Re: [royale-asjs] 01/01: Added sanitizeUrl and sanitizeHtml

Sun, 12 Dec 2021 07:46:31 -0800 

I spent some more time on this, but I’m not sure how to get the compiler to 
realize that we need the goog files.

For Event we have this:

goog.addDependency('../../../org/apache/royale/events/Event.js', 
['org.apache.royale.events.Event'], ['goog.events.Event', 
'org.apache.royale.events.IRoyaleEvent']);

But Royale Event subclasses goog.events.Event.

How do I tell the compiler that org.apache.royale.utils.string.sanitizeUrl 
requires goog.html.SafeUrl ?

The same for org.apache.royale.utils.string.sanitizeHtml with 
goog.html.sanitizer.HtmlSanitizer and goog.html.SafeHtml.

Alex? Josh? Greg?

Thanks,
Harbs

> On Dec 12, 2021, at 2:13 AM, Harbs <harbs.li...@gmail.com> wrote:
> 
> I added code for sanitizing, but it’s not working because the goog.html files 
> are not being copied. I don’t know what needs to be done to make that happen.
> 
> Harbs
> 
>> On Dec 12, 2021, at 2:12 AM, ha...@apache.org wrote:
>> 
>> This is an automated email from the ASF dual-hosted git repository.
>> 
>> harbs pushed a commit to branch feature/sanitize
>> in repository https://gitbox.apache.org/repos/asf/royale-asjs.git
>> 
>> commit 1b12594c60420d3503f9e366f314c9d875e16ddb
>> Author: Harbs <ha...@in-tools.com>
>> AuthorDate: Sun Dec 12 02:12:05 2021 +0200
>> 
>>   Added sanitizeUrl and sanitizeHtml
>> ---
>> .../projects/Core/src/main/royale/CoreClasses.as   |  2 +
>> .../org/apache/royale/utils/string/sanitizeHtml.as | 38 ++++++++++++++
>> .../org/apache/royale/utils/string/sanitizeUrl.as  | 36 +++++++++++++
>> .../src/test/royale/flexUnitTests/CoreTester.as    |  1 +
>> .../{CoreTester.as => SanitizeTest.as}             | 59 
>> ++++++++++++++--------
>> 5 files changed, 115 insertions(+), 21 deletions(-)
>> 
>> diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as 
>> b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> index 21593fd..dd088eb 100644
>> --- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> +++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
>> @@ -342,6 +342,8 @@ internal class CoreClasses
>>      import org.apache.royale.utils.string.trimRight; trimRight;
>>      import org.apache.royale.utils.string.trimLeft; trimLeft;
>>      import org.apache.royale.utils.string.cacheBust; cacheBust;
>> +    import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
>> +    import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
>> 
>>      import org.apache.royale.utils.date.addDays; addDays;
>>      import org.apache.royale.utils.date.addHours; addHours;
>> diff --git 
>> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>>  
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>> new file mode 100644
>> index 0000000..360ef63
>> --- /dev/null
>> +++ 
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
>> @@ -0,0 +1,38 @@
>> +////////////////////////////////////////////////////////////////////////////////
>> +//
>> +//  Licensed to the Apache Software Foundation (ASF) under one or more
>> +//  contributor license agreements.  See the NOTICE file distributed with
>> +//  this work for additional information regarding copyright ownership.
>> +//  The ASF licenses this file to You under the Apache License, Version 2.0
>> +//  (the "License"); you may not use this file except in compliance with
>> +//  the License.  You may obtain a copy of the License at
>> +//
>> +//      http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +//  Unless required by applicable law or agreed to in writing, software
>> +//  distributed under the License is distributed on an "AS IS" BASIS,
>> +//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> +//  See the License for the specific language governing permissions and
>> +//  limitations under the License.
>> +//
>> +////////////////////////////////////////////////////////////////////////////////
>> +package org.apache.royale.utils.string
>> +{
>> +    COMPILE::JS{
>> +            import goog.html.sanitizer.HtmlSanitizer;
>> +            import goog.html.SafeHtml;
>> +    }
>> +
>> +    public function sanitizeHtml(html:String):String
>> +    {
>> +            COMPILE::JS
>> +            {
>> +                    return SafeHtml.unwrap(HtmlSanitizer.sanitize(html));
>> +            }
>> +            //TODO sanitize in swf
>> +            COMPILE::SWF
>> +            {
>> +                    return html;
>> +            }
>> +    }
>> +}
>> \ No newline at end of file
>> diff --git 
>> a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>>  
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>> new file mode 100644
>> index 0000000..cd4151d
>> --- /dev/null
>> +++ 
>> b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
>> @@ -0,0 +1,36 @@
