[gwt-contrib] Re: Add SafeUri type, similar to SafeHtml but for values in a URL attribute context. (issue1447812)

Thu, 02 Jun 2011 11:09:04 -0700 

On 2011/06/02 17:59:40, xtof wrote:

On Thu, Jun 2, 2011 at 10:51, <mailto:[email protected]> wrote:



>
>
>


http://gwt-code-reviews.appspot.com/1447812/diff/1/user/src/com/google/gwt/safehtml/shared/UriUtils.java

> File user/src/com/google/gwt/safehtml/shared/UriUtils.java (right):
>
>
>


http://gwt-code-reviews.appspot.com/1447812/diff/1/user/src/com/google/gwt/safehtml/shared/UriUtils.java#newcode209

> user/src/com/google/gwt/safehtml/shared/UriUtils.java:209: *
> safe!</strong>
> unsafeCastFromUntrustedString() is better.  Can we also deprecate

the

> method?
>
Sounds good.  Should I also deprecate methods that call this method

(e.g.

Image(String))? That would seem to make sense...

Agreed.



>
> Use code should always be able to use one of the other methods.

Only

> library code (GWT and libraries based on GWT) have the legacy

support

> problem.
>
>
> On 2011/06/02 17:45:16, xtof wrote:
>
>> On 2011/06/02 13:47:05, jlabanca wrote:
>> > This method worries me.  When I saw the name, I assumed it was

the

>>
> equivalent
>
>> of
>> > fromString().  Anyone who looks at the method name without

reading

>>
> the JavaDoc
>
>> > might assume the same.
>> >
>> > I suggest we remove the method and let users manage unsafe URIs.
>>
> That forces
>
>> > the user to make the tough decisions, whether they sanitize the

URI,

>>
> or call
>
>> > fromTrustedString() even if the URI isn't trusted.
>>
>
>  This method is intended for use in places where a string we don't

know

>>
> anything
>
>> about needs to be turned into a SafeUri in a legacy-API situation.

For

>>
> instance
>
>> in this CL, the Image class has been refactored to use SafeUri
>>
> internally.
>
>> However, it retains the Image(String uri) constructor, which uses

this

>>
> method to
>
>> turn the string into a SafeUri to call the Image(SafeUri uri)
>>
> constructor with.
>
>  I'd prefer that we don't use the fromTrustedString method in those
>>
> situations:
>
>> Use of that method is essentially an assertion by the programmer

that

>>
> they can
>
>> ensure from context that the argument satisfies the SafeUri

contract.

>>
> In the
>
>> Image(String) case, this is not so.
>>
>
>  I agree that the name isn't scary enough though.
>>
>
>  Perhaps, "unsafeCastFromUntrustedString" or something like that?
>>
>
> http://gwt-code-reviews.appspot.com/1447812/
>




http://gwt-code-reviews.appspot.com/1447812/

--
http://groups.google.com/group/Google-Web-Toolkit-Contributors






















					Reply via email to