SanitizedContents (Soy Lite)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.google.template.soy.data
Class SanitizedContents

java.lang.Object
  com.google.template.soy.data.SanitizedContents

@ParametersAreNonnullByDefault public final class SanitizedContents
extends Object
extends Object

Creation utilities for SanitizedContent objects for common use cases.

This should contain utilities that have extremely broad application. More specific utilities should reside with the specific project.

All utilities here should be extremely difficult to abuse in a way that could create attacker-controlled SanitizedContent objects. Java's type system is a great tool to achieve this.

Method Summary
`static SanitizedContent`	`emptyString(SanitizedContent.ContentKind kind)` Creates an empty string constant.
`static SanitizedContent`	`fromResource(Class<?> contextClass, String resourceName, Charset charset, SanitizedContent.ContentKind kind)` Loads assumed-safe content from a Java resource.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Method Detail

emptyString

public static SanitizedContent emptyString(SanitizedContent.ContentKind kind)
                                    throws IOException

Creates an empty string constant.

Throws:: IOException

fromResource

public static SanitizedContent fromResource(Class<?> contextClass,
                                            String resourceName,
                                            Charset charset,
                                            SanitizedContent.ContentKind kind)
                                     throws IOException

Loads assumed-safe content from a Java resource. This performs ZERO VALIDATION of the data, and takes you on your word that the input is valid. We assume that resources should be safe because they are part of the binary, and therefore not attacker controlled, unless the source code is compromised (in which there's nothing we can do).

Parameters:: contextClass - Class relative to which to load the resource.; resourceName - The name of the resource, relative to the context class.; charset - The character set to use, usually Charsets.UTF_8.; kind - The content kind of the resource.
Throws:: IOException