selenium-webdriver

Version:

The official WebDriver JavaScript bindings from the Selenium project

1 lines • 31.7 kB

HTML

<!DOCTYPE html><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no"><meta http-equiv="Content-Language" content="en"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>safe.js</title><link href="../../../../dossier.css" rel="stylesheet" type="text/css"><header><div><form><div><input type="search" placeholder="Search" tabindex="1"></div></form></div></header><main><article class="srcfile"><h1>lib/goog/dom/safe.js</h1><div><table><tr><td><a id="l1"></a><a href="#l1">1</a><td>// Copyright 2013 The Closure Library Authors. All Rights Reserved.<tr><td><a id="l2"></a><a href="#l2">2</a><td>//<tr><td><a id="l3"></a><a href="#l3">3</a><td>// Licensed under the Apache License, Version 2.0 (the "License");<tr><td><a id="l4"></a><a href="#l4">4</a><td>// you may not use this file except in compliance with the License.<tr><td><a id="l5"></a><a href="#l5">5</a><td>// You may obtain a copy of the License at<tr><td><a id="l6"></a><a href="#l6">6</a><td>//<tr><td><a id="l7"></a><a href="#l7">7</a><td>// http://www.apache.org/licenses/LICENSE-2.0<tr><td><a id="l8"></a><a href="#l8">8</a><td>//<tr><td><a id="l9"></a><a href="#l9">9</a><td>// Unless required by applicable law or agreed to in writing, software<tr><td><a id="l10"></a><a href="#l10">10</a><td>// distributed under the License is distributed on an "AS-IS" BASIS,<tr><td><a id="l11"></a><a href="#l11">11</a><td>// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.<tr><td><a id="l12"></a><a href="#l12">12</a><td>// See the License for the specific language governing permissions and<tr><td><a id="l13"></a><a href="#l13">13</a><td>// limitations under the License.<tr><td><a id="l14"></a><a href="#l14">14</a><td><tr><td><a id="l15"></a><a href="#l15">15</a><td>/**<tr><td><a id="l16"></a><a href="#l16">16</a><td> * @fileoverview Type-safe wrappers for unsafe DOM APIs.<tr><td><a id="l17"></a><a href="#l17">17</a><td> *<tr><td><a id="l18"></a><a href="#l18">18</a><td> * This file provides type-safe wrappers for DOM APIs that can result in<tr><td><a id="l19"></a><a href="#l19">19</a><td> * cross-site scripting (XSS) vulnerabilities, if the API is supplied with<tr><td><a id="l20"></a><a href="#l20">20</a><td> * untrusted (attacker-controlled) input. Instead of plain strings, the type<tr><td><a id="l21"></a><a href="#l21">21</a><td> * safe wrappers consume values of types from the goog.html package whose<tr><td><a id="l22"></a><a href="#l22">22</a><td> * contract promises that values are safe to use in the corresponding context.<tr><td><a id="l23"></a><a href="#l23">23</a><td> *<tr><td><a id="l24"></a><a href="#l24">24</a><td> * Hence, a program that exclusively uses the wrappers in this file (i.e., whose<tr><td><a id="l25"></a><a href="#l25">25</a><td> * only reference to security-sensitive raw DOM APIs are in this file) is<tr><td><a id="l26"></a><a href="#l26">26</a><td> * guaranteed to be free of XSS due to incorrect use of such DOM APIs (modulo<tr><td><a id="l27"></a><a href="#l27">27</a><td> * correctness of code that produces values of the respective goog.html types,<tr><td><a id="l28"></a><a href="#l28">28</a><td> * and absent code that violates type safety).<tr><td><a id="l29"></a><a href="#l29">29</a><td> *<tr><td><a id="l30"></a><a href="#l30">30</a><td> * For example, assigning to an element's .innerHTML property a string that is<tr><td><a id="l31"></a><a href="#l31">31</a><td> * derived (even partially) from untrusted input typically results in an XSS<tr><td><a id="l32"></a><a href="#l32">32</a><td> * vulnerability. The type-safe wrapper goog.html.setInnerHtml consumes a value<tr><td><a id="l33"></a><a href="#l33">33</a><td> * of type goog.html.SafeHtml, whose contract states that using its values in a<tr><td><a id="l34"></a><a href="#l34">34</a><td> * HTML context will not result in XSS. Hence a program that is free of direct<tr><td><a id="l35"></a><a href="#l35">35</a><td> * assignments to any element's innerHTML property (with the exception of the<tr><td><a id="l36"></a><a href="#l36">36</a><td> * assignment to .innerHTML in this file) is guaranteed to be free of XSS due to<tr><td><a id="l37"></a><a href="#l37">37</a><td> * assignment of untrusted strings to the innerHTML property.