LinkBuilder.java
index c0848db..cb90553 100644
--- a/user/src/com/google/gwt/dom/builder/shared/LinkBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/LinkBuilder.java
@@ -15,6 +15,8 @@
*/
package com.google.gwt.dom.builder.shared;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
+
/**
* Builds an link element.
*/
@@ -28,12 +30,13 @@
/**
* The URI of the linked resource.
- *
+ *
+ * The @IsTrustedResourceUri is added conservatively in case href points to a stylesheet.
* @see <a
* href="http://www.w3.org/TR/1999/REC-html401-19991224/struct/links.html#adef-href">W3C
* HTML Specification</a>
*/
- LinkBuilder href(String href);
+ LinkBuilder href(@IsTrustedResourceUri String href);
/**
* Language code of the linked resource.
diff --git a/user/src/com/google/gwt/dom/builder/shared/ScriptBuilder.java b/user/src/com/google/gwt/dom/builder/shared/ScriptBuilder.java
index d631da3..0f3275b 100644
--- a/user/src/com/google/gwt/dom/builder/shared/ScriptBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/ScriptBuilder.java
@@ -15,6 +15,8 @@
*/
package com.google.gwt.dom.builder.shared;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
+
/**
* Builds an script element.
*/
@@ -33,12 +35,12 @@
/**
* URI designating an external script.
- *
+ *
* @see <a
* href="http://www.w3.org/TR/1999/REC-html401-19991224/interact/scripts.html#adef-src-SCRIPT">W3C
* HTML Specification</a>
*/
- ScriptBuilder src(String src);
+ ScriptBuilder src(@IsTrustedResourceUri String src);
/**
* The content type of the script language.
diff --git a/user/src/com/google/gwt/dom/builder/shared/StylesBuilder.java b/user/src/com/google/gwt/dom/builder/shared/StylesBuilder.java
index 7f63003..52fd3ca 100644
--- a/user/src/com/google/gwt/dom/builder/shared/StylesBuilder.java
+++ b/user/src/com/google/gwt/dom/builder/shared/StylesBuilder.java
@@ -35,6 +35,7 @@
import com.google.gwt.dom.client.Style.VerticalAlign;
import com.google.gwt.dom.client.Style.Visibility;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* Builds the style attribute on an element.
@@ -282,15 +283,15 @@
* ensure that the provided value string won't cause a security issue if
* included in a style attribute.
* </p>
- *
+ *
* <p>
* For details and constraints, see
* {@link com.google.gwt.safecss.shared.SafeStyles}.
* </p>
- *
+ *
* @return this {@link StylesBuilder}
*/
- StylesBuilder trustedBackgroundImage(String value);
+ StylesBuilder trustedBackgroundImage(@IsSafeUri String value);
/**
* <p>
diff --git a/user/src/com/google/gwt/dom/client/AnchorElement.java b/user/src/com/google/gwt/dom/client/AnchorElement.java
index c961238..ac906d0 100644
--- a/user/src/com/google/gwt/dom/client/AnchorElement.java
+++ b/user/src/com/google/gwt/dom/client/AnchorElement.java
@@ -17,6 +17,7 @@
import com.google.gwt.core.client.JavaScriptObject;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* The anchor element.
@@ -160,7 +161,7 @@
*
* @see <a href="http://www.w3.org/TR/1999/REC-html401-19991224/struct/links.html#adef-href">W3C HTML Specification</a>
*/
- public final native void setHref(String href) /*-{
+ public final native void setHref(@IsSafeUri String href) /*-{
this.href = href;
}-*/;
diff --git a/user/src/com/google/gwt/dom/client/FormElement.java b/user/src/com/google/gwt/dom/client/FormElement.java
index 8b049fe..a9d9f8f 100644
--- a/user/src/com/google/gwt/dom/client/FormElement.java
+++ b/user/src/com/google/gwt/dom/client/FormElement.java
@@ -17,6 +17,7 @@
import com.google.gwt.core.client.JavaScriptObject;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* The FORM element encompasses behavior similar to a collection and an element.
