http://gwt-code-reviews.appspot.com/1384801/diff/3003/user/test/com/google/gwt/safehtml/client/SafeHtmlTemplatesTest.java File user/test/com/google/gwt/safehtml/client/SafeHtmlTemplatesTest.java (right):
http://gwt-code-reviews.appspot.com/1384801/diff/3003/user/test/com/google/gwt/safehtml/client/SafeHtmlTemplatesTest.java#newcode80 user/test/com/google/gwt/safehtml/client/SafeHtmlTemplatesTest.java:80: public void testTemplateWithCssAttribute() { On 2011/03/14 22:01:18, jlabanca wrote:
On 2011/03/14 18:25:38, skybrian wrote: > On 2011/03/14 17:03:18, jlabanca wrote: > > The & character is valid because it can be used in a URL: > > background:url(http://url?image=123112&size=1024) > > I'm wondering if this is more correct: > > background:url(http://url?image=123112&size=1024); > > Similarly, can we use other HTML entities like " within a SafeCssProperties > string?
I'm out of my element here. Is our assertion that users should not
use single
or double quotes? And will %26 escaping URLs might be better, it
certainly
isn't invalid to use & (I think). I'm not quite sure what I should be
testing
here since we aren't actually providing a SafeCssProperties escaping
feature
yet.
This might be excessive, but one way would be use Element.getStyle().getProperty() to make sure that the property we get out of the DOM is what we expect. The point isn't to test our (nonexistent) code, but rather to test our assumptions about what browsers actually do with weird characters in style attributes. (But I don't know how to do it for a <style> tag. Maybe there's a way to get computed style?) http://gwt-code-reviews.appspot.com/1384801/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
