This is an automated email from the ASF dual-hosted git repository. harbs pushed a commit to branch feature/sanitize in repository https://gitbox.apache.org/repos/asf/royale-asjs.git
commit 1b12594c60420d3503f9e366f314c9d875e16ddb Author: Harbs <[email protected]> AuthorDate: Sun Dec 12 02:12:05 2021 +0200 Added sanitizeUrl and sanitizeHtml --- .../projects/Core/src/main/royale/CoreClasses.as | 2 + .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++ .../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++ .../src/test/royale/flexUnitTests/CoreTester.as | 1 + .../{CoreTester.as => SanitizeTest.as} | 59 ++++++++++++++-------- 5 files changed, 115 insertions(+), 21 deletions(-) diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as b/frameworks/projects/Core/src/main/royale/CoreClasses.as index 21593fd..dd088eb 100644 --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as @@ -342,6 +342,8 @@ internal class CoreClasses import org.apache.royale.utils.string.trimRight; trimRight; import org.apache.royale.utils.string.trimLeft; trimLeft; import org.apache.royale.utils.string.cacheBust; cacheBust; + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml; + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl; import org.apache.royale.utils.date.addDays; addDays; import org.apache.royale.utils.date.addHours; addHours; diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as new file mode 100644 index 0000000..360ef63 --- /dev/null +++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as @@ -0,0 +1,38 @@ +//////////////////////////////////////////////////////////////////////////////// +// +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// +package org.apache.royale.utils.string +{ + COMPILE::JS{ + import goog.html.sanitizer.HtmlSanitizer; + import goog.html.SafeHtml; + } + + public function sanitizeHtml(html:String):String + { + COMPILE::JS + { + return SafeHtml.unwrap(HtmlSanitizer.sanitize(html)); + } + //TODO sanitize in swf + COMPILE::SWF + { + return html; + } + } +} \ No newline at end of file diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as new file mode 100644 index 0000000..cd4151d --- /dev/null +++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as @@ -0,0 +1,36 @@ +//////////////////////////////////////////////////////////////////////////////// +// +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// +package org.apache.royale.utils.string +{ + COMPILE::JS{ + import goog.html.SafeUrl; + import goog.html.SafeUrl; + } + public function sanitizeUrl(url:String):String + { + COMPILE::JS{ + return SafeUrl.unwrap(SafeUrl.sanitize(url)); + } + + //TODO sanitize in swf + COMPILE::SWF{ + return url; + } + } +} \ No newline at end of file diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as index c8adc02..9441daf 100644 --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as @@ -42,5 +42,6 @@ package flexUnitTests public var keyConverterTest:KeyConverterTest; public var keyboardEventConverterTest:KeyboardEventConverterTest; public var stringUtilsTest:StringUtilsTest; + public var sanitizerTest:SanitizeTest; } } diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as similarity index 50% copy from frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as copy to frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as index c8adc02..7173f52 100644 --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as @@ -18,29 +18,46 @@ //////////////////////////////////////////////////////////////////////////////// package flexUnitTests { - import flexUnitTests.language.* + import org.apache.royale.utils.string.*; + import org.apache.royale.test.asserts.*; - [Suite] - [RunWith("org.apache.royale.test.runners.SuiteRunner")] - public class CoreTester - { + public class SanitizeTest + { + [Before] + public function setUp():void + { + } - //language tests - public var languageTestIs:LanguageTesterTestIs; - public var languageTestIntUint:LanguageTesterIntUint; - public var languageTestVector:LanguageTesterTestVector; - public var languageTestClass:LanguageTesterTestClass; - public var languageTestLoopVariants:LanguageTesterTestLoopVariants; - public var languageTestArraySort:LanguageTesterArraySort; - public var languageTesttryCatch:LanguageTesterTestTryCatch; + [After] + public function tearDown():void + { + } - //core tests - public var strandTesterTest:StrandTesterTest; - public var binaryDataTesterTest:BinaryDataTesterTest; - public var arrayUtilsTest:ArrayUtilsTest; - public var dateUtilsTest:DateUtilsTest; - public var keyConverterTest:KeyConverterTest; - public var keyboardEventConverterTest:KeyboardEventConverterTest; - public var stringUtilsTest:StringUtilsTest; + [BeforeClass] + public static function setUpBeforeClass():void + { + } + + [AfterClass] + public static function tearDownAfterClass():void + { + } + + [Test] + public function testHTML():void + { + var safeHtml:String = 'Hello <em>World</em>'; + assertEquals(safeHtml, sanitizeHtml(safeHtml)); + } + + [Test] + public function testUrl():void + { + var safeUrl:String = "https://foobaz.com"; + assertEquals(safeUrl, sanitizeUrl(safeUrl)); + } + + + } }
