Permalink
Browse files

Automated g4 rollback

*** Reason for rollback ***

Broke Closure. 

*** Original change description ***

goog.soy to check that templates are either returning string or
SanitizedHtml and not other types.

Add an @define for projects to force Strict mode.

Move soydata.SanitizedContentKind definitions into Closure's Soy
directory goog.soy can depend on it.  Have soydata.SanitizedContentKind
just alias the goog.soy.data.SanitizedContentKind.  This is how other
Soy primitives work in Closure.


Revision created by MOE tool push_codebase.
MOE_MIGRATION=5735


git-svn-id: http://closure-library.googlecode.com/svn/trunk@2262 0b95b8e8-c90f-11de-9d4f-f947ee5921c8
  • Loading branch information...
1 parent 84750f4 commit de015166e82fe3f25d065e392af4f8cf3aed603a gboyer@google.com committed Oct 31, 2012
Showing with 8 additions and 249 deletions.
  1. +2 −3 closure/goog/deps.js
  2. +0 −82 closure/goog/soy/data.js
  3. +6 −53 closure/goog/soy/soy.js
  4. +0 −63 closure/goog/soy/soy_test.html
  5. +0 −48 closure/goog/soy/soy_test.js
View

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
View
@@ -1,82 +0,0 @@
-// Copyright 2012 The Closure Library Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS-IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-/**
- * @fileoverview Soy data primitives.
- *
- * The goal is to encompass data types used by Soy, especially to mark content
- * as known to be "safe".
- *
- * @author gboyer@google.com (Garrett Boyer)
- */
-
-goog.provide('goog.soy.data');
-goog.provide('goog.soy.data.SanitizedContentKind');
-
-
-/**
- * A type of textual content.
- *
- * This is an enum of type Object so that these values are unforgeable.
- *
- * @enum {!Object}
- */
-goog.soy.data.SanitizedContentKind = {
-
- /**
- * A snippet of HTML that does not start or end inside a tag, comment, entity,
- * or DOCTYPE; and that does not contain any executable code
- * (JS, {@code <object>}s, etc.) from a different trust domain.
- */
- HTML: goog.DEBUG ? {sanitizedContentKindHtml: true} : {},
-
- /**
- * A sequence of code units that can appear between quotes (either kind) in a
- * JS program without causing a parse error, and without causing any side
- * effects.
- * <p>
- * The content should not contain unescaped quotes, newlines, or anything else
- * that would cause parsing to fail or to cause a JS parser to finish the
- * string its parsing inside the content.
- * <p>
- * The content must also not end inside an escape sequence ; no partial octal
- * escape sequences or odd number of '{@code \}'s at the end.
- */
- JS_STR_CHARS: goog.DEBUG ? {sanitizedContentJsStrChars: true} : {},
-
- /** A properly encoded portion of a URI. */
- URI: goog.DEBUG ? {sanitizedContentUri: true} : {},
-
- /** An attribute name and value such as {@code dir="ltr"}. */
- HTML_ATTRIBUTE: goog.DEBUG ? {sanitizedContentHtmlAttribute: true} : {},
-
- // TODO: Consider separating rules, declarations, and values into
- // separate types, but for simplicity, we'll treat explicitly blessed
- // SanitizedContent as allowed in all of these contexts.
- /**
- * A CSS3 declaration, property, value or group of semicolon separated
- * declarations.
- */
- CSS: goog.DEBUG ? {sanitizedContentCss: true} : {},
-
- /**
- * Unsanitized plain-text content.
- *
- * This is effectively the "null" entry of this enum, and is sometimes used
- * to explicitly mark content that should never be used unescaped. Since any
- * string is safe to use as text, being of ContentKind.TEXT makes no
- * guarantees about its safety in any other context such as HTML.
- */
- TEXT: goog.DEBUG ? {sanitizedContentKindText: true} : {}
-};
View
@@ -18,26 +18,11 @@
goog.provide('goog.soy');
-goog.require('goog.asserts');
goog.require('goog.dom');
