[gwt-contrib] Re: Adding convenience methods to SafeStylesUtils and SafeStylesBuilder for style properties support... (issue1454808)

[jlabanca]

http://gwt-code-reviews.appspot.com/1454808/diff/1/user/src/com/google/gwt/safecss/SafeCss.gwt.xml
File user/src/com/google/gwt/safecss/SafeCss.gwt.xml (right):

http://gwt-code-reviews.appspot.com/1454808/diff/1/user/src/com/google/gwt/safecss/SafeCss.gwt.xml#newcode21
user/src/com/google/gwt/safecss/SafeCss.gwt.xml:21: <inherits
name="com.google.gwt.user.UserAgent"/>
On 2011/06/09 20:33:05, tbroyer wrote:

Shouldn't you inherit c.g.g.dom.Dom?

It isn't needed because we're only doing string manipulation.  Thats
also good because it means it works in JVM world.

http://gwt-code-reviews.appspot.com/1454808/diff/1/user/src/com/google/gwt/safecss/SafeCss.gwt.xml#newcode24
user/src/com/google/gwt/safecss/SafeCss.gwt.xml:24: <when-type-is
class="com.google.gwt.safecss.shared.SafeStylesUtils.ImplTrident" />
On 2011/06/09 20:33:05, tbroyer wrote:

Did you mean SafeStylesUtils.Impl instead?
Also, if it doesn't apply to IE9, maybe it needs a better name than

"trident";

something like Ie6To8 maybe?

Done.

http://gwt-code-reviews.appspot.com/1454808/diff/1/user/src/com/google/gwt/safecss/shared/SafeStylesUtils.java
File user/src/com/google/gwt/safecss/shared/SafeStylesUtils.java
(right):

http://gwt-code-reviews.appspot.com/1454808/diff/1/user/src/com/google/gwt/safecss/shared/SafeStylesUtils.java#newcode53
user/src/com/google/gwt/safecss/shared/SafeStylesUtils.java:53: * The
server doesn't know necessarily know the user agent of the client, so
On 2011/06/09 20:33:05, tbroyer wrote:

duplicated "know"

Done.

http://gwt-code-reviews.appspot.com/1454808/diff/1/user/src/com/google/gwt/safecss/shared/SafeStylesUtils.java#newcode494
user/src/com/google/gwt/safecss/shared/SafeStylesUtils.java:494: return
fromTrustedString(name + ":" + SafeHtmlUtils.htmlEscape(value) + ";");
On 2011/06/09 20:33:05, tbroyer wrote:

If the SafeStyles is passed to a SafeHtmlTemplates, won't it be

double-escaped

then?

Removed the escape from this code since the method assumes its trusted.

There should also be an 'assert value.indexOf(';') < 0' (maybe a few

other

checks, maybe a SafeStylesHostedModeUtils, or at least a TODO for it)

done - added SafeStylesHostedModeUtils with reasonable checking based on
the CSS specs.

It turns out that its more difficult than just checking for a
semi-colon. Semi-colons are allowed within quotes and within a URL (and
they are used in data URLs).  They are also allowed if escaped, but the
checks do not allow if they are escaped.

http://gwt-code-reviews.appspot.com/1454808/

--
http://groups.google.com/group/Google-Web-Toolkit-Contributors