>> +////////////////////////////////////////////////////////////////////////////////
>> +//
>> +//  Licensed to the Apache Software Foundation (ASF) under one or more
>> +//  contributor license agreements.  See the NOTICE file distributed with
>> +//  this work for additional information regarding copyright ownership.
>> +//  The ASF licenses this file to You under the Apache License, Version 2.0
>> +//  (the "License"); you may not use this file except in compliance with
>> +//  the License.  You may obtain a copy of the License at
>> +//
>> +//      http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +//  Unless required by applicable law or agreed to in writing, software
>> +//  distributed under the License is distributed on an "AS IS" BASIS,
>> +//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> +//  See the License for the specific language governing permissions and
>> +//  limitations under the License.
>> +//
>> +////////////////////////////////////////////////////////////////////////////////
>> +package org.apache.royale.utils.string
>> +{
>> +    COMPILE::JS{
>> +            import goog.html.SafeUrl;
>> +            import goog.html.SafeUrl;
>> +    }
>> +    public function sanitizeUrl(url:String):String
>> +    {
>> +            COMPILE::JS{
>> +                    return SafeUrl.unwrap(SafeUrl.sanitize(url));
>> +            }
>> +
>> +            //TODO sanitize in swf
>> +            COMPILE::SWF{
>> +                    return url;
>> +            }
>> +    }
>> +}
>> \ No newline at end of file
>> diff --git 
>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as 
>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> index c8adc02..9441daf 100644
>> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> @@ -42,5 +42,6 @@ package flexUnitTests
>>        public var keyConverterTest:KeyConverterTest;
>>        public var keyboardEventConverterTest:KeyboardEventConverterTest;
>>        public var stringUtilsTest:StringUtilsTest;
>> +        public var sanitizerTest:SanitizeTest;
>>    }
>> }
>> diff --git 
>> a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as 
>> b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>> similarity index 50%
>> copy from 
>> frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> copy to 
>> frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>> index c8adc02..7173f52 100644
>> --- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
>> +++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
>> @@ -18,29 +18,46 @@
>> ////////////////////////////////////////////////////////////////////////////////
>> package flexUnitTests
>> {
>> -    import flexUnitTests.language.*
>> +    import org.apache.royale.utils.string.*;
>> +    import org.apache.royale.test.asserts.*;
>> 
>> -    [Suite]
>> -    [RunWith("org.apache.royale.test.runners.SuiteRunner")]
>> -    public class CoreTester
>> -    {
>> +    public class SanitizeTest
>> +    {               
>> +        [Before]
>> +        public function setUp():void
>> +        {
>> +        }
>> 
>> -        //language tests
>> -        public var languageTestIs:LanguageTesterTestIs;
>> -        public var languageTestIntUint:LanguageTesterIntUint;
>> -        public var languageTestVector:LanguageTesterTestVector;
>> -        public var languageTestClass:LanguageTesterTestClass;
>> -        public var languageTestLoopVariants:LanguageTesterTestLoopVariants;
>> -        public var languageTestArraySort:LanguageTesterArraySort;
>> -        public var languageTesttryCatch:LanguageTesterTestTryCatch;
>> +        [After]
>> +        public function tearDown():void
>> +        {
>> +        }
>> 
>> -        //core tests
>> -        public var strandTesterTest:StrandTesterTest;
>> -            public var binaryDataTesterTest:BinaryDataTesterTest;
>> -            public var arrayUtilsTest:ArrayUtilsTest;
>> -            public var dateUtilsTest:DateUtilsTest;
>> -        public var keyConverterTest:KeyConverterTest;
>> -        public var keyboardEventConverterTest:KeyboardEventConverterTest;
>> -        public var stringUtilsTest:StringUtilsTest;
>> +        [BeforeClass]
>> +        public static function setUpBeforeClass():void
>> +        {
>> +        }
>> +        
>> +        [AfterClass]
>> +        public static function tearDownAfterClass():void
>> +        {
>> +        }
>> +        
>> +        [Test]
>> +        public function testHTML():void
>> +        {
>> +            var safeHtml:String = 'Hello <em>World</em>';
>> +            assertEquals(safeHtml, sanitizeHtml(safeHtml));
>> +        }
>> +
>> +        [Test]
>> +        public function testUrl():void
>> +        {
>> +            var safeUrl:String = "https://foobaz.com";
>> +            assertEquals(safeUrl, sanitizeUrl(safeUrl));
>> +        }
>> +
>> +
>> +
>>    }
>> }
>

Reply via email to