goog.require('goog.dom.NodeType');
goog.require('goog.dom.TagName');
-goog.require('goog.soy.data');
-/**
- * Whether to require all Soy templates to be "strict html". Soy templates that
- * use strict autoescaping forbid noAutoescape along with many dangerous
- * directives, and return a runtime type SanitizedContent that marks them as
- * safe.
- *
- * If this flag is enabled, Soy templates will fail to render if a template
- * returns plain text -- indicating it is a non-strict template.
- *
- * @define {boolean}
- */
-goog.soy.REQUIRE_STRICT_AUTOESCAPE = false;
-
/**
* Renders a Soy template and then set the output string as
@@ -52,9 +37,9 @@ goog.soy.REQUIRE_STRICT_AUTOESCAPE = false;
*/
goog.soy.renderElement = function(element, template, opt_templateData,
opt_injectedData) {
- element.innerHTML = goog.soy.verifyTemplateOutputSafe_(template(
+ element.innerHTML = template(
opt_templateData || goog.soy.defaultTemplateData_, undefined,
- opt_injectedData));
+ opt_injectedData);
};
@@ -75,9 +60,9 @@ goog.soy.renderElement = function(element, template, opt_templateData,
goog.soy.renderAsFragment = function(template, opt_templateData,
opt_injectedData, opt_domHelper) {
var dom = opt_domHelper || goog.dom.getDomHelper();
- return dom.htmlToDocumentFragment(goog.soy.verifyTemplateOutputSafe_(
+ return dom.htmlToDocumentFragment(
template(opt_templateData || goog.soy.defaultTemplateData_,
- undefined, opt_injectedData)));
+ undefined, opt_injectedData));
};
@@ -98,9 +83,9 @@ goog.soy.renderAsElement = function(template, opt_templateData,
opt_injectedData, opt_domHelper) {
var dom = opt_domHelper || goog.dom.getDomHelper();
var wrapper = dom.createElement(goog.dom.TagName.DIV);
- wrapper.innerHTML = goog.soy.verifyTemplateOutputSafe_(template(
+ wrapper.innerHTML = template(
opt_templateData || goog.soy.defaultTemplateData_,
- undefined, opt_injectedData));
+ undefined, opt_injectedData);
// If the template renders as a single element, return it.
if (wrapper.childNodes.length == 1) {
@@ -116,38 +101,6 @@ goog.soy.renderAsElement = function(template, opt_templateData,
/**
- * Verifies that a template result is "safe" to insert as HTML.
- *
- * Note if the template is non-strict autoescape, the guarantees here are very
- * weak. It is recommended applications switch to requiring strict
- * autoescaping over time.
- *
- * @param {*} templateResult The template result.
- * @return {string}
- */
-goog.soy.verifyTemplateOutputSafe_ = function(templateResult) {
- // Allow strings as long as strict autoescaping is not mandated. Note we
- // allow everything that isn't an object, because some non-escaping templates
- // end up returning non-strings if their only print statement is a
- // non-escaped argument, plus some unit tests spoof templates.
- // TODO(gboyer): Track down and fix these cases.
- if (!goog.soy.REQUIRE_STRICT_AUTOESCAPE && !goog.isObject(templateResult)) {
- return String(templateResult);
- }
- // Allow SanitizedContent of kind HTML.
- var ContentKind = goog.soy.data.SanitizedContentKind;
- if (templateResult && (templateResult.contentKind === ContentKind.HTML ||
- templateResult.contentKind === ContentKind.HTML_ATTRIBUTE)) {
- return goog.asserts.assertString(templateResult.content);
- }
- goog.asserts.fail('Soy template output is unsafe for use in HTML: ' +
- templateResult);
- // In production, return a safe string, rather than failing hard.
- return 'zSoyz';
-};
-
-
-/**
* Immutable object that is passed into templates that are rendered
* without any data.
* @type {Object}
@@ -16,7 +16,6 @@
goog.require('goog.dom');
goog.require('goog.dom.TagName');
goog.require('goog.soy');
- goog.require('goog.soy.data');
goog.require('goog.soy.testHelper');
goog.require('goog.string');
