goog.provide("goog.dom.safe"); goog.provide("goog.dom.safe.InsertAdjacentHtmlPosition"); goog.require("goog.asserts"); goog.require("goog.asserts.dom"); goog.require("goog.dom.asserts"); goog.require("goog.functions"); goog.require("goog.html.SafeHtml"); goog.require("goog.html.SafeScript"); goog.require("goog.html.SafeStyle"); goog.require("goog.html.SafeUrl"); goog.require("goog.html.TrustedResourceUrl"); goog.require("goog.html.uncheckedconversions"); goog.require("goog.string.Const"); goog.require("goog.string.internal"); goog.dom.safe.InsertAdjacentHtmlPosition = {AFTERBEGIN:"afterbegin", AFTEREND:"afterend", BEFOREBEGIN:"beforebegin", BEFOREEND:"beforeend"}; goog.dom.safe.insertAdjacentHtml = function(node, position, html) { node.insertAdjacentHTML(position, goog.html.SafeHtml.unwrapTrustedHTML(html)); }; goog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_ = {"MATH":true, "SCRIPT":true, "STYLE":true, "SVG":true, "TEMPLATE":true}; goog.dom.safe.isInnerHtmlCleanupRecursive_ = goog.functions.cacheReturnValue(function() { if (goog.DEBUG && typeof document === "undefined") { return false; } var div = document.createElement("div"); var childDiv = document.createElement("div"); childDiv.appendChild(document.createElement("div")); div.appendChild(childDiv); if (goog.DEBUG && !div.firstChild) { return false; } var innerChild = div.firstChild.firstChild; div.innerHTML = goog.html.SafeHtml.unwrapTrustedHTML(goog.html.SafeHtml.EMPTY); return !innerChild.parentElement; }); goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse = function(elem, html) { if (goog.dom.safe.isInnerHtmlCleanupRecursive_()) { while (elem.lastChild) { elem.removeChild(elem.lastChild); } } elem.innerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html); }; goog.dom.safe.setInnerHtml = function(elem, html) { if (goog.asserts.ENABLE_ASSERTS && elem.tagName) { var tagName = elem.tagName.toUpperCase(); if (goog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_[tagName]) { throw new Error("goog.dom.safe.setInnerHtml cannot be used to set content of " + elem.tagName + "."); } } goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse(elem, html); }; goog.dom.safe.setInnerHtmlFromConstant = function(element, constHtml) { goog.dom.safe.setInnerHtml(element, goog.html.uncheckedconversions.safeHtmlFromStringKnownToSatisfyTypeContract(goog.string.Const.from("Constant HTML to be immediatelly used."), goog.string.Const.unwrap(constHtml))); }; goog.dom.safe.setOuterHtml = function(elem, html) { elem.outerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html); }; goog.dom.safe.setFormElementAction = function(form, url) { var safeUrl; if (url instanceof goog.html.SafeUrl) { safeUrl = url; } else { safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url); } goog.asserts.dom.assertIsHtmlFormElement(form).action = goog.html.SafeUrl.unwrap(safeUrl); }; goog.dom.safe.setButtonFormAction = function(button, url) { var safeUrl; if (url instanceof goog.html.SafeUrl) { safeUrl = url; } else { safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url); } goog.asserts.dom.assertIsHtmlButtonElement(button).formAction = goog.html.SafeUrl.unwrap(safeUrl); }; goog.dom.safe.setInputFormAction = function(input, url) { var safeUrl; if (url instanceof goog.html.SafeUrl) { safeUrl = url; } else { safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url); } goog.asserts.dom.assertIsHtmlInputElement(input).formAction = goog.html.SafeUrl.unwrap(safeUrl); }; goog.dom.safe.setStyle = function(elem, style) { elem.style.cssText = goog.html.SafeStyle.unwrap(style); }; goog.dom.safe.documentWrite = function(doc, html) { doc.write(goog.html.SafeHtml.unwrapTrustedHTML(html)); }; goog.dom.safe.setAnchorHref = function(anchor, url) { goog.asserts.dom.assertIsHtmlAnchorElement(anchor); var safeUrl; if (url instanceof goog.html.SafeUrl) { safeUrl = url; } else { safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url); } anchor.href = goog.html.SafeUrl.unwrap(safeUrl); }; goog.dom.safe.setAudioSrc = function(audioElement, url) { goog.asserts.dom.assertIsHtmlAudioElement(audioElement); var safeUrl; if (url instanceof goog.html.SafeUrl) { safeUrl = url; } else { safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url); } audioElement.src = goog.html.SafeUrl.unwrap(safeUrl); }; goog.dom.safe.setVideoSrc = function(videoElement, url) { goog.asserts.dom.assertIsHtmlVideoElement(videoElement); var safeUrl; if (url instanceof goog.html.SafeUrl) { safeUrl = url; } else { safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url); } videoElement.src = goog.html.SafeUrl.unwrap(safeUrl); }; goog.dom.safe.setEmbedSrc = function(embed, url) { goog.asserts.dom.assertIsHtmlEmbedElement(embed); embed.