EscapingConventions (Closure Templates)

java.lang.Object
- com.google.template.soy.shared.internal.EscapingConventions

```
@ParametersAreNonnullByDefault
public final class EscapingConventions
extends Object
```
Definitions of escaping functions that behave consistently in JavaScript and Java that implement the escaping directives as in {print $x |escapeJsString}.
An escaping convention is defined in terms of
1. An optional filter predicate that all valid inputs must match.
2. An optional function name from the closure JavaScript library that already implements the escaping convention.
3. A required mapping from characters to escaping strings.
Escaping functions are exposed as Escapers in Java and via a JavaScript code generating ant task for JavaScript.

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`EscapingConventions.CrossLanguageStringXform` A transformation on strings that preserves some correctness or safety properties.
`static class`	`EscapingConventions.Escape` A mapping from a plain text character to the escaped text in the target language.
`static class`	`EscapingConventions.EscapeCssString` Implements the `\|escapeCssString` directive which allows arbitrary content to be included in a CSS quoted string or identifier.
`static class`	`EscapingConventions.EscapeHtml` Implements the `\|escapeHtml` directive.
`static class`	`EscapingConventions.EscapeHtmlNospace` Implements the `\|escapeHtmlNoSpace` directive which allows arbitrary content to be included in the value of an unquoted HTML attribute.
`static class`	`EscapingConventions.EscapeJsRegex` Implements the `\|escapeJsRegex` directive which allows arbitrary content to be included inside a JavaScript regular expression.
`static class`	`EscapingConventions.EscapeJsString` Implements the `\|escapeJsString` directive which allows arbitrary content to be included inside a quoted JavaScript string.
`static class`	`EscapingConventions.EscapeUri` Implements the `\|escapeUri` directive which allows arbitrary content to be included in a URI regardless of the string delimiters of the the surrounding language.
`static class`	`EscapingConventions.EscapingLanguage` The list of potential languages which are used by the escapers.
`static class`	`EscapingConventions.FilterCssValue` Implements the `\|filterCssValue` directive which filters out strings that are not valid CSS property names, keyword values, quantities, hex colors, or ID or class literals.
`static class`	`EscapingConventions.FilterHtmlAttributes` Implements the `\|filterHtmlAttributes` directive which filters out identifiers that can't appear as part of an HTML tag or attribute name.
`static class`	`EscapingConventions.FilterHtmlElementName` Implements the `\|filterHtmlElementName` directive which filters out identifiers that can't appear as part of an HTML tag or attribute name.
`static class`	`EscapingConventions.FilterImageDataUri` Accepts only data URI's that contain an image.
`static class`	`EscapingConventions.FilterNormalizeMediaUri` Like `EscapingConventions.FilterNormalizeUri`, but also accepts `data:` and `blob:` URIs, since image sources don't execute script in the same origin as the page (although image handling 0-days are available from time to time, but a templating language can't realistically try to protect against such a thing).
`static class`	`EscapingConventions.FilterNormalizeUri` Like `EscapingConventions.NormalizeUri` but filters out dangerous protocols.
`static class`	`EscapingConventions.FilterSipUri` Accepts only sip URIs but does not verify complete correctness.
`static class`	`EscapingConventions.FilterTelUri` Accepts only tel URIs but does not verify complete correctness.
`static class`	`EscapingConventions.NormalizeHtml` A directive that encodes any HTML special characters that can appear in RCDATA unescaped but that can be escaped without changing semantics.
`static class`	`EscapingConventions.NormalizeHtmlNospace` A directive that encodes any HTML special characters and unquoted attribute terminators that can appear in RCDATA unescaped but that can be escaped without changing semantics.
`static class`	`EscapingConventions.NormalizeUri` Implements the `\|normalizeUri` directive which allows arbitrary content to be included in a URI regardless of the string delimiters of the the surrounding language.

Field Summary

Fields
Modifier and Type	Field and Description
`static Pattern`	`HTML_TAG_CONTENT` Loose matcher for HTML tags, DOCTYPEs, and HTML comments.
`static String`	`INNOCUOUS_OUTPUT` A string, used as the result of a filter when the filter pattern does not match the input, that is not a substring of any keyword or well-known identifier in HTML, JS, or CSS and that is a valid identifier part in all those languages, and which cannot terminate a string, comment, or other bracketed section.

Constructor Summary

Constructors
Constructor and Description

EscapingConventions()

Constructors
Constructor and Description
`EscapingConventions()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static Iterable<EscapingConventions.CrossLanguageStringXform>`	`getAllEscapers()` An accessor for all string transforms defined above.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - INNOCUOUS_OUTPUT
```
public static final String INNOCUOUS_OUTPUT
```
    A string, used as the result of a filter when the filter pattern does not match the input, that is not a substring of any keyword or well-known identifier in HTML, JS, or CSS and that is a valid identifier part in all those languages, and which cannot terminate a string, comment, or other bracketed section.
    This string is also longer than necessary so that developers can use grep when it starts showing up in their output.
    If grep directed you here, then one of your Soy templates is using a filter directive that is receiving a potentially unsafe input. Run your app in debug mode and you should get the name of the directive and the input deemed unsafe.
    
    See Also:
    
    Constant Field Values
  - HTML_TAG_CONTENT
```
public static final Pattern HTML_TAG_CONTENT
```
    Loose matcher for HTML tags, DOCTYPEs, and HTML comments. This will reliably find HTML tags (though not CDATA tags and not XML tags whose name or namespace starts with a non-latin character), and will do a good job with DOCTYPES (though will have trouble with complex doctypes that define their own entities) and does a decent job with simple HTML comments.
    This should be good enough since HTML sanitizers do not typically output comments, or CDATA, or RCDATA content.
    The tag name, if any is in group 1.
- Constructor Detail
  - EscapingConventions
```
public EscapingConventions()
```
- Method Detail
  - getAllEscapers
```
public static Iterable<EscapingConventions.CrossLanguageStringXform> getAllEscapers()
```
    An accessor for all string transforms defined above.

Class EscapingConventions

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

INNOCUOUS_OUTPUT

HTML_TAG_CONTENT

Constructor Detail

EscapingConventions

Method Detail

getAllEscapers