@@ -170,7 +171,7 @@
*
* @see <a href="http://www.w3.org/TR/1999/REC-html401-19991224/interact/forms.html#adef-action">W3C HTML Specification</a>
*/
- public final native void setAction(String action) /*-{
+ public final native void setAction(@IsSafeUri String action) /*-{
this.action = action;
}-*/;
diff --git a/user/src/com/google/gwt/dom/client/FrameElement.java b/user/src/com/google/gwt/dom/client/FrameElement.java
index 2e5585a..9925eb2 100644
--- a/user/src/com/google/gwt/dom/client/FrameElement.java
+++ b/user/src/com/google/gwt/dom/client/FrameElement.java
@@ -17,6 +17,8 @@
import com.google.gwt.core.client.JavaScriptObject;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
+import com.google.gwt.safehtml.shared.annotations.SuppressIsTrustedResourceUriCastCheck;
/**
* Create a frame.
@@ -231,7 +233,8 @@
*
* @see <a href="http://www.w3.org/TR/1999/REC-html401-19991224/present/frames.html#adef-src-FRAME">W3C HTML Specification</a>
*/
- public final void setSrc(SafeUri src) {
+ @SuppressIsTrustedResourceUriCastCheck
+ public final void setSrc(@IsTrustedResourceUri SafeUri src) {
setSrc(src.asString());
}
@@ -240,7 +243,7 @@
*
* @see <a href="http://www.w3.org/TR/1999/REC-html401-19991224/present/frames.html#adef-src-FRAME">W3C HTML Specification</a>
*/
- public final native void setSrc(String src) /*-{
+ public final native void setSrc(@IsTrustedResourceUri String src) /*-{
this.src = src;
}-*/;
}
diff --git a/user/src/com/google/gwt/dom/client/IFrameElement.java b/user/src/com/google/gwt/dom/client/IFrameElement.java
index 8929963..d8f9213 100644
--- a/user/src/com/google/gwt/dom/client/IFrameElement.java
+++ b/user/src/com/google/gwt/dom/client/IFrameElement.java
@@ -17,6 +17,7 @@
import com.google.gwt.core.client.JavaScriptObject;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* Inline subwindows.
@@ -213,7 +214,7 @@
*
* @see <a href="http://www.w3.org/TR/1999/REC-html401-19991224/present/frames.html#adef-src-FRAME">W3C HTML Specification</a>
*/
- public final native void setSrc(String src) /*-{
+ public final native void setSrc(@IsSafeUri String src) /*-{
this.src = src;
}-*/;
}
diff --git a/user/src/com/google/gwt/dom/client/LinkElement.java b/user/src/com/google/gwt/dom/client/LinkElement.java
index 0803cbb..9996a04 100644
--- a/user/src/com/google/gwt/dom/client/LinkElement.java
+++ b/user/src/com/google/gwt/dom/client/LinkElement.java
@@ -16,6 +16,7 @@
package com.google.gwt.dom.client;
import com.google.gwt.core.client.JavaScriptObject;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
/**
* The LINK element specifies a link to an external resource, and defines this
@@ -155,10 +156,10 @@
/**
* The URI of the linked resource.
- *
+ *
* @see <a href="http://www.w3.org/TR/1999/REC-html401-19991224/struct/links.html#adef-href">W3C HTML Specification</a>
*/
- public final native void setHref(String href) /*-{
+ public final native void setHref(@IsTrustedResourceUri String href) /*-{
this.href = href;
}-*/;
diff --git a/user/src/com/google/gwt/dom/client/ObjectElement.java b/user/src/com/google/gwt/dom/client/ObjectElement.java
index a1caf3b..f0dfba3 100644
--- a/user/src/com/google/gwt/dom/client/ObjectElement.java
+++ b/user/src/com/google/gwt/dom/client/ObjectElement.java
@@ -17,6 +17,8 @@
import com.google.gwt.core.client.JavaScriptObject;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
+import com.google.gwt.safehtml.shared.annotations.SuppressIsTrustedResourceUriCastCheck;
/**
* Generic embedded object.