goog.require('goog.testing.jsunit');
@@ -25,10 +24,6 @@
<body>
<script>
-function setUp() {
- goog.soy.REQUIRE_STRICT_AUTOESCAPE = false;
-}
-
function testRenderElement() {
var testDiv = goog.dom.createElement(goog.dom.TagName.DIV);
@@ -121,64 +116,6 @@
assertEquals('Hello', elementToInnerHtml(elem));
}
-/**
- * Asserts that the function throws an error for unsafe templates.
- * @param {Function} function Callback to test.
- */
-function assertUnsafeTemplateOutputErrorThrown(func) {
- assertContains('Soy template output is unsafe for use in HTML',
- assertThrows(func).message);
-}
-
-function testRejectUnsanitizedText() {
- assertUnsafeTemplateOutputErrorThrown(function() {
- goog.soy.renderElement(goog.dom.createElement(goog.dom.TagName.DIV),
- example.unsanitizedTextTemplate);
- });
- assertUnsafeTemplateOutputErrorThrown(function() {
- goog.soy.renderAsFragment(example.unsanitizedTextTemplate);
- });
- assertUnsafeTemplateOutputErrorThrown(function() {
- goog.soy.renderAsElement(example.unsanitizedTextTemplate);
- });
-}
-
-function testRejectSanitizedCss() {
- assertUnsafeTemplateOutputErrorThrown(function() {
- goog.soy.renderAsElement(example.sanitizedCssTemplate);
- });
-}
-
-function testRejectSanitizedCss() {
- assertUnsafeTemplateOutputErrorThrown(function() {
- goog.soy.renderAsElement(example.templateSpoofingSanitizedContentString);
- });
-}
-
-function testRejectStringTemplatesWhenModeIsSet() {
- goog.soy.REQUIRE_STRICT_AUTOESCAPE = true;
- assertUnsafeTemplateOutputErrorThrown(function() {
- goog.soy.renderAsElement(example.noDataTemplate);
- });
-}
-
-function testAcceptSanitizedHtml() {
- assertEquals('Hello World', goog.dom.getTextContent(
- goog.soy.renderAsElement(example.sanitizedHtmlTemplate)));
-}
-
-function testAcceptSanitizedHtmlAttribute() {
- assertEquals('Hello World', goog.dom.getTextContent(
- goog.soy.renderAsElement(example.sanitizedHtmlAttributeTemplate)));
-}
-
-function testAcceptNonObject() {
- // Some templates, or things that spoof templates in unit tests, might return
- // non-strings in unusual cases.
- assertEquals('null', goog.dom.getTextContent(
- goog.soy.renderAsElement(goog.functions.constant(null))));
-}
-
</script>
</body>
</html>
@@ -20,7 +20,6 @@ goog.provide('goog.soy.testHelper');
goog.setTestOnly('goog.soy.testHelper');
goog.require('goog.dom');
-goog.require('goog.soy.data');
goog.require('goog.string');
goog.require('goog.userAgent');
@@ -70,53 +69,6 @@ example.noDataTemplate = function(opt_data, opt_sb, opt_injectedData) {
};
-example.sanitizedHtmlTemplate = function(opt_data, opt_sb, opt_injectedData) {
- return {
- content: 'Hello World',
- contentKind: goog.soy.data.SanitizedContentKind.HTML
- };
-};
-
-
-example.sanitizedHtmlAttributeTemplate =
- function(opt_data, opt_sb, opt_injectedData) {
- return {
- content: 'Hello World',
- contentKind: goog.soy.data.SanitizedContentKind.HTML_ATTRIBUTE
- };
-};
-
-
-example.sanitizedCssTemplate =
- function(opt_data, opt_sb, opt_injectedData) {
- return {
- content: 'display:none',
- contentKind: goog.soy.data.SanitizedContentKind.CSS
- };
-};
-
-
-example.unsanitizedTextTemplate =
- function(opt_data, opt_sb, opt_injectedData) {
- return {
- content: 'Hello World',
- contentKind: goog.soy.data.SanitizedContentKind.TEXT
- };
-};
-
-
-example.templateSpoofingSanitizedContentString =
- function(opt_data, opt_sb, opt_injectedData) {
- return {
- content: 'Hello World',
- // This is to ensure we're using triple-equals against a unique Javascript
- // object. For example, in Javascript, consider ({}) == '[Object object]'
- // is true.
- contentKind: goog.soy.data.SanitizedContentKind.HTML.toString()
- };
-};
-
-
//
// Test helper functions.
//

0 comments on commit de01516

Please sign in to comment.