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url); }; goog.dom.safe.setFrameSrc = function(frame, url) { goog.asserts.dom.assertIsHtmlFrameElement(frame); frame.src = goog.html.TrustedResourceUrl.unwrap(url); }; goog.dom.safe.setIframeSrc = function(iframe, url) { goog.asserts.dom.assertIsHtmlIFrameElement(iframe); iframe.src = goog.html.TrustedResourceUrl.unwrap(url); }; goog.dom.safe.setIframeSrcdoc = function(iframe, html) { goog.asserts.dom.assertIsHtmlIFrameElement(iframe); iframe.srcdoc = goog.html.SafeHtml.unwrapTrustedHTML(html); }; goog.dom.safe.setLinkHrefAndRel = function(link, url, rel) { goog.asserts.dom.assertIsHtmlLinkElement(link); link.rel = rel; if (goog.string.internal.caseInsensitiveContains(rel, "stylesheet")) { goog.asserts.assert(url instanceof goog.html.TrustedResourceUrl, 'URL must be TrustedResourceUrl because "rel" contains "stylesheet"'); link.href = goog.html.TrustedResourceUrl.unwrap(url); const win = link.ownerDocument && link.ownerDocument.defaultView; const nonce = goog.dom.safe.getStyleNonce(win); if (nonce) { link.setAttribute("nonce", nonce); } } else if (url instanceof goog.html.TrustedResourceUrl) { link.href = goog.html.TrustedResourceUrl.unwrap(url); } else if (url instanceof goog.html.SafeUrl) { link.href = goog.html.SafeUrl.unwrap(url); } else { link.href = goog.html.SafeUrl.unwrap(goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url)); } }; goog.dom.safe.setObjectData = function(object, url) { goog.asserts.dom.assertIsHtmlObjectElement(object); object.data = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url); }; goog.dom.safe.setScriptSrc = function(script, url) { goog.asserts.dom.assertIsHtmlScriptElement(script); goog.dom.safe.setNonceForScriptElement_(script); script.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url); }; goog.dom.safe.setScriptContent = function(script, content) { goog.asserts.dom.assertIsHtmlScriptElement(script); goog.dom.safe.setNonceForScriptElement_(script); script.textContent = goog.html.SafeScript.unwrapTrustedScript(content); }; goog.dom.safe.setNonceForScriptElement_ = function(script) { var win = script.ownerDocument && script.ownerDocument.defaultView; const nonce = goog.dom.safe.getScriptNonce(win); if (nonce) { script.setAttribute("nonce", nonce); } }; goog.dom.safe.setLocationHref = function(loc, url) { goog.dom.asserts.assertIsLocation(loc); var safeUrl; if (url instanceof goog.html.SafeUrl) { safeUrl = url; } else { safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url); } loc.href = goog.html.SafeUrl.unwrap(safeUrl); }; goog.dom.safe.assignLocation = function(loc, url) { goog.dom.asserts.assertIsLocation(loc); var safeUrl; if (url instanceof goog.html.SafeUrl) { safeUrl = url; } else { safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url); } loc.assign(goog.html.SafeUrl.unwrap(safeUrl)); }; goog.dom.safe.replaceLocation = function(loc, url) { var safeUrl; if (url instanceof goog.html.SafeUrl) { safeUrl = url; } else { safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url); } loc.replace(goog.html.SafeUrl.unwrap(safeUrl)); }; goog.dom.safe.openInWindow = function(url, opt_openerWin, opt_name, opt_specs) { var safeUrl; if (url instanceof goog.html.SafeUrl) { safeUrl = url; } else { safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url); } var win = opt_openerWin || goog.global; var name = opt_name instanceof goog.string.Const ? goog.string.Const.unwrap(opt_name) : opt_name || ""; if (opt_specs !== undefined) { return win.open(goog.html.SafeUrl.unwrap(safeUrl), name, opt_specs); } else { return win.open(goog.html.SafeUrl.unwrap(safeUrl), name); } }; goog.dom.safe.parseFromStringHtml = function(parser, html) { return goog.dom.safe.parseFromString(parser, html, "text/html"); }; goog.dom.safe.parseFromString = function(parser, content, type) { return parser.parseFromString(goog.html.SafeHtml.unwrapTrustedHTML(content), type); }; goog.dom.safe.createImageFromBlob = function(blob) { if (!/^image\/.*/g.test(blob.type)) { throw new Error("goog.dom.safe.createImageFromBlob only accepts MIME type image/.*."); } var objectUrl = goog.global.URL.createObjectURL(blob); var image = new goog.global.Image(); image.onload = function() { goog.global.URL.revokeObjectURL(objectUrl); }; image.src = objectUrl; return image; }; goog.dom.safe.createContextualFragment = function(range, html) { return range.createContextualFragment(goog.html.SafeHtml.unwrapTrustedHTML(html)); }; goog.dom.safe.getScriptNonce = function(opt_window) { return goog.dom.safe.getNonce_("script[nonce]", opt_window); }; goog.dom.safe.getStyleNonce = function(opt_window) { return goog.dom.safe.getNonce_('style[nonce],link[rel\x3d"stylesheet"][nonce]', opt_window); }; goog.dom.safe.NONCE_PATTERN_ = /^[\w+/_-]+[=]{0,2}$/; goog.dom.safe.getNonce_ = function(selector, win) { const doc = (win || goog.global).document; if (!doc.querySelector) { return ""; } let el = doc.querySelector(selector); if (el) { const nonce = el["nonce"] || el.getAttribute("nonce"); if (nonce && goog.dom.safe.NONCE_PATTERN_.test(nonce)) { return nonce; } } return ""; }; //# sourceMappingURL=goog.dom.safe.js.map