<tr><td><a id="l38"></a><a href="#l38">38</a><td> */<tr><td><a id="l39"></a><a href="#l39">39</a><td><tr><td><a id="l40"></a><a href="#l40">40</a><td>goog.provide('goog.dom.safe');<tr><td><a id="l41"></a><a href="#l41">41</a><td>goog.provide('goog.dom.safe.InsertAdjacentHtmlPosition');<tr><td><a id="l42"></a><a href="#l42">42</a><td><tr><td><a id="l43"></a><a href="#l43">43</a><td>goog.require('goog.asserts');<tr><td><a id="l44"></a><a href="#l44">44</a><td>goog.require('goog.html.SafeHtml');<tr><td><a id="l45"></a><a href="#l45">45</a><td>goog.require('goog.html.SafeUrl');<tr><td><a id="l46"></a><a href="#l46">46</a><td>goog.require('goog.html.TrustedResourceUrl');<tr><td><a id="l47"></a><a href="#l47">47</a><td>goog.require('goog.string');<tr><td><a id="l48"></a><a href="#l48">48</a><td>goog.require('goog.string.Const');<tr><td><a id="l49"></a><a href="#l49">49</a><td><tr><td><a id="l50"></a><a href="#l50">50</a><td><tr><td><a id="l51"></a><a href="#l51">51</a><td>/** @enum {string} */<tr><td><a id="l52"></a><a href="#l52">52</a><td>goog.dom.safe.InsertAdjacentHtmlPosition = {<tr><td><a id="l53"></a><a href="#l53">53</a><td> AFTERBEGIN: 'afterbegin',<tr><td><a id="l54"></a><a href="#l54">54</a><td> AFTEREND: 'afterend',<tr><td><a id="l55"></a><a href="#l55">55</a><td> BEFOREBEGIN: 'beforebegin',<tr><td><a id="l56"></a><a href="#l56">56</a><td> BEFOREEND: 'beforeend'<tr><td><a id="l57"></a><a href="#l57">57</a><td>};<tr><td><a id="l58"></a><a href="#l58">58</a><td><tr><td><a id="l59"></a><a href="#l59">59</a><td><tr><td><a id="l60"></a><a href="#l60">60</a><td>/**<tr><td><a id="l61"></a><a href="#l61">61</a><td> * Inserts known-safe HTML into a Node, at the specified position.<tr><td><a id="l62"></a><a href="#l62">62</a><td> * @param {!Node} node The node on which to call insertAdjacentHTML.<tr><td><a id="l63"></a><a href="#l63">63</a><td> * @param {!goog.dom.safe.InsertAdjacentHtmlPosition} position Position where<tr><td><a id="l64"></a><a href="#l64">64</a><td> * to insert the HTML.<tr><td><a id="l65"></a><a href="#l65">65</a><td> * @param {!goog.html.SafeHtml} html The known-safe HTML to insert.<tr><td><a id="l66"></a><a href="#l66">66</a><td> */<tr><td><a id="l67"></a><a href="#l67">67</a><td>goog.dom.safe.insertAdjacentHtml = function(node, position, html) {<tr><td><a id="l68"></a><a href="#l68">68</a><td> node.insertAdjacentHTML(position, goog.html.SafeHtml.unwrap(html));<tr><td><a id="l69"></a><a href="#l69">69</a><td>};<tr><td><a id="l70"></a><a href="#l70">70</a><td><tr><td><a id="l71"></a><a href="#l71">71</a><td><tr><td><a id="l72"></a><a href="#l72">72</a><td>/**<tr><td><a id="l73"></a><a href="#l73">73</a><td> * Assigns known-safe HTML to an element's innerHTML property.<tr><td><a id="l74"></a><a href="#l74">74</a><td> * @param {!Element} elem The element whose innerHTML is to be assigned to.<tr><td><a id="l75"></a><a href="#l75">75</a><td> * @param {!goog.html.SafeHtml} html The known-safe HTML to assign.<tr><td><a id="l76"></a><a href="#l76">76</a><td> */<tr><td><a id="l77"></a><a href="#l77">77</a><td>goog.dom.safe.setInnerHtml = function(elem, html) {<tr><td><a id="l78"></a><a href="#l78">78</a><td> elem.innerHTML = goog.html.SafeHtml.unwrap(html);<tr><td><a id="l79"></a><a href="#l79">79</a><td>};<tr><td><a id="l80"></a><a href="#l80">80</a><td><tr><td><a id="l81"></a><a href="#l81">81</a><td><tr><td><a id="l82"></a><a href="#l82">82</a><td>/**<tr><td><a id="l83"></a><a href="#l83">83</a><td> * Assigns known-safe HTML to an element's outerHTML property.