Permalink
Browse files

Automated g4 rollback

*** Reason for rollback ***

broke gmail :-(

*** Original change description ***

Make Soy's SanitizedContent constructors more auditable.

Currently it's possible for anyone to easily create Soy's
SanitizedContent objects.  When you make a SanitizedContent object from
a complex language like Javascript, it can be difficult to verify
locally that the content really has any reason to be trusted.  Thus
usages of this should pop out.

Our recommendation for most Soy users is to ban use of these
constructors in their application except from within specialized,
tightly reviewed di

... description truncated by g4 rollback ...


Revision created by MOE tool push_codebase.
MOE_MIGRATION=5802


git-svn-id: http://closure-library.googlecode.com/svn/trunk@2293 0b95b8e8-c90f-11de-9d4f-f947ee5921c8
  • Loading branch information...
1 parent 3175079 commit 16b74c6de99c6d742b3580fc60394886ff4863cf gboyer@google.com committed Nov 10, 2012
Showing with 10 additions and 28 deletions.
  1. +7 −9 closure/goog/soy/data.js
  2. +3 −19 closure/goog/soy/soy_test.js
View
@@ -102,10 +102,15 @@ goog.soy.data.SanitizedContentKind = {
* SanitizedContent that is attacker-controlled and gets evaluated unescaped in
* templates.
*
+ * @param {string} content The assumed-sanitized string. Be careful!
* @constructor
*/
-goog.soy.data.SanitizedContent = function() {
- throw Error('Do not instantiate directly');
+goog.soy.data.SanitizedContent = function(content) {
+ /**
+ * The textual content.
+ * @type {string}
+ */
+ this.content = content;
};
@@ -116,13 +121,6 @@ goog.soy.data.SanitizedContent = function() {
goog.soy.data.SanitizedContent.prototype.contentKind;
-/**
- * The already-safe content.
- * @type {string}
- */
-goog.soy.data.SanitizedContent.prototype.content;
-
-
/** @override */
goog.soy.data.SanitizedContent.prototype.toString = function() {
return this.content;
@@ -26,26 +26,10 @@ goog.require('goog.string');
goog.require('goog.userAgent');
-/**
- * Instantiable subclass of SanitizedContent.
- *
- * This is a spoof for sanitized content that isn't robust enough to get
- * through Soy's escaping functions but is good enough for the checks here.
- *
- * @param {string} content The text.
- * @param {goog.soy.data.SanitizedContentKind} kind The kind of safe content.
- * @extends {goog.soy.data.SanitizedContent}
- */
-function SanitizedContentSubclass(content, kind) {
- // IMPORTANT! No superclass chaining to avoid exception being thrown.
- this.content = content;
- this.contentKind = kind;
-};
-goog.inherits(SanitizedContentSubclass, goog.soy.data.SanitizedContent);
-
-
function makeSanitizedContent(content, kind) {
- return new SanitizedContentSubclass(content, kind);
+ var result = new goog.soy.data.SanitizedContent(content);
+ result.contentKind = kind;
+ return result;
}

0 comments on commit 16b74c6

Please sign in to comment.