@@ -157,7 +159,8 @@
*
* @see <a href="http://www.w3.org/TR/1999/REC-html401-19991224/struct/objects.html#adef-data">W3C HTML Specification</a>
*/
- public final void setData(SafeUri data) {
+ @SuppressIsTrustedResourceUriCastCheck
+ public final void setData(@IsTrustedResourceUri SafeUri data) {
setData(data.asString());
}
@@ -166,7 +169,7 @@
*
* @see <a href="http://www.w3.org/TR/1999/REC-html401-19991224/struct/objects.html#adef-data">W3C HTML Specification</a>
*/
- public final native void setData(String data) /*-{
+ public final native void setData(@IsTrustedResourceUri String data) /*-{
this.data = data;
}-*/;
diff --git a/user/src/com/google/gwt/dom/client/ScriptElement.java b/user/src/com/google/gwt/dom/client/ScriptElement.java
index aeca3b4..38b4b5e 100644
--- a/user/src/com/google/gwt/dom/client/ScriptElement.java
+++ b/user/src/com/google/gwt/dom/client/ScriptElement.java
@@ -16,6 +16,7 @@
package com.google.gwt.dom.client;
import com.google.gwt.core.client.JavaScriptObject;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
/**
* Script statements.
@@ -117,10 +118,10 @@
/**
* URI designating an external script.
- *
+ *
* @see <a href="http://www.w3.org/TR/1999/REC-html401-19991224/interact/scripts.html#adef-src-SCRIPT">W3C HTML Specification</a>
*/
- public final native void setSrc(String src) /*-{
+ public final native void setSrc(@IsTrustedResourceUri String src) /*-{
this.src = src;
}-*/;
diff --git a/user/src/com/google/gwt/dom/client/Style.java b/user/src/com/google/gwt/dom/client/Style.java
index 5d9dda0..fe583ec 100644
--- a/user/src/com/google/gwt/dom/client/Style.java
+++ b/user/src/com/google/gwt/dom/client/Style.java
@@ -16,6 +16,7 @@
package com.google.gwt.dom.client;
import com.google.gwt.core.client.JavaScriptObject;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
/**
* Provides programmatic access to properties of the style object.
@@ -1863,7 +1864,7 @@
/**
* Set the background-image css property.
*/
- public final void setBackgroundImage(String value) {
+ public final void setBackgroundImage(@IsSafeUri String value) {
setProperty(STYLE_BACKGROUND_IMAGE, value);
}
diff --git a/user/src/com/google/gwt/jsonp/client/JsonpRequest.java b/user/src/com/google/gwt/jsonp/client/JsonpRequest.java
index 493c2e8..a90e822 100644
--- a/user/src/com/google/gwt/jsonp/client/JsonpRequest.java
+++ b/user/src/com/google/gwt/jsonp/client/JsonpRequest.java
@@ -21,6 +21,8 @@
import com.google.gwt.dom.client.Document;
import com.google.gwt.dom.client.Node;
import com.google.gwt.dom.client.ScriptElement;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
+import com.google.gwt.safehtml.shared.annotations.SuppressIsTrustedResourceUriCastCheck;
import com.google.gwt.user.client.Timer;
import com.google.gwt.user.client.rpc.AsyncCallback;
@@ -196,7 +198,8 @@
*
* @param baseUri To be sent to the server.
*/
- void send(final String baseUri) {
+ @SuppressIsTrustedResourceUriCastCheck
+ void send(@IsTrustedResourceUri final String baseUri) {
registerCallbacks(CALLBACKS, canHaveMultipleRequestsForSameId);
StringBuilder uri = new StringBuilder(baseUri);
uri.append(baseUri.contains("?") ? "&" : "?");
diff --git a/user/src/com/google/gwt/jsonp/client/JsonpRequestBuilder.java b/user/src/com/google/gwt/jsonp/client/JsonpRequestBuilder.java
index fd4043a..d8cc530 100644
--- a/user/src/com/google/gwt/jsonp/client/JsonpRequestBuilder.java
+++ b/user/src/com/google/gwt/jsonp/client/JsonpRequestBuilder.java
@@ -16,6 +16,7 @@
package com.google.gwt.jsonp.client;
import com.google.gwt.core.client.JavaScriptObject;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
import com.google.gwt.user.client.rpc.AsyncCallback;
/**
@@ -129,15 +130,18 @@
return timeout;
}
- public JsonpRequest<Boolean> requestBoolean(String url, AsyncCallback<Boolean> callback) {
+ public JsonpRequest<Boolean> requestBoolean(
+ @IsTrustedResourceUri String url, AsyncCallback<Boolean> callback) {
return send(url, callback, false);
}
- public JsonpRequest<Double> requestDouble(String url, AsyncCallback<Double> callback) {
+ public JsonpRequest<Double> requestDouble(
+ @IsTrustedResourceUri String url, AsyncCallback<Double> callback) {
return send(url, callback, false);
}
- public JsonpRequest<Integer> requestInteger(String url, AsyncCallback<Integer> callback) {
+ public JsonpRequest<Integer> requestInteger(
+ @IsTrustedResourceUri String url, AsyncCallback<Integer> callback) {
return send(url, callback, true);
}
@@ -145,19 +149,20 @@
* Sends a JSONP request and expects a JavaScript object as a result. The caller can either use
* {@link com.google.gwt.json.client.JSONObject} to parse it, or use a JavaScript overlay class.