<tr><td><a id="l84"></a><a href="#l84">84</a><td> * @param {!Element} elem The element whose outerHTML is to be assigned to.<tr><td><a id="l85"></a><a href="#l85">85</a><td> * @param {!goog.html.SafeHtml} html The known-safe HTML to assign.<tr><td><a id="l86"></a><a href="#l86">86</a><td> */<tr><td><a id="l87"></a><a href="#l87">87</a><td>goog.dom.safe.setOuterHtml = function(elem, html) {<tr><td><a id="l88"></a><a href="#l88">88</a><td> elem.outerHTML = goog.html.SafeHtml.unwrap(html);<tr><td><a id="l89"></a><a href="#l89">89</a><td>};<tr><td><a id="l90"></a><a href="#l90">90</a><td><tr><td><a id="l91"></a><a href="#l91">91</a><td><tr><td><a id="l92"></a><a href="#l92">92</a><td>/**<tr><td><a id="l93"></a><a href="#l93">93</a><td> * Writes known-safe HTML to a document.<tr><td><a id="l94"></a><a href="#l94">94</a><td> * @param {!Document} doc The document to be written to.<tr><td><a id="l95"></a><a href="#l95">95</a><td> * @param {!goog.html.SafeHtml} html The known-safe HTML to assign.<tr><td><a id="l96"></a><a href="#l96">96</a><td> */<tr><td><a id="l97"></a><a href="#l97">97</a><td>goog.dom.safe.documentWrite = function(doc, html) {<tr><td><a id="l98"></a><a href="#l98">98</a><td> doc.write(goog.html.SafeHtml.unwrap(html));<tr><td><a id="l99"></a><a href="#l99">99</a><td>};<tr><td><a id="l100"></a><a href="#l100">100</a><td><tr><td><a id="l101"></a><a href="#l101">101</a><td><tr><td><a id="l102"></a><a href="#l102">102</a><td>/**<tr><td><a id="l103"></a><a href="#l103">103</a><td> * Safely assigns a URL to an anchor element's href property.<tr><td><a id="l104"></a><a href="#l104">104</a><td> *<tr><td><a id="l105"></a><a href="#l105">105</a><td> * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to<tr><td><a id="l106"></a><a href="#l106">106</a><td> * anchor's href property. If url is of type string however, it is first<tr><td><a id="l107"></a><a href="#l107">107</a><td> * sanitized using goog.html.SafeUrl.sanitize.<tr><td><a id="l108"></a><a href="#l108">108</a><td> *<tr><td><a id="l109"></a><a href="#l109">109</a><td> * Example usage:<tr><td><a id="l110"></a><a href="#l110">110</a><td> * goog.dom.safe.setAnchorHref(anchorEl, url);<tr><td><a id="l111"></a><a href="#l111">111</a><td> * which is a safe alternative to<tr><td><a id="l112"></a><a href="#l112">112</a><td> * anchorEl.href = url;<tr><td><a id="l113"></a><a href="#l113">113</a><td> * The latter can result in XSS vulnerabilities if url is a<tr><td><a id="l114"></a><a href="#l114">114</a><td> * user-/attacker-controlled value.<tr><td><a id="l115"></a><a href="#l115">115</a><td> *<tr><td><a id="l116"></a><a href="#l116">116</a><td> * @param {!HTMLAnchorElement} anchor The anchor element whose href property<tr><td><a id="l117"></a><a href="#l117">117</a><td> * is to be assigned to.<tr><td><a id="l118"></a><a href="#l118">118</a><td> * @param {string|!goog.html.SafeUrl} url The URL to assign.<tr><td><a id="l119"></a><a href="#l119">119</a><td> * @see goog.html.SafeUrl#sanitize<tr><td><a id="l120"></a><a href="#l120">120</a><td> */<tr><td><a id="l121"></a><a href="#l121">121</a><td>goog.dom.safe.setAnchorHref = function(anchor, url) {<tr><td><a id="l122"></a><a href="#l122">122</a><td> /** @type {!goog.html.SafeUrl} */<tr><td><a id="l123"></a><a href="#l123">123</a><td> var safeUrl;<tr><td><a id="l124"></a><a href="#l124">124</a><td> if (url instanceof goog.html.SafeUrl) {<tr><td><a id="l125"></a><a href="#l125">125</a><td> safeUrl = url;<tr><td><a id="l126"></a><a href="#l126">126</a><td> } else {<tr><td><a id="l127"></a><a href="#l127">127</a><td> safeUrl = goog.html.SafeUrl.sanitize(url);<tr><td><a id="l128"></a><a href="#l128">128</a><td> }<tr><td><a id="l129"></a><a href="#l129">129</a><td> anchor.href = goog.html.SafeUrl.unwrap(safeUrl);<tr><td><a id="l130"></a><a href="#l130">130</a><td>};<tr><td><a id="l131"></a><a href="#l131">131</a><td><tr><td><a id="l132"></a><a href="#l132">132</a><td><tr><td><a id="l133"></a><a href="#l133">133</a><td>/**<tr><td><a id="l134"></a><a href="#l134">134</a><td> * Safely assigns a URL to an embed element's src property.