Merge branch 'develop' into feature/sanitize
diff --git a/frameworks/downloads.xml b/frameworks/downloads.xml
index 7dbd9e5..780f297 100644
--- a/frameworks/downloads.xml
+++ b/frameworks/downloads.xml
@@ -299,7 +299,7 @@
<exclude name="closure/goog/asserts/asserts.js"/>
<exclude name="closure/goog/base.js"/>
<exclude name="closure/goog/deps.js"/>
- <exclude name="closure/goog/debug/debug.js"/>
+ <exclude name="closure/goog/debug/**"/>
<exclude name="closure/goog/debug/entrypointregistry.js"/>
<exclude name="closure/goog/debug/error.js"/>
<exclude name="closure/goog/debug/errorcontext.js"/>
@@ -326,6 +326,46 @@
<exclude name="closure/goog/useragent/useragent.js"/>
<!-- needed for node.js support -->
<exclude name="closure/goog/bootstrap/nodejs.js"/>
+ <!-- need dependencies for sanitizing html -->
+ <exclude name="closure/goog/html/**"/>
+ <exclude name="closure/goog/dom/**"/>
+ <exclude name="closure/goog/functions/**"/>
+ <exclude name="closure/goog/math/**"/>
+ <exclude name="closure/goog/useragent/**"/>
+ <exclude name="closure/goog/log/**"/>
+ <exclude name="closure/goog/i18n/bidi.js"/>
+ <exclude name="closure/goog/string/typedstring.js"/>
+ <exclude name="closure/goog/string/const.js"/>
+ <exclude name="closure/goog/string/internal.js"/>
+ <!-- <exclude name="closure/goog/html/legacyconversions.js"/>
+ <exclude name="closure/goog/html/safehtml.js"/>
+ <exclude name="closure/goog/html/safehtmlformatter.js"/>
+ <exclude name="closure/goog/html/safescript.js"/>
+ <exclude name="closure/goog/html/safestyle.js"/>
+ <exclude name="closure/goog/html/safestylesheet.js"/>
+ <exclude name="closure/goog/html/safeurl.js"/>
+ <exclude name="closure/goog/html/textextractor.js"/>
+ <exclude name="closure/goog/html/trustedresourceurl.js"/>
+ <exclude name="closure/goog/html/trustedtypes.js"/>
+ <exclude name="closure/goog/html/uncheckedconversions.js"/>
+ <exclude name="closure/goog/html/utils.js"/>
+ <exclude name="closure/goog/html/sanitizer/attributeallowlists.js"/>
+ <exclude name="closure/goog/html/sanitizer/csspropertysanitizer.js"/>
+ <exclude name="closure/goog/html/sanitizer/csssanitizer.js"/>
+ <exclude name="closure/goog/html/sanitizer/elementweakmap.js"/>
+ <exclude name="closure/goog/html/sanitizer/htmlsanitizer.js"/>
+ <exclude name="closure/goog/html/sanitizer/noclobber.js"/>
+ <exclude name="closure/goog/html/sanitizer/noclobber.js"/>
+ <exclude name="closure/goog/html/sanitizer/noclobber.js"/> -->
+ <exclude name="closure/goog/fs/url.js"/>
+ <!-- goog.provide('goog.html.SafeUrl');
+
+goog.require('goog.html.TrustedResourceUrl');
+goog.require('goog.i18n.bidi.Dir');
+goog.require('goog.i18n.bidi.DirectionalString');
+goog.require('goog.string.Const');
+goog.require('goog.string.TypedString');
+goog.require('goog.string.internal'); -->
</fileset>
</delete>
</target>
diff --git a/frameworks/projects/Core/src/main/royale/CoreClasses.as b/frameworks/projects/Core/src/main/royale/CoreClasses.as
index 84ffda3..7a1dd31 100644
--- a/frameworks/projects/Core/src/main/royale/CoreClasses.as
+++ b/frameworks/projects/Core/src/main/royale/CoreClasses.as
@@ -345,6 +345,8 @@
import org.apache.royale.utils.string.trimRight; trimRight;
import org.apache.royale.utils.string.trimLeft; trimLeft;
import org.apache.royale.utils.string.cacheBust; cacheBust;
+ import org.apache.royale.utils.string.sanitizeHtml; sanitizeHtml;
+ import org.apache.royale.utils.string.sanitizeUrl; sanitizeUrl;
import org.apache.royale.utils.date.addDays; addDays;
import org.apache.royale.utils.date.addHours; addHours;
diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/InternalHtmlSanitizer.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/InternalHtmlSanitizer.as
new file mode 100644
index 0000000..7ae05fe
--- /dev/null
+++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/InternalHtmlSanitizer.as
@@ -0,0 +1,37 @@
+////////////////////////////////////////////////////////////////////////////////
+//
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package org.apache.royale.utils.string
+{
+ COMPILE::JS{
+ import goog.html.sanitizer.HtmlSanitizer;
+ import goog.html.SafeHtml;
+ }
+ COMPILE::JS
+ internal class InternalHtmlSanitizer extends HtmlSanitizer
+ {
+ public function InternalHtmlSanitizer()
+ {
+ super();
+ }
+ public static function sanitize(html:String):SafeHtml
+ {
+ return HtmlSanitizer.sanitize(html);
+ }
+ }
+}
\ No newline at end of file
diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/InternalSafeHtml.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/InternalSafeHtml.as
new file mode 100644
index 0000000..3864ab9
--- /dev/null
+++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/InternalSafeHtml.as
@@ -0,0 +1,36 @@
+////////////////////////////////////////////////////////////////////////////////
+//
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package org.apache.royale.utils.string
+{
+ COMPILE::JS{
+ import goog.html.SafeHtml;
+ }
+ COMPILE::JS
+ internal class InternalSafeHtml extends goog.html.SafeHtml
+ {
+ public function InternalSafeHtml()
+ {
+
+ }
+ public static function unwrap(safeHtml:SafeHtml):String
+ {
+ return SafeHtml.unwrap(safeHtml);
+ }
+ }
+}
\ No newline at end of file
diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/InternalSafeUrl.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/InternalSafeUrl.as
new file mode 100644
index 0000000..1b5c16b
--- /dev/null
+++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/InternalSafeUrl.as
@@ -0,0 +1,40 @@
+////////////////////////////////////////////////////////////////////////////////
+//
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package org.apache.royale.utils.string
+{
+ COMPILE::JS{
+ import goog.html.SafeUrl;
+ }
+ COMPILE::JS
+ internal class InternalSafeUrl extends goog.html.SafeUrl
+ {
+ public function InternalSafeUrl(value:String, token:Object)
+ {
+ super(value, token);
+ }
+ public static function unwrap(safeURL:SafeUrl):String
+ {
+ return SafeUrl.unwrap(safeURL);
+ }
+ public static function sanitize(url:String):SafeUrl
+ {
+ return SafeUrl.sanitize(url);
+ }
+ }
+}
\ No newline at end of file
diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
new file mode 100644
index 0000000..9756c48
--- /dev/null
+++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeHtml.as
@@ -0,0 +1,34 @@
+////////////////////////////////////////////////////////////////////////////////
+//
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package org.apache.royale.utils.string
+{
+
+ public function sanitizeHtml(html:String):String
+ {
+ COMPILE::JS
+ {
+ return InternalSafeHtml.unwrap(InternalHtmlSanitizer.sanitize(html));
+ }
+ //TODO sanitize in swf
+ COMPILE::SWF
+ {
+ return html;
+ }
+ }
+}
\ No newline at end of file
diff --git a/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
new file mode 100644
index 0000000..6c91548
--- /dev/null
+++ b/frameworks/projects/Core/src/main/royale/org/apache/royale/utils/string/sanitizeUrl.as
@@ -0,0 +1,32 @@
+////////////////////////////////////////////////////////////////////////////////
+//
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package org.apache.royale.utils.string
+{
+ public function sanitizeUrl(url:String):String
+ {
+ COMPILE::JS{
+ return InternalSafeUrl.unwrap(InternalSafeUrl.sanitize(url));
+ }
+
+ //TODO sanitize in swf
+ COMPILE::SWF{
+ return url;
+ }
+ }
+}
\ No newline at end of file
diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
index 9d2a16d..f7f3ca1 100644
--- a/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
+++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/CoreTester.as
@@ -42,6 +42,7 @@
public var keyConverterTest:KeyConverterTest;
public var keyboardEventConverterTest:KeyboardEventConverterTest;
public var stringUtilsTest:StringUtilsTest;
+ public var sanitizerTest:SanitizeTest;
public var eventsTest:EventsTest;
}
diff --git a/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
new file mode 100644
index 0000000..7173f52
--- /dev/null
+++ b/frameworks/projects/Core/src/test/royale/flexUnitTests/SanitizeTest.as
@@ -0,0 +1,63 @@
+////////////////////////////////////////////////////////////////////////////////
+//
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package flexUnitTests
+{
+ import org.apache.royale.utils.string.*;
+ import org.apache.royale.test.asserts.*;
+
+ public class SanitizeTest
+ {
+ [Before]
+ public function setUp():void
+ {
+ }
+
+ [After]
+ public function tearDown():void
+ {
+ }
+
+ [BeforeClass]
+ public static function setUpBeforeClass():void
+ {
+ }
+
+ [AfterClass]
+ public static function tearDownAfterClass():void
+ {
+ }
+
+ [Test]
+ public function testHTML():void
+ {
+ var safeHtml:String = 'Hello <em>World</em>';
+ assertEquals(safeHtml, sanitizeHtml(safeHtml));
+ }
+
+ [Test]
+ public function testUrl():void
+ {
+ var safeUrl:String = "https://foobaz.com"
+ assertEquals(safeUrl, sanitizeUrl(safeUrl));
+ }
+
+
+
+ }
+}