*/
- public <T extends JavaScriptObject> JsonpRequest<T> requestObject(String url,
- AsyncCallback<T> callback) {
+ public <T extends JavaScriptObject> JsonpRequest<T> requestObject(
+ @IsTrustedResourceUri String url, AsyncCallback<T> callback) {
return send(url, callback, false);
}
- public JsonpRequest<String> requestString(String url, AsyncCallback<String> callback) {
+ public JsonpRequest<String> requestString(
+ @IsTrustedResourceUri String url, AsyncCallback<String> callback) {
return send(url, callback, false);
}
/**
* Sends a JSONP request and does not expect any results.
*/
- public void send(String url) {
+ public void send(@IsTrustedResourceUri String url) {
send(url, null, false);
}
@@ -165,7 +170,7 @@
* Sends a JSONP request, does not expect any result, but still allows to be notified when the
* request has been executed on the server.
*/
- public JsonpRequest<Void> send(String url, AsyncCallback<Void> callback) {
+ public JsonpRequest<Void> send(@IsTrustedResourceUri String url, AsyncCallback<Void> callback) {
return send(url, callback, false);
}
@@ -196,7 +201,8 @@
this.timeout = timeout;
}
- private <T> JsonpRequest<T> send(String url, AsyncCallback<T> callback, boolean expectInteger) {
+ private <T> JsonpRequest<T> send(
+ @IsTrustedResourceUri String url, AsyncCallback<T> callback, boolean expectInteger) {
JsonpRequest<T> request;
if (predeterminedId != null) {
request = new JsonpRequest<T>(callback, timeout, expectInteger, callbackParam,
diff --git a/user/src/com/google/gwt/resources/client/impl/ExternalTextResourcePrototype.java b/user/src/com/google/gwt/resources/client/impl/ExternalTextResourcePrototype.java
index 4015391..5248b03 100644
--- a/user/src/com/google/gwt/resources/client/impl/ExternalTextResourcePrototype.java
+++ b/user/src/com/google/gwt/resources/client/impl/ExternalTextResourcePrototype.java
@@ -27,6 +27,7 @@
import com.google.gwt.resources.client.ResourceException;
import com.google.gwt.resources.client.TextResource;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.SuppressIsTrustedResourceUriCastCheck;
import com.google.gwt.user.client.rpc.AsyncCallback;
/**
@@ -157,8 +158,8 @@
/**
* Possibly fire off an HTTPRequest for the text resource.
*/
- public void getText(ResourceCallback<TextResource> callback)
- throws ResourceException {
+ @SuppressIsTrustedResourceUriCastCheck
+ public void getText(ResourceCallback<TextResource> callback) throws ResourceException {
// If we've already parsed the JSON bundle, short-circuit.
if (cache[index] != null) {
diff --git a/user/src/com/google/gwt/safehtml/shared/SafeUri.java b/user/src/com/google/gwt/safehtml/shared/SafeUri.java
index 7e16a73..4ded3d7 100644
--- a/user/src/com/google/gwt/safehtml/shared/SafeUri.java
+++ b/user/src/com/google/gwt/safehtml/shared/SafeUri.java
@@ -15,6 +15,8 @@
*/
package com.google.gwt.safehtml.shared;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
+
/**
* An object that implements this interface encapsulates a URI that is
* guaranteed to be safe to use (with respect to potential Cross-Site-Scripting
@@ -64,6 +66,7 @@
*
* @return the contents as a String
*/
+ @IsSafeUri
String asString();
/**
diff --git a/user/src/com/google/gwt/safehtml/shared/SafeUriString.java b/user/src/com/google/gwt/safehtml/shared/SafeUriString.java
index f22f5f0..cadbace 100644
--- a/user/src/com/google/gwt/safehtml/shared/SafeUriString.java
+++ b/user/src/com/google/gwt/safehtml/shared/SafeUriString.java
@@ -15,6 +15,8 @@
*/
package com.google.gwt.safehtml.shared;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
+
/**
* A string wrapped as an object of type {@link SafeUri}.