<tr><td><a id="l135"></a><a href="#l135">135</a><td> *<tr><td><a id="l136"></a><a href="#l136">136</a><td> * Example usage:<tr><td><a id="l137"></a><a href="#l137">137</a><td> * goog.dom.safe.setEmbedSrc(embedEl, url);<tr><td><a id="l138"></a><a href="#l138">138</a><td> * which is a safe alternative to<tr><td><a id="l139"></a><a href="#l139">139</a><td> * embedEl.src = url;<tr><td><a id="l140"></a><a href="#l140">140</a><td> * The latter can result in loading untrusted code unless it is ensured that<tr><td><a id="l141"></a><a href="#l141">141</a><td> * the URL refers to a trustworthy resource.<tr><td><a id="l142"></a><a href="#l142">142</a><td> *<tr><td><a id="l143"></a><a href="#l143">143</a><td> * @param {!HTMLEmbedElement} embed The embed element whose src property<tr><td><a id="l144"></a><a href="#l144">144</a><td> * is to be assigned to.<tr><td><a id="l145"></a><a href="#l145">145</a><td> * @param {!goog.html.TrustedResourceUrl} url The URL to assign.<tr><td><a id="l146"></a><a href="#l146">146</a><td> */<tr><td><a id="l147"></a><a href="#l147">147</a><td>goog.dom.safe.setEmbedSrc = function(embed, url) {<tr><td><a id="l148"></a><a href="#l148">148</a><td> embed.src = goog.html.TrustedResourceUrl.unwrap(url);<tr><td><a id="l149"></a><a href="#l149">149</a><td>};<tr><td><a id="l150"></a><a href="#l150">150</a><td><tr><td><a id="l151"></a><a href="#l151">151</a><td><tr><td><a id="l152"></a><a href="#l152">152</a><td>/**<tr><td><a id="l153"></a><a href="#l153">153</a><td> * Safely assigns a URL to a frame element's src property.<tr><td><a id="l154"></a><a href="#l154">154</a><td> *<tr><td><a id="l155"></a><a href="#l155">155</a><td> * Example usage:<tr><td><a id="l156"></a><a href="#l156">156</a><td> * goog.dom.safe.setFrameSrc(frameEl, url);<tr><td><a id="l157"></a><a href="#l157">157</a><td> * which is a safe alternative to<tr><td><a id="l158"></a><a href="#l158">158</a><td> * frameEl.src = url;<tr><td><a id="l159"></a><a href="#l159">159</a><td> * The latter can result in loading untrusted code unless it is ensured that<tr><td><a id="l160"></a><a href="#l160">160</a><td> * the URL refers to a trustworthy resource.<tr><td><a id="l161"></a><a href="#l161">161</a><td> *<tr><td><a id="l162"></a><a href="#l162">162</a><td> * @param {!HTMLFrameElement} frame The frame element whose src property<tr><td><a id="l163"></a><a href="#l163">163</a><td> * is to be assigned to.<tr><td><a id="l164"></a><a href="#l164">164</a><td> * @param {!goog.html.TrustedResourceUrl} url The URL to assign.<tr><td><a id="l165"></a><a href="#l165">165</a><td> */<tr><td><a id="l166"></a><a href="#l166">166</a><td>goog.dom.safe.setFrameSrc = function(frame, url) {<tr><td><a id="l167"></a><a href="#l167">167</a><td> frame.src = goog.html.TrustedResourceUrl.unwrap(url);<tr><td><a id="l168"></a><a href="#l168">168</a><td>};<tr><td><a id="l169"></a><a href="#l169">169</a><td><tr><td><a id="l170"></a><a href="#l170">170</a><td><tr><td><a id="l171"></a><a href="#l171">171</a><td>/**<tr><td><a id="l172"></a><a href="#l172">172</a><td> * Safely assigns a URL to an iframe element's src property.<tr><td><a id="l173"></a><a href="#l173">173</a><td> *<tr><td><a id="l174"></a><a href="#l174">174</a><td> * Example usage:<tr><td><a id="l175"></a><a href="#l175">175</a><td> * goog.dom.safe.setIframeSrc(iframeEl, url);<tr><td><a id="l176"></a><a href="#l176">176</a><td> * which is a safe alternative to<tr><td><a id="l177"></a><a href="#l177">177</a><td> * iframeEl.src = url;<tr><td><a id="l178"></a><a href="#l178">178</a><td> * The latter can result in loading untrusted code unless it is ensured that<tr><td><a id="l179"></a><a href="#l179">179</a><td> * the URL refers to a trustworthy resource.