http://gwt-code-reviews.appspot.com/1380806/diff/25001/user/src/com/google/gwt/safehtml/shared/SafeUri.java File user/src/com/google/gwt/safehtml/shared/SafeUri.java (right):
http://gwt-code-reviews.appspot.com/1380806/diff/25001/user/src/com/google/gwt/safehtml/shared/SafeUri.java#newcode37 user/src/com/google/gwt/safehtml/shared/SafeUri.java:37: * the sense that doing so must not cause execution of script in the browser. This is a very abstract class invariant - it leaves it entirely up to the implementer to decide what's safe. Some examples of safe and unsafe URL's would make it clearer what to do. (Or refer to SafeUrl.fromTrustedString if you put them there.) http://gwt-code-reviews.appspot.com/1380806/diff/25001/user/src/com/google/gwt/safehtml/shared/UriUtils.java File user/src/com/google/gwt/safehtml/shared/UriUtils.java (right): http://gwt-code-reviews.appspot.com/1380806/diff/25001/user/src/com/google/gwt/safehtml/shared/UriUtils.java#newcode172 user/src/com/google/gwt/safehtml/shared/UriUtils.java:172: public static SafeUri fromTrustedString(String s) { Could you put some examples of safe and unsafe URLs in the javadoc? This should make it more obvious to reviewers of calls to this method what they should be looking for. http://gwt-code-reviews.appspot.com/1380806/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