*
@@ -26,17 +28,17 @@
* just like String.equals() and String.hashCode().
*/
class SafeUriString implements SafeUri {
- private String uri;
+ @IsSafeUri private String uri;
/**
* Constructs a {@link SafeUriString} from a string. Callers are responsible
* for ensuring that the string passed as the argument to this constructor
* satisfies the constraints of the contract imposed by the {@link SafeUri}
* interface.
- *
+ *
* @param uri the string to be wrapped as a {@link SafeUri}
*/
- SafeUriString(String uri) {
+ SafeUriString(@IsSafeUri String uri) {
if (uri == null) {
throw new NullPointerException("uri is null");
}
@@ -53,6 +55,7 @@
/**
* {@inheritDoc}
*/
+ @IsSafeUri
public String asString() {
return uri;
}
diff --git a/user/src/com/google/gwt/safehtml/shared/UriUtils.java b/user/src/com/google/gwt/safehtml/shared/UriUtils.java
index 942074f..929edb6 100644
--- a/user/src/com/google/gwt/safehtml/shared/UriUtils.java
+++ b/user/src/com/google/gwt/safehtml/shared/UriUtils.java
@@ -18,6 +18,8 @@
import com.google.gwt.core.shared.GWT;
import com.google.gwt.http.client.URL;
import com.google.gwt.regexp.shared.RegExp;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
+import com.google.gwt.safehtml.shared.annotations.SuppressIsSafeUriCastCheck;
import java.io.UnsupportedEncodingException;
import java.util.Locale;
@@ -170,6 +172,7 @@
* @param s the input String
* @return a SafeUri instance
*/
+ @SuppressIsSafeUriCastCheck
public static SafeUri fromSafeConstant(String s) {
SafeUriHostedModeUtils.maybeCheckValidUri(s);
return new SafeUriString(s);
@@ -196,6 +199,7 @@
* @param s the input String
* @return a SafeUri instance
*/
+ @SuppressIsSafeUriCastCheck
public static SafeUri fromTrustedString(String s) {
SafeUriHostedModeUtils.maybeCheckValidUri(s);
return new SafeUriString(s);
@@ -247,6 +251,8 @@
* @param uri the URI to sanitize
* @return a sanitized String
*/
+ @IsSafeUri
+ @SuppressIsSafeUriCastCheck
public static String sanitizeUri(String uri) {
if (isSafeUri(uri)) {
return encodeAllowEscapes(uri);
@@ -271,6 +277,7 @@
* strings.
*/
@Deprecated
+ @SuppressIsSafeUriCastCheck
public static SafeUri unsafeCastFromUntrustedString(String s) {
return new SafeUriString(s);
}
diff --git a/user/src/com/google/gwt/safehtml/shared/annotations/IsSafeUri.java b/user/src/com/google/gwt/safehtml/shared/annotations/IsSafeUri.java
new file mode 100644
index 0000000..746a80b
--- /dev/null
+++ b/user/src/com/google/gwt/safehtml/shared/annotations/IsSafeUri.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2015 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package com.google.gwt.safehtml.shared.annotations;
+
+/**
+ * A type annotation that represents values that are safe to use in a URI context.
+ * <p>
+ * The annotated type {@code @IsSafeUri String} and the type {@code SafeUri} are semantically
+ * equivalent.