<tr><td><a id="l180"></a><a href="#l180">180</a><td> *<tr><td><a id="l181"></a><a href="#l181">181</a><td> * @param {!HTMLIFrameElement} iframe The iframe element whose src property<tr><td><a id="l182"></a><a href="#l182">182</a><td> * is to be assigned to.<tr><td><a id="l183"></a><a href="#l183">183</a><td> * @param {!goog.html.TrustedResourceUrl} url The URL to assign.<tr><td><a id="l184"></a><a href="#l184">184</a><td> */<tr><td><a id="l185"></a><a href="#l185">185</a><td>goog.dom.safe.setIframeSrc = function(iframe, url) {<tr><td><a id="l186"></a><a href="#l186">186</a><td> iframe.src = goog.html.TrustedResourceUrl.unwrap(url);<tr><td><a id="l187"></a><a href="#l187">187</a><td>};<tr><td><a id="l188"></a><a href="#l188">188</a><td><tr><td><a id="l189"></a><a href="#l189">189</a><td><tr><td><a id="l190"></a><a href="#l190">190</a><td>/**<tr><td><a id="l191"></a><a href="#l191">191</a><td> * Safely sets a link element's href and rel properties. Whether or not<tr><td><a id="l192"></a><a href="#l192">192</a><td> * the URL assigned to href has to be a goog.html.TrustedResourceUrl<tr><td><a id="l193"></a><a href="#l193">193</a><td> * depends on the value of the rel property. If rel contains "stylesheet"<tr><td><a id="l194"></a><a href="#l194">194</a><td> * then a TrustedResourceUrl is required.<tr><td><a id="l195"></a><a href="#l195">195</a><td> *<tr><td><a id="l196"></a><a href="#l196">196</a><td> * Example usage:<tr><td><a id="l197"></a><a href="#l197">197</a><td> * goog.dom.safe.setLinkHrefAndRel(linkEl, url, 'stylesheet');<tr><td><a id="l198"></a><a href="#l198">198</a><td> * which is a safe alternative to<tr><td><a id="l199"></a><a href="#l199">199</a><td> * linkEl.rel = 'stylesheet';<tr><td><a id="l200"></a><a href="#l200">200</a><td> * linkEl.href = url;<tr><td><a id="l201"></a><a href="#l201">201</a><td> * The latter can result in loading untrusted code unless it is ensured that<tr><td><a id="l202"></a><a href="#l202">202</a><td> * the URL refers to a trustworthy resource.<tr><td><a id="l203"></a><a href="#l203">203</a><td> *<tr><td><a id="l204"></a><a href="#l204">204</a><td> * @param {!HTMLLinkElement} link The link element whose href property<tr><td><a id="l205"></a><a href="#l205">205</a><td> * is to be assigned to.<tr><td><a id="l206"></a><a href="#l206">206</a><td> * @param {string|!goog.html.SafeUrl|!goog.html.TrustedResourceUrl} url The URL<tr><td><a id="l207"></a><a href="#l207">207</a><td> * to assign to the href property. Must be a TrustedResourceUrl if the<tr><td><a id="l208"></a><a href="#l208">208</a><td> * value assigned to rel contains "stylesheet". A string value is<tr><td><a id="l209"></a><a href="#l209">209</a><td> * sanitized with goog.html.SafeUrl.sanitize.<tr><td><a id="l210"></a><a href="#l210">210</a><td> * @param {string} rel The value to assign to the rel property.<tr><td><a id="l211"></a><a href="#l211">211</a><td> * @throws {Error} if rel contains "stylesheet" and url is not a<tr><td><a id="l212"></a><a href="#l212">212</a><td> * TrustedResourceUrl<tr><td><a id="l213"></a><a href="#l213">213</a><td> * @see goog.html.SafeUrl#sanitize<tr><td><a id="l214"></a><a href="#l214">214</a><td> */<tr><td><a id="l215"></a><a href="#l215">215</a><td>goog.dom.safe.setLinkHrefAndRel = function(link, url, rel) {<tr><td><a id="l216"></a><a href="#l216">216</a><td> link.rel = rel;<tr><td><a id="l217"></a><a href="#l217">217</a><td> if (goog.string.caseInsensitiveContains(rel, 'stylesheet')) {<tr><td><a id="l218"></a><a href="#l218">218</a><td> goog.asserts.assert(<tr><td><a id="l219"></a><a href="#l219">219</a><td> url instanceof goog.html.TrustedResourceUrl,<tr><td><a id="l220"></a><a href="#l220">220</a><td> 'URL must be TrustedResourceUrl because "rel" contains "stylesheet"');<tr><td><a id="l221"></a><a