I added code for sanitizing, but it’s not working because the goog.html files are not being copied. I don’t know what needs to be done to make that happen.
Harbs > On Dec 12, 2021, at 2:12 AM, ha...@apache.org wrote: > > This is an automated email from the ASF dual-hosted git repository. > > harbs pushed a commit to branch feature/sanitize > in repository https://gitbox.apache.org/repos/asf/royale-asjs.git > > commit 1b12594c60420d3503f9e366f314c9d875e16ddb > Author: Harbs <ha...@in-tools.com> > AuthorDate: Sun Dec 12 02:12:05 2021 +0200 > > Added sanitizeUrl and sanitizeHtml > --- > .../projects/Core/src/main/royale/CoreClasses.as | 2 + > .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++ > .../org/apache/royale/utils/string/sanitizeUrl.as | 36 +++++++++++++ > .../src/test/royale/flexUnitTests/CoreTester.as | 1 + > .../{CoreTester.as => SanitizeTest.as} | 59 ++++++++++++++-------- > 5 files changed, 115 insertions(+), 21 deletions(-) > > diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as > b/frameworks/projects/Core/src/main/royale/CoreClasses.as > index 21593fd..dd088eb 100644 > --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as > +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as > @@ -342,6 +342,8 @@ internal class CoreClasses > import org.apache.royale.utils.string.trimRight; trimRight; > import org.apache.royale.utils.string.trimLeft; trimLeft; > import org.apache.royale.utils.string.cacheBust; cacheBust; > + import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml; > + import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl; > > import org.apache.royale.utils.date.addDays; addDays; > import org.apache.royale.utils.date.addHours; addHours; > diff --git > a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as > > b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as > new file mode 100644 > index 0000000..360ef63 > --- /dev/null > +++ > b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as > @@ -0,0 +1,38 @@ > +//////////////////////////////////////////////////////////////////////////////// > +// > +// Licensed to the Apache Software Foundation (ASF) under one or more > +// contributor license agreements. See the NOTICE file distributed with > +// this work for additional information regarding copyright ownership. > +// The ASF licenses this file to You under the Apache License, Version 2.0 > +// (the "License"); you may not use this file except in compliance with > +// the License. You may obtain a copy of the License at > +// > +// http://www.apache.org/licenses/LICENSE-2.0 > +// > +// Unless required by applicable law or agreed to in writing, software > +// distributed under the License is distributed on an "AS IS" BASIS, > +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > +// See the License for the specific language governing permissions and > +// limitations under the License. > +// > +//////////////////////////////////////////////////////////////////////////////// > +package org.apache.royale.utils.string > +{ > + COMPILE::JS{ > + import goog.html.sanitizer.HtmlSanitizer; > + import goog.html.SafeHtml; > + } > + > + public function sanitizeHtml(html:String):String > + { > + COMPILE::JS > + { > + return SafeHtml.unwrap(HtmlSanitizer.sanitize(html)); > + } > + //TODO sanitize in swf > + COMPILE::SWF > + { > + return html; > + } > + } > +} > \ No newline at end of file > diff --git > a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as > > b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as > new file mode 100644 > index 0000000..cd4151d > --- /dev/null > +++ > b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as > @@ -0,0 +1,36 @@ > +//////////////////////////////////////////////////////////////////////////////// > +// > +// Licensed to the Apache Software Foundation (ASF) under one or more > +// contributor license agreements. See the NOTICE file distributed with > +// this work for additional information regarding copyright ownership. > +// The ASF licenses this file to You under the Apache License, Version 2.0 > +// (the "License"); you may not use this file except in compliance with > +// the License. You may obtain a copy of the License at > +// > +// http://www.apache.org/licenses/LICENSE-2.0 > +// > +// Unless required by applicable law or agreed to in writing, software > +// distributed under the License is distributed on an "AS IS" BASIS, > +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > +// See the License for the specific language governing permissions and > +// limitations under the License. > +// > +//////////////////////////////////////////////////////////////////////////////// > +package org.apache.royale.utils.string > +{ > + COMPILE::JS{ > + import goog.html.SafeUrl; > + import goog.html.SafeUrl; > + } > + public function sanitizeUrl(url:String):String > + { > + COMPILE::JS{ > + return SafeUrl.unwrap(SafeUrl.sanitize(url)); > + } > + > + //TODO sanitize in swf > + COMPILE::SWF{ > + return url; > + } > + } > +} > \ No newline at end of file > diff --git > a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as > b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as > index c8adc02..9441daf 100644 > --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as > +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as > @@ -42,5 +42,6 @@ package flexUnitTests > public var keyConverterTest:KeyConverterTest; > public var keyboardEventConverterTest:KeyboardEventConverterTest; > public var stringUtilsTest:StringUtilsTest; > + public var sanitizerTest:SanitizeTest; > } > } > diff --git > a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as > b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as > similarity index 50% > copy from frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as > copy to frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as > index c8adc02..7173f52 100644 > --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as > +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as > @@ -18,29 +18,46 @@ > //////////////////////////////////////////////////////////////////////////////// > package flexUnitTests > { > - import flexUnitTests.language.* > + import org.apache.royale.utils.string.*; > + import org.apache.royale.test.asserts.*; > > - [Suite] > - [RunWith("org.apache.royale.test.runners.SuiteRunner")] > - public class CoreTester > - { > + public class SanitizeTest > + { > + [Before] > + public function setUp():void > + { > + } > > - //language tests > - public var languageTestIs:LanguageTesterTestIs; > - public var languageTestIntUint:LanguageTesterIntUint; > - public var languageTestVector:LanguageTesterTestVector; > - public var languageTestClass:LanguageTesterTestClass; > - public var languageTestLoopVariants:LanguageTesterTestLoopVariants; > - public var languageTestArraySort:LanguageTesterArraySort; > - public var languageTesttryCatch:LanguageTesterTestTryCatch; > + [After] > + public function tearDown():void > + { > + } > > - //core tests > - public var strandTesterTest:StrandTesterTest; > - public var binaryDataTesterTest:BinaryDataTesterTest; > - public var arrayUtilsTest:ArrayUtilsTest; > - public var dateUtilsTest:DateUtilsTest; > - public var keyConverterTest:KeyConverterTest; > - public var keyboardEventConverterTest:KeyboardEventConverterTest; > - public var stringUtilsTest:StringUtilsTest; > + [BeforeClass] > + public static function setUpBeforeClass():void > + { > + } > + > + [AfterClass] > + public static function tearDownAfterClass():void > + { > + } > + > + [Test] > + public function testHTML():void > + { > + var safeHtml:String = 'Hello <em>World</em>'; > + assertEquals(safeHtml, sanitizeHtml(safeHtml)); > + } > + > + [Test] > + public function testUrl():void > + { > + var safeUrl:String = "https://foobaz.com" > + assertEquals(safeUrl, sanitizeUrl(safeUrl)); > + } > + > + > + > } > }