This is really great! It pretty much completely removes uibinder out of the security-relevant codebase.
http://gwt-code-reviews.appspot.com/1305801/diff/55001/user/src/com/google/gwt/uibinder/elementparsers/HtmlMessageInterpreter.java File user/src/com/google/gwt/uibinder/elementparsers/HtmlMessageInterpreter.java (right): http://gwt-code-reviews.appspot.com/1305801/diff/55001/user/src/com/google/gwt/uibinder/elementparsers/HtmlMessageInterpreter.java#newcode77 user/src/com/google/gwt/uibinder/elementparsers/HtmlMessageInterpreter.java:77: return uiWriter.tokenForSafeHtmlExpression(messages.declareMessage(message)); Methods in Messages interfaces can themselves be declared to return SafeHtml (http://code.google.com/webtoolkit/doc/latest/DevGuideI18nMessages.html#SafeHtmlMessages). I'm wondering if it would work to change MessageWriter#writeDeclaration to emit declarations of Messages methods that return SafeHtml rather than String. And if that's done, would that remove the need to use tokenForSafeHtmlExpression here (in which case that method could be deleted altogether)? http://gwt-code-reviews.appspot.com/1305801/diff/55001/user/src/com/google/gwt/uibinder/rebind/UiBinderWriter.java File user/src/com/google/gwt/uibinder/rebind/UiBinderWriter.java (right): http://gwt-code-reviews.appspot.com/1305801/diff/55001/user/src/com/google/gwt/uibinder/rebind/UiBinderWriter.java#newcode686 user/src/com/google/gwt/uibinder/rebind/UiBinderWriter.java:686: public String tokenForSafeHtmlExpression(String expression) { This is the one place where potential HTML unsafety could be introduced (if this method were called on an expression that is not in fact a safe constant). The only use in this CL appears to be in HtmlMessageInterpreter; see a question there if it's possible to avoid relying on this method. If so, this method could be removed. http://gwt-code-reviews.appspot.com/1305801/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