href="#l221">221</a><td> link.href = goog.html.TrustedResourceUrl.unwrap(url);<tr><td><a id="l222"></a><a href="#l222">222</a><td> } else if (url instanceof goog.html.TrustedResourceUrl) {<tr><td><a id="l223"></a><a href="#l223">223</a><td> link.href = goog.html.TrustedResourceUrl.unwrap(url);<tr><td><a id="l224"></a><a href="#l224">224</a><td> } else if (url instanceof goog.html.SafeUrl) {<tr><td><a id="l225"></a><a href="#l225">225</a><td> link.href = goog.html.SafeUrl.unwrap(url);<tr><td><a id="l226"></a><a href="#l226">226</a><td> } else { // string<tr><td><a id="l227"></a><a href="#l227">227</a><td> // SafeUrl.sanitize must return legitimate SafeUrl when passed a string.<tr><td><a id="l228"></a><a href="#l228">228</a><td> link.href = goog.html.SafeUrl.sanitize(url).getTypedStringValue();<tr><td><a id="l229"></a><a href="#l229">229</a><td> }<tr><td><a id="l230"></a><a href="#l230">230</a><td>};<tr><td><a id="l231"></a><a href="#l231">231</a><td><tr><td><a id="l232"></a><a href="#l232">232</a><td><tr><td><a id="l233"></a><a href="#l233">233</a><td>/**<tr><td><a id="l234"></a><a href="#l234">234</a><td> * Safely assigns a URL to an object element's data property.<tr><td><a id="l235"></a><a href="#l235">235</a><td> *<tr><td><a id="l236"></a><a href="#l236">236</a><td> * Example usage:<tr><td><a id="l237"></a><a href="#l237">237</a><td> * goog.dom.safe.setObjectData(objectEl, url);<tr><td><a id="l238"></a><a href="#l238">238</a><td> * which is a safe alternative to<tr><td><a id="l239"></a><a href="#l239">239</a><td> * objectEl.data = url;<tr><td><a id="l240"></a><a href="#l240">240</a><td> * The latter can result in loading untrusted code unless setit is ensured that<tr><td><a id="l241"></a><a href="#l241">241</a><td> * the URL refers to a trustworthy resource.<tr><td><a id="l242"></a><a href="#l242">242</a><td> *<tr><td><a id="l243"></a><a href="#l243">243</a><td> * @param {!HTMLObjectElement} object The object element whose data property<tr><td><a id="l244"></a><a href="#l244">244</a><td> * is to be assigned to.<tr><td><a id="l245"></a><a href="#l245">245</a><td> * @param {!goog.html.TrustedResourceUrl} url The URL to assign.<tr><td><a id="l246"></a><a href="#l246">246</a><td> */<tr><td><a id="l247"></a><a href="#l247">247</a><td>goog.dom.safe.setObjectData = function(object, url) {<tr><td><a id="l248"></a><a href="#l248">248</a><td> object.data = goog.html.TrustedResourceUrl.unwrap(url);<tr><td><a id="l249"></a><a href="#l249">249</a><td>};<tr><td><a id="l250"></a><a href="#l250">250</a><td><tr><td><a id="l251"></a><a href="#l251">251</a><td><tr><td><a id="l252"></a><a href="#l252">252</a><td>/**<tr><td><a id="l253"></a><a href="#l253">253</a><td> * Safely assigns a URL to an iframe element's src property.<tr><td><a id="l254"></a><a href="#l254">254</a><td> *<tr><td><a id="l255"></a><a href="#l255">255</a><td> * Example usage:<tr><td><a id="l256"></a><a href="#l256">256</a><td> * goog.dom.safe.setScriptSrc(scriptEl, url);<tr><td><a id="l257"></a><a href="#l257">257</a><td> * which is a safe alternative to<tr><td><a id="l258"></a><a href="#l258">258</a><td> * scriptEl.src = url;<tr><td><a id="l259"></a><a href="#l259">259</a><td> * The latter can result in loading untrusted code unless it is ensured that<tr><td><a id="l260"></a><a href="#l260">260</a><td> * the URL refers to a trustworthy resource.<tr><td><a id="l261"></a><a href="#l261">261</a><td> *<tr><td><a id="l262"></a><a href="#l262">262</a><td> * @param {!HTMLScriptElement} script The script element whose src property<tr><td><a id="l263"></a><a href="#l263">263</a><td> * is to be assigned to.<tr><td><a id="l264"></a><a href="#l264">264</a><td> * @param {!goog.html.TrustedResourceUrl} url The URL to assign.