+ */
+public @interface IsSafeUri {
+
+}
diff --git a/user/src/com/google/gwt/safehtml/shared/annotations/IsTrustedResourceUri.java b/user/src/com/google/gwt/safehtml/shared/annotations/IsTrustedResourceUri.java
new file mode 100644
index 0000000..da922e1
--- /dev/null
+++ b/user/src/com/google/gwt/safehtml/shared/annotations/IsTrustedResourceUri.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2015 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package com.google.gwt.safehtml.shared.annotations;
+
+/**
+ * A type annotation that represents URIs referencing the application’s own, trusted resources.
+ * Such URIs can be used to safely load scripts, CSS and other sensitive resources without the
+ * risk of untrusted code execution.
+ */
+public @interface IsTrustedResourceUri {
+
+}
diff --git a/user/src/com/google/gwt/safehtml/shared/annotations/SuppressIsSafeUriCastCheck.java b/user/src/com/google/gwt/safehtml/shared/annotations/SuppressIsSafeUriCastCheck.java
new file mode 100644
index 0000000..dbd2909
--- /dev/null
+++ b/user/src/com/google/gwt/safehtml/shared/annotations/SuppressIsSafeUriCastCheck.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2015 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package com.google.gwt.safehtml.shared.annotations;
+
+/**
+ * Annotates methods that rely on potentially-unsafe type-annotation casts.
+ * <p>
+ * This annotation marks methods in which an expression without a
+ * {@link com.google.gwt.safehtml.shared.annotations.IsSafeUri} annotation is used in a context
+ * where such an annotation is required (e.g., the return statement of a method that
+ * returns {@code @IsSafeUri String}).
+ * <p>
+ * As such, use of this annotation marks code that is potentially prone to XSS
+ * vulnerabilities, and which hence needs to be carefully security reviewed.
+ */
+public @interface SuppressIsSafeUriCastCheck {
+
+}
diff --git a/user/src/com/google/gwt/safehtml/shared/annotations/SuppressIsTrustedResourceUriCastCheck.java b/user/src/com/google/gwt/safehtml/shared/annotations/SuppressIsTrustedResourceUriCastCheck.java
new file mode 100644
index 0000000..bf7c41b
--- /dev/null
+++ b/user/src/com/google/gwt/safehtml/shared/annotations/SuppressIsTrustedResourceUriCastCheck.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2015 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package com.google.gwt.safehtml.shared.annotations;
+
+/**
+ * Annotates methods that rely on potentially-unsafe type-annotation casts.
+ * <p>
+ * This annotation marks methods in which an expression without a
+ * {@link com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri} annotation is used in a
+ * context where such an annotation is required (e.g., the return statement of a method that
+ * returns {@code @IsTrustedResourceUri String}).
+ * <p>
+ * As such, use of this annotation marks code that is potentially prone to XSS
+ * vulnerabilities, and which hence needs to be carefully security reviewed.
+ */
+public @interface SuppressIsTrustedResourceUriCastCheck {
+
+}
diff --git a/user/src/com/google/gwt/user/client/ui/Anchor.java b/user/src/com/google/gwt/user/client/ui/Anchor.java
index a5f73ae..3b38f69 100644
--- a/user/src/com/google/gwt/user/client/ui/Anchor.java
+++ b/user/src/com/google/gwt/user/client/ui/Anchor.java
@@ -26,6 +26,7 @@
import com.google.gwt.safehtml.shared.SafeHtml;
import com.google.gwt.safehtml.shared.SafeUri;
import com.google.gwt.safehtml.shared.annotations.IsSafeHtml;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
import com.google.gwt.safehtml.shared.annotations.SuppressIsSafeHtmlCastCheck;
/**
@@ -222,7 +223,7 @@
* @param html the anchor's html
* @param href the url to which it will link
*/
- public Anchor(SafeHtml html, String href) {
+ public Anchor(SafeHtml html, @IsSafeUri String href) {
this(html.asString(), true, href);
}
@@ -243,7 +244,7 @@
* @param dir the html's direction
* @param href the url to which it will link
*/
- public Anchor(SafeHtml html, Direction dir, String href) {
+ public Anchor(SafeHtml html, Direction dir, @IsSafeUri String href) {
this(html.asString(), true, dir, href);
}
@@ -267,8 +268,7 @@
* {@link #DEFAULT_DIRECTION_ESTIMATOR} can be used.
