Reviewers: xtof,
Description:
Reducing the unsafe URI log warning to an info. If you use a String in a
URI context, we sanitize the string, so it is not a security risk and
should not generate a warning. However, we still log an info message so
users know they can use SafeUri instead if they do not want the URI
sanitized.
Please review this at http://gwt-code-reviews.appspot.com/1616804/
Affected files:
M
user/src/com/google/gwt/safehtml/rebind/SafeHtmlTemplatesImplMethodCreator.java
Index:
user/src/com/google/gwt/safehtml/rebind/SafeHtmlTemplatesImplMethodCreator.java
===================================================================
---
user/src/com/google/gwt/safehtml/rebind/SafeHtmlTemplatesImplMethodCreator.java
(revision 10802)
+++
user/src/com/google/gwt/safehtml/rebind/SafeHtmlTemplatesImplMethodCreator.java
(working copy)
@@ -363,10 +363,11 @@
*/
if (!isSafeUri(parameterType)) {
// Warn against using unsafe parameters in a URL attribute
context.
- logger.log(TreeLogger.WARN,
- "Template with variable in URL attribute context: The
template code generator cannot"
- + " guarantee HTML-safety of the template -- please
inspect manually or use "
- + SAFE_URI_CN + " to specify arguments in a URL
attribute context");
+ logger.log(TreeLogger.INFO,
+ "Template with variable in URL attribute context: The
template code generator will"
+ + " sanitize the URL. Use " + SAFE_URI_CN
+ + " to specify arguments in a URL attribute context that
should not be"
+ + " sanitized.");
}
emitAttributeContextParameterExpression(logger, htmlContext,
formalParameterName,
parameterType);
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