<tr><td><a id="l265"></a><a href="#l265">265</a><td> */<tr><td><a id="l266"></a><a href="#l266">266</a><td>goog.dom.safe.setScriptSrc = function(script, url) {<tr><td><a id="l267"></a><a href="#l267">267</a><td> script.src = goog.html.TrustedResourceUrl.unwrap(url);<tr><td><a id="l268"></a><a href="#l268">268</a><td>};<tr><td><a id="l269"></a><a href="#l269">269</a><td><tr><td><a id="l270"></a><a href="#l270">270</a><td><tr><td><a id="l271"></a><a href="#l271">271</a><td>/**<tr><td><a id="l272"></a><a href="#l272">272</a><td> * Safely assigns a URL to a Location object's href property.<tr><td><a id="l273"></a><a href="#l273">273</a><td> *<tr><td><a id="l274"></a><a href="#l274">274</a><td> * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to<tr><td><a id="l275"></a><a href="#l275">275</a><td> * loc's href property. If url is of type string however, it is first sanitized<tr><td><a id="l276"></a><a href="#l276">276</a><td> * using goog.html.SafeUrl.sanitize.<tr><td><a id="l277"></a><a href="#l277">277</a><td> *<tr><td><a id="l278"></a><a href="#l278">278</a><td> * Example usage:<tr><td><a id="l279"></a><a href="#l279">279</a><td> * goog.dom.safe.setLocationHref(document.location, redirectUrl);<tr><td><a id="l280"></a><a href="#l280">280</a><td> * which is a safe alternative to<tr><td><a id="l281"></a><a href="#l281">281</a><td> * document.location.href = redirectUrl;<tr><td><a id="l282"></a><a href="#l282">282</a><td> * The latter can result in XSS vulnerabilities if redirectUrl is a<tr><td><a id="l283"></a><a href="#l283">283</a><td> * user-/attacker-controlled value.<tr><td><a id="l284"></a><a href="#l284">284</a><td> *<tr><td><a id="l285"></a><a href="#l285">285</a><td> * @param {!Location} loc The Location object whose href property is to be<tr><td><a id="l286"></a><a href="#l286">286</a><td> * assigned to.<tr><td><a id="l287"></a><a href="#l287">287</a><td> * @param {string|!goog.html.SafeUrl} url The URL to assign.<tr><td><a id="l288"></a><a href="#l288">288</a><td> * @see goog.html.SafeUrl#sanitize<tr><td><a id="l289"></a><a href="#l289">289</a><td> */<tr><td><a id="l290"></a><a href="#l290">290</a><td>goog.dom.safe.setLocationHref = function(loc, url) {<tr><td><a id="l291"></a><a href="#l291">291</a><td> /** @type {!goog.html.SafeUrl} */<tr><td><a id="l292"></a><a href="#l292">292</a><td> var safeUrl;<tr><td><a id="l293"></a><a href="#l293">293</a><td> if (url instanceof goog.html.SafeUrl) {<tr><td><a id="l294"></a><a href="#l294">294</a><td> safeUrl = url;<tr><td><a id="l295"></a><a href="#l295">295</a><td> } else {<tr><td><a id="l296"></a><a href="#l296">296</a><td> safeUrl = goog.html.SafeUrl.sanitize(url);<tr><td><a id="l297"></a><a href="#l297">297</a><td> }<tr><td><a id="l298"></a><a href="#l298">298</a><td> loc.href = goog.html.SafeUrl.unwrap(safeUrl);<tr><td><a id="l299"></a><a href="#l299">299</a><td>};<tr><td><a id="l300"></a><a href="#l300">300</a><td><tr><td><a id="l301"></a><a href="#l301">301</a><td><tr><td><a id="l302"></a><a href="#l302">302</a><td>/**<tr><td><a id="l303"></a><a href="#l303">303</a><td> * Safely opens a URL in a new window (via window.open).<tr><td><a id="l304"></a><a href="#l304">304</a><td> *<tr><td><a id="l305"></a><a href="#l305">305</a><td> * If url is of type goog.html.SafeUrl, its value is unwrapped and passed in to<tr><td><a id="l306"></a><a href="#l306">306</a><td> * window.open. If url is of type string however, it is first sanitized<tr><td><a id="l307"></a><a href="#l307">307</a><td> * using goog.html.SafeUrl.sanitize.<tr><td><a id="l308"></a><a href="#l308">308</a><td> *<tr><td><a id="l309"></a><a href="#l309">309</a><td> * Note that this function does not prevent leakages via the referer that is<tr><td><a id="l310"></a><a href="#l310">310</a><td> * sent by window.open. It is advised to only use this to open 1st party URLs.