* @param href the url to which it will link
*/
- public Anchor(SafeHtml html, DirectionEstimator directionEstimator,
- String href) {
+ public Anchor(SafeHtml html, DirectionEstimator directionEstimator, @IsSafeUri String href) {
this(html.asString(), true, directionEstimator, href);
}
@@ -293,7 +293,7 @@
* @param href the url to which it will link
*/
@SuppressIsSafeHtmlCastCheck
- public Anchor(String text, String href) {
+ public Anchor(String text, @IsSafeUri String href) {
this(text, false, href);
}
@@ -305,7 +305,7 @@
* @param href the url to which it will link
*/
@SuppressIsSafeHtmlCastCheck
- public Anchor(String text, Direction dir, String href) {
+ public Anchor(String text, Direction dir, @IsSafeUri String href) {
this(text, false, dir, href);
}
@@ -319,7 +319,7 @@
* @param href the url to which it will link
*/
@SuppressIsSafeHtmlCastCheck
- public Anchor(String text, DirectionEstimator directionEstimator, String href) {
+ public Anchor(String text, DirectionEstimator directionEstimator, @IsSafeUri String href) {
this(text, false, directionEstimator, href);
}
@@ -330,7 +330,7 @@
* @param asHTML <code>true</code> to treat the specified text as html
* @param href the url to which it will link
*/
- public Anchor(@IsSafeHtml String text, boolean asHTML, String href) {
+ public Anchor(@IsSafeHtml String text, boolean asHTML, @IsSafeUri String href) {
this();
directionalTextHelper.setTextOrHtml(text, asHTML);
setHref(href);
@@ -346,7 +346,7 @@
* @param target the target frame (e.g. "_blank" to open the link in a new
* window)
*/
- public Anchor(SafeHtml html, String href, String target) {
+ public Anchor(SafeHtml html, @IsSafeUri String href, String target) {
this(html.asString(), true, href, target);
}
@@ -373,7 +373,7 @@
* window)
*/
@SuppressIsSafeHtmlCastCheck
- public Anchor(String text, String href, String target) {
+ public Anchor(String text, @IsSafeUri String href, String target) {
this(text, false, href, target);
}
@@ -388,7 +388,7 @@
* @param target the target frame (e.g. "_blank" to open the link in a new
* window)
*/
- public Anchor(@IsSafeHtml String text, boolean asHtml, String href, String target) {
+ public Anchor(@IsSafeHtml String text, boolean asHtml, @IsSafeUri String href, String target) {
this(text, asHtml, href);
setTarget(target);
}
@@ -414,7 +414,7 @@
* @param dir the text's direction
* @param href the url to which it will link
*/
- private Anchor(@IsSafeHtml String text, boolean asHTML, Direction dir, String href) {
+ private Anchor(@IsSafeHtml String text, boolean asHTML, Direction dir, @IsSafeUri String href) {
this();
directionalTextHelper.setTextOrHtml(text, dir, asHTML);
setHref(href);
@@ -431,7 +431,10 @@
* @param href the url to which it will link
*/
private Anchor(
- @IsSafeHtml String text, boolean asHTML, DirectionEstimator directionEstimator, String href) {
+ @IsSafeHtml String text,
+ boolean asHTML,
+ DirectionEstimator directionEstimator,
+ @IsSafeUri String href) {
this();
directionalTextHelper.setDirectionEstimator(directionEstimator);
directionalTextHelper.setTextOrHtml(text, asHTML);
@@ -570,7 +573,7 @@
*
* @param href the anchor's href
*/
- public void setHref(String href) {
+ public void setHref(@IsSafeUri String href) {
getAnchorElement().setHref(href);
}
diff --git a/user/src/com/google/gwt/user/client/ui/DisclosurePanel.java b/user/src/com/google/gwt/user/client/ui/DisclosurePanel.java
index ebdc61c..e1dc0ca 100644
--- a/user/src/com/google/gwt/user/client/ui/DisclosurePanel.java
+++ b/user/src/com/google/gwt/user/client/ui/DisclosurePanel.java
@@ -28,6 +28,7 @@
import com.google.gwt.resources.client.ClientBundle;
import com.google.gwt.resources.client.ImageResource;
import com.google.gwt.resources.client.ImageResource.ImageOptions;
+import com.google.gwt.safehtml.shared.annotations.SuppressIsSafeUriCastCheck;
import com.google.gwt.user.client.DOM;
import com.google.gwt.user.client.Event;
@@ -98,7 +99,7 @@
* access.
