com.google.template.soy.shared.internal

Class EscapingConventions.CrossLanguageStringXform

java.lang.Object

com.google.common.escape.Escaper

com.google.template.soy.shared.internal.EscapingConventions.CrossLanguageStringXform

Direct Known Subclasses:

EscapingConventions.EscapeCssString, EscapingConventions.EscapeHtml, EscapingConventions.EscapeHtmlNospace, EscapingConventions.EscapeJsRegex, EscapingConventions.EscapeJsString, EscapingConventions.EscapeUri, EscapingConventions.FilterCssValue, EscapingConventions.FilterHtmlAttributes, EscapingConventions.FilterHtmlElementName, EscapingConventions.FilterImageDataUri, EscapingConventions.FilterNormalizeMediaUri, EscapingConventions.FilterNormalizeUri, EscapingConventions.FilterSipUri, EscapingConventions.FilterTelUri, EscapingConventions.NormalizeHtml, EscapingConventions.NormalizeHtmlNospace, EscapingConventions.NormalizeUri

Enclosing class:

EscapingConventions

public abstract static class EscapingConventions.CrossLanguageStringXform
extends com.google.common.escape.Escaper

A transformation on strings that preserves some correctness or safety properties. Subclasses come in three varieties:

Escaper

A mapping from strings in an input language to strings in an output language that preserves the content. E.g. the plain text string 1 < 2 can be escaped to the equivalent HTML string 1 < 2.

Normalizer

A mapping from strings in a language to equivalent strings in the same language but that can be more easily embedded in another language. E.g. the URI http://www.google.com/search?q=O'Reilly is equivalent to http://www.google.com/search?q=O%27Reilly but the latter can be safely embedded in a single quoted HTML attribute.

Filter

A mapping from strings in a language to the same value or to an innocuous value. E.g. the string h1 might pass an html identifier filter but the string ><script>alert('evil')</script> should not and could be replaced by an innocuous value like zzz.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	CrossLanguageStringXform(Pattern valueFilter, String nonAsciiPrefix)

Method Summary

Modifier and Type	Method and Description
protected abstract com.google.common.collect.ImmutableList<EscapingConventions.Escape>	defineEscapes() Returns the escapes used for this escaper.
Appendable	escape(Appendable out) Escapes all the bytes written to the returned appendable with this strategy.
String	escape(String string)
String	getDirectiveName() The name of the directive associated with this escaping function.
com.google.common.collect.ImmutableList<EscapingConventions.Escape>	getEscapes() The escapes need to translate the input language to the output language.
String	getInnocuousOutput() Returns an innocuous string in this context that can be used when filtering.
List<String>	getLangFunctionNames(EscapingConventions.EscapingLanguage language) The names of existing language builtins or available library functions (such as Google Closure) that implement the escaping convention.
String	getNonAsciiPrefix() An escaping prefix in "%", "\\u", "\\" which specifies how to escape non-ASCII code units not in the sparse mapping.
Pattern	getValueFilter() Null if the escaper accepts all strings as inputs, or otherwise a regular expression that accepts only strings that can be escaped by this escaper.

Methods inherited from class com.google.common.escape.Escaper

asFunction

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CrossLanguageStringXform

protected CrossLanguageStringXform(@Nullable
                                   Pattern valueFilter,
                                   @Nullable
                                   String nonAsciiPrefix)

Parameters:

valueFilter - null if the directive accepts all strings as inputs. Otherwise a regular expression that accepts only strings that can be escaped by this directive.

nonAsciiPrefix - An escaping prefix in "%", "\\u", "\\" which specifies how to escape non-ASCII code units not in the sparse mapping. If null, then non-ASCII code units outside the sparse map can appear unescaped.

Method Detail

defineEscapes

protected abstract com.google.common.collect.ImmutableList<EscapingConventions.Escape> defineEscapes()

Returns the escapes used for this escaper.

getDirectiveName

public String getDirectiveName()

The name of the directive associated with this escaping function.

Returns:

E.g. |escapeHtml

getNonAsciiPrefix

@Nullable
public final String getNonAsciiPrefix()

An escaping prefix in "%", "\\u", "\\" which specifies how to escape non-ASCII code units not in the sparse mapping. If null, then non-ASCII code units outside the sparse map can appear unescaped.

getValueFilter

@Nullable
public final Pattern getValueFilter()

Null if the escaper accepts all strings as inputs, or otherwise a regular expression that accepts only strings that can be escaped by this escaper.

getEscapes

public final com.google.common.collect.ImmutableList<EscapingConventions.Escape> getEscapes()

The escapes need to translate the input language to the output language.

getLangFunctionNames

public List<String> getLangFunctionNames(EscapingConventions.EscapingLanguage language)

The names of existing language builtins or available library functions (such as Google Closure) that implement the escaping convention.

Parameters:

language - The language being escaped.

Returns:

null if there is no such function.

getInnocuousOutput

public String getInnocuousOutput()

Returns an innocuous string in this context that can be used when filtering.

escape

public final String escape(String string)

Specified by:

escape in class com.google.common.escape.Escaper

escape

public final Appendable escape(Appendable out)

Escapes all the bytes written to the returned appendable with this strategy.

This is guaranteed to not do any buffering, each Appendable.append(java.lang.CharSequence) operation will directly pass through into a series of append operations on the delegate.