<tr><td><a id="l311"></a><a href="#l311">311</a><td> *<tr><td><a id="l312"></a><a href="#l312">312</a><td> * Example usage:<tr><td><a id="l313"></a><a href="#l313">313</a><td> * goog.dom.safe.openInWindow(url);<tr><td><a id="l314"></a><a href="#l314">314</a><td> * which is a safe alternative to<tr><td><a id="l315"></a><a href="#l315">315</a><td> * window.open(url);<tr><td><a id="l316"></a><a href="#l316">316</a><td> * The latter can result in XSS vulnerabilities if redirectUrl is a<tr><td><a id="l317"></a><a href="#l317">317</a><td> * user-/attacker-controlled value.<tr><td><a id="l318"></a><a href="#l318">318</a><td> *<tr><td><a id="l319"></a><a href="#l319">319</a><td> * @param {string|!goog.html.SafeUrl} url The URL to open.<tr><td><a id="l320"></a><a href="#l320">320</a><td> * @param {Window=} opt_openerWin Window of which to call the .open() method.<tr><td><a id="l321"></a><a href="#l321">321</a><td> * Defaults to the global window.<tr><td><a id="l322"></a><a href="#l322">322</a><td> * @param {!goog.string.Const=} opt_name Name of the window to open in. Can be<tr><td><a id="l323"></a><a href="#l323">323</a><td> * _top, etc as allowed by window.open().<tr><td><a id="l324"></a><a href="#l324">324</a><td> * @param {string=} opt_specs Comma-separated list of specifications, same as<tr><td><a id="l325"></a><a href="#l325">325</a><td> * in window.open().<tr><td><a id="l326"></a><a href="#l326">326</a><td> * @param {boolean=} opt_replace Whether to replace the current entry in browser<tr><td><a id="l327"></a><a href="#l327">327</a><td> * history, same as in window.open().<tr><td><a id="l328"></a><a href="#l328">328</a><td> * @return {Window} Window the url was opened in.<tr><td><a id="l329"></a><a href="#l329">329</a><td> */<tr><td><a id="l330"></a><a href="#l330">330</a><td>goog.dom.safe.openInWindow = function(<tr><td><a id="l331"></a><a href="#l331">331</a><td> url, opt_openerWin, opt_name, opt_specs, opt_replace) {<tr><td><a id="l332"></a><a href="#l332">332</a><td> /** @type {!goog.html.SafeUrl} */<tr><td><a id="l333"></a><a href="#l333">333</a><td> var safeUrl;<tr><td><a id="l334"></a><a href="#l334">334</a><td> if (url instanceof goog.html.SafeUrl) {<tr><td><a id="l335"></a><a href="#l335">335</a><td> safeUrl = url;<tr><td><a id="l336"></a><a href="#l336">336</a><td> } else {<tr><td><a id="l337"></a><a href="#l337">337</a><td> safeUrl = goog.html.SafeUrl.sanitize(url);<tr><td><a id="l338"></a><a href="#l338">338</a><td> }<tr><td><a id="l339"></a><a href="#l339">339</a><td> var win = opt_openerWin || window;<tr><td><a id="l340"></a><a href="#l340">340</a><td> return win.open(goog.html.SafeUrl.unwrap(safeUrl),<tr><td><a id="l341"></a><a href="#l341">341</a><td> // If opt_name is undefined, simply passing that in to open() causes IE to<tr><td><a id="l342"></a><a href="#l342">342</a><td> // reuse the current window instead of opening a new one. Thus we pass ''<tr><td><a id="l343"></a><a href="#l343">343</a><td> // in instead, which according to spec opens a new window. See<tr><td><a id="l344"></a><a href="#l344">344</a><td> // https://html.spec.whatwg.org/multipage/browsers.html#dom-open .<tr><td><a id="l345"></a><a href="#l345">345</a><td> opt_name ? goog.string.Const.unwrap(opt_name) : '',<tr><td><a id="l346"></a><a href="#l346">346</a><td> opt_specs, opt_replace);<tr><td><a id="l347"></a><a href="#l347">347</a><td>};</table></div></article><nav><h3><a href="../../../../index.html" tabindex="2">Overview</a></h3><div><input type="checkbox" id="nav-modules" checked/><label for="nav-modules"><h3><span class="selectable" tabindex="2">Modules</span></h3></label><div id="nav-modules-view"></div></div><div><input type="checkbox" id="nav-types" checked/><label for="nav-types"><h3><span class="selectable" tabindex="2">Types</span></h3></label><div id="nav-types-view"></div></div><h3><a href="../../../../Changes.html" tabindex="2">Changes</a></h3></nav></main><footer><div><a href="https://github.com/jleyba/js-dossier">Generated by dossier</a></div></footer><script src="../../../../types.js"></script><script src="../../../../dossier.js"></script>