*/
private final class ClickableHeader extends SimplePanel {
-
+ @SuppressIsSafeUriCastCheck //TODO(bangert): refactor away setproperty.
private ClickableHeader() {
// Anchor is used to allow keyboard access.
super(DOM.createAnchor());
diff --git a/user/src/com/google/gwt/user/client/ui/FormPanel.java b/user/src/com/google/gwt/user/client/ui/FormPanel.java
index 82767bd..0a1c0c0 100644
--- a/user/src/com/google/gwt/user/client/ui/FormPanel.java
+++ b/user/src/com/google/gwt/user/client/ui/FormPanel.java
@@ -27,6 +27,7 @@
import com.google.gwt.safehtml.client.SafeHtmlTemplates;
import com.google.gwt.safehtml.shared.SafeHtml;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsSafeUri;
import com.google.gwt.user.client.Event;
import com.google.gwt.user.client.ui.impl.FormPanelImpl;
import com.google.gwt.user.client.ui.impl.FormPanelImplHost;
@@ -517,7 +518,7 @@
*
* @param url the form's action
*/
- public void setAction(String url) {
+ public void setAction(@IsSafeUri String url) {
getFormElement().setAction(url);
}
diff --git a/user/src/com/google/gwt/user/client/ui/Frame.java b/user/src/com/google/gwt/user/client/ui/Frame.java
index ae62497..1d0f7bc 100644
--- a/user/src/com/google/gwt/user/client/ui/Frame.java
+++ b/user/src/com/google/gwt/user/client/ui/Frame.java
@@ -24,6 +24,7 @@
import com.google.gwt.event.dom.client.LoadHandler;
import com.google.gwt.event.shared.HandlerRegistration;
import com.google.gwt.safehtml.shared.SafeUri;
+import com.google.gwt.safehtml.shared.annotations.IsTrustedResourceUri;
/**
* A widget that wraps an IFRAME element, which can contain an arbitrary web
@@ -78,10 +79,10 @@
/**
* Creates a frame that displays the resource at the specified URL.
- *
+ *
* @param url the URL of the resource to be displayed
*/
- public Frame(String url) {
+ public Frame(@IsTrustedResourceUri String url) {
this();
setUrl(url);
}
@@ -119,19 +120,19 @@
/**
* Sets the URL of the resource to be displayed within the frame.
- *
+ *
* @param url the frame's new URL
*/
- public void setUrl(String url) {
+ public void setUrl(@IsTrustedResourceUri String url) {
getFrameElement().setSrc(url);
}
/**
* Sets the URL of the resource to be displayed within the frame.
- *
+ *
* @param url the frame's new URL
*/
- public void setUrl(SafeUri url) {
+ public void setUrl(@IsTrustedResourceUri SafeUri url) {
getFrameElement().setSrc(url);
}
diff --git a/user/src/com/google/gwt/user/client/ui/Hyperlink.java b/user/src/com/google/gwt/user/client/ui/Hyperlink.java
index 2ec1102..4729662 100644
--- a/user/src/com/google/gwt/user/client/ui/Hyperlink.java
+++ b/user/src/com/google/gwt/user/client/ui/Hyperlink.java
@@ -27,6 +27,7 @@
import com.google.gwt.safehtml.shared.SafeHtml;
import com.google.gwt.safehtml.shared.annotations.IsSafeHtml;
import com.google.gwt.safehtml.shared.annotations.SuppressIsSafeHtmlCastCheck;
+import com.google.gwt.safehtml.shared.annotations.SuppressIsSafeUriCastCheck;
import com.google.gwt.user.client.DOM;
import com.google.gwt.user.client.Event;
import com.google.gwt.user.client.History;
@@ -345,6 +346,7 @@
* @param targetHistoryToken the new history token, which may not be null (use
* {@link Anchor} instead if you don't need history processing)
*/
+ @SuppressIsSafeUriCastCheck //TODO(bangert): Refactor setPropertyString
public void setTargetHistoryToken(String targetHistoryToken) {
assert targetHistoryToken != null
: "targetHistoryToken must not be null, consider using Anchor instead";