On Wednesday, March 21, 2012 4:15:10 PM UTC+1, dhoffer wrote:
>
> I have a few questions about this.
>
> If I change to:
>
> interface Template extends SafeHtmlTemplates {
> @Template("<img src=\"{0}\"/>")
> SafeHtml img(SafeUri safeUri);
> }
>
> 1. How does the template know to call asString() on the safeUri
> instance?
>
SafeHtmlTemplates knows about SafeUri (remember the warning it outputs when
you use String? ;-) )
> 2. With this change I now have the same problem but in the SafeUri
> implementation. How do I take a URL variable and sanitize it so it's
> safe?
UriUtils.fromString()
http://google-web-toolkit.googlecode.com/svn/javadoc/latest/com/google/gwt/safehtml/shared/UriUtils.html#fromString(java.lang.String)
> Or because these URL's come from the server can I just declare
> them safe by convention.
>
No. Only those URLs that are hard-coded in your client-side app can be
trusted.
> 3. How do I get rid of the compiler warning? Once I've manually made
> these safe is there a way to annotate the @Template usage so the
> compiler knows it's safe?
>
The only way to shut the generator up is to use SafeUri and SafeStyles when
it tells you to do so.
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-web-toolkit/-/8E8nxGqHyNAJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
