sdk/lib/html/dartium/html_dartium.dart - Issue 1154423009: Make it easier and more efficient to use trusted HTML text

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sdk/lib/html/dartium/html_dartium.dart

Issue 1154423009: Make it easier and more efficient to use trusted HTML text (Closed) Base URL: git@github.com:dart-lang/sdk.git@master

Patch Set: Formatting Created 5 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Download patch

Index: sdk/lib/html/dartium/html_dartium.dart

diff --git a/sdk/lib/html/dartium/html_dartium.dart b/sdk/lib/html/dartium/html_dartium.dart

index 5ab6241ee4e47d93cb7c2ca1fae7ac7e4579d59b..1de3e1cc28e3865a0fea7f8051e264284cb7a318 100644

--- a/sdk/lib/html/dartium/html_dartium.dart

+++ b/sdk/lib/html/dartium/html_dartium.dart

@@ -12423,8 +12423,12 @@ abstract class Element extends Node implements GlobalEventHandlers, ParentNode,

void insertAdjacentHtml(String where, String html, {NodeValidator validator,

NodeTreeSanitizer treeSanitizer}) {

- _insertAdjacentNode(where, new DocumentFragment.html(html,

- validator: validator, treeSanitizer: treeSanitizer));

+ if (treeSanitizer is _TrustedHtmlTreeSanitizer) {

+ _insertAdjacentHtml(where, html);

+ } else {

+ _insertAdjacentNode(where, new DocumentFragment.html(html,

+ validator: validator, treeSanitizer: treeSanitizer));

+ }

}

@@ -12695,8 +12699,12 @@ abstract class Element extends Node implements GlobalEventHandlers, ParentNode,

void setInnerHtml(String html,

{NodeValidator validator, NodeTreeSanitizer treeSanitizer}) {

text = null;

- append(createFragment(

- html, validator: validator, treeSanitizer: treeSanitizer));

+ if (treeSanitizer is _TrustedHtmlTreeSanitizer) {

+ _innerHtml = html;

+ } else {

+ append(createFragment(

+ html, validator: validator, treeSanitizer: treeSanitizer));

+ }

}

String get innerHtml => _innerHtml;

@@ -40622,9 +40630,27 @@ abstract class NodeTreeSanitizer {

* will mark the entire tree as unsafe.

void sanitizeTree(Node node);

+ /**

+ * A sanitizer for trees that we trust. It does no validation and allows

+ * any elements. It is also more efficient, since it can pass the text

+ * directly through to the underlying APIs without creating a document

+ * fragment to be sanitized.

+ */

+ static const trusted = const _TrustedHtmlTreeSanitizer();

}

/**

+ * A sanitizer for trees that we trust. It does no validation and allows

+ * any elements.

+ */

+class _TrustedHtmlTreeSanitizer implements NodeTreeSanitizer {

+ const _TrustedHtmlTreeSanitizer();

+ sanitizeTree(Node node) {}

+/**

* Defines the policy for what types of uris are allowed for particular

* attribute values.

« no previous file with comments | « sdk/lib/html/dart2js/html_dart2js.dart ('k') | tests/html/custom/created_callback_test.dart » ('j') | no next file with comments »