Package com.google.gwt.safecss.shared

Class SafeStylesUtils

  • public final class SafeStylesUtils
extends java.lang.Object
    Utility class containing static methods for creating SafeStyles.

    • Method Detail

      • forBorderWidth

        public static SafeStyles forBorderWidth​(double value,
                                        Style.Unit unit)
        Set the border-width css property.

      • forBottom

        public static SafeStyles forBottom​(double value,
                                   Style.Unit unit)
        Set the bottom css property.

      • forFontSize

        public static SafeStyles forFontSize​(double value,
                                     Style.Unit unit)
        Set the font-size css property.

      • forHeight

        public static SafeStyles forHeight​(double value,
                                   Style.Unit unit)
        Set the height css property.

      • forLeft

        public static SafeStyles forLeft​(double value,
                                 Style.Unit unit)
        Set the left css property.

      • forLineHeight

        public static SafeStyles forLineHeight​(double value,
                                       Style.Unit unit)
        Set the line-height css property.

      • forMargin

        public static SafeStyles forMargin​(double value,
                                   Style.Unit unit)
        Set the margin css property.

      • forMarginBottom

        public static SafeStyles forMarginBottom​(double value,
                                         Style.Unit unit)
        Set the margin-bottom css property.

      • forMarginLeft

        public static SafeStyles forMarginLeft​(double value,
                                       Style.Unit unit)
        Set the margin-left css property.

      • forMarginRight

        public static SafeStyles forMarginRight​(double value,
                                        Style.Unit unit)
        Set the margin-right css property.

      • forMarginTop

        public static SafeStyles forMarginTop​(double value,
                                      Style.Unit unit)
        Set the margin-top css property.

      • forOpacity

        public static SafeStyles forOpacity​(double value)
        Set the opacity css property.

      • forOutlineWidth

        public static SafeStyles forOutlineWidth​(double value,
                                         Style.Unit unit)
        Set the outline-width css property.

      • forPadding

        public static SafeStyles forPadding​(double value,
                                    Style.Unit unit)
        Set the padding css property.

      • forPaddingBottom

        public static SafeStyles forPaddingBottom​(double value,
                                          Style.Unit unit)
        Set the padding-bottom css property.

      • forPaddingLeft

        public static SafeStyles forPaddingLeft​(double value,
                                        Style.Unit unit)
        Set the padding-left css property.

      • forPaddingRight

        public static SafeStyles forPaddingRight​(double value,
                                         Style.Unit unit)
        Set the padding-right css property.

      • forPaddingTop

        public static SafeStyles forPaddingTop​(double value,
                                       Style.Unit unit)
        Set the padding-top css property.

      • forRight

        public static SafeStyles forRight​(double value,
                                  Style.Unit unit)
        Set the right css property.

      • forTextIndent

        public static SafeStyles forTextIndent​(double value,
                                       Style.Unit unit)
        Set the 'text-indent' CSS property.

      • forTop

        public static SafeStyles forTop​(double value,
                                Style.Unit unit)
        Set the top css property.

      • forTrustedBackgroundColor

        public static SafeStyles forTrustedBackgroundColor​(java.lang.String value)

        Returns a SafeStyles constructed from a trusted background color, i.e., without escaping the value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

        SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

        Parameters:
        value - the property value
        Returns:
        a SafeStyles instance

      • forTrustedBackgroundImage

        public static SafeStyles forTrustedBackgroundImage​(java.lang.String value)

        Returns a SafeStyles constructed from a trusted background image, i.e., without escaping the value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

        SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

        Parameters:
        value - the property value
        Returns:
        a SafeStyles instance
        See Also:
        forBackgroundImage(SafeUri)

      • forTrustedBorderColor

        public static SafeStyles forTrustedBorderColor​(java.lang.String value)

        Returns a SafeStyles constructed from a trusted border color, i.e., without escaping the value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

        SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

        Parameters:
        value - the property value
        Returns:
        a SafeStyles instance

      • forTrustedColor

        public static SafeStyles forTrustedColor​(java.lang.String value)

        Returns a SafeStyles constructed from a trusted font color, i.e., without escaping the value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

        SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

        Parameters:
        value - the property value
        Returns:
        a SafeStyles instance

      • forTrustedOutlineColor

        public static SafeStyles forTrustedOutlineColor​(java.lang.String value)

        Returns a SafeStyles constructed from a trusted outline color, i.e., without escaping the value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

        SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

        Parameters:
        value - the property value
        Returns:
        a SafeStyles instance

      • forVerticalAlign

        public static SafeStyles forVerticalAlign​(double value,
                                          Style.Unit unit)
        Sets the vertical-align CSS property.

      • forWidth

        public static SafeStyles forWidth​(double value,
                                  Style.Unit unit)
        Set the width css property.

      • forZIndex

        public static SafeStyles forZIndex​(int value)
        Set the z-index css property.

      • fromTrustedNameAndValue

        public static SafeStyles fromTrustedNameAndValue​(java.lang.String name,
                                                 double value,
                                                 Style.Unit unit)

        Returns a SafeStyles constructed from a trusted name and a trusted value, i.e., without escaping the name and value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

        SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

        The name should be in hyphenated format, not camelCase format.

        Parameters:
        name - the property name
        value - the value
        unit - the units of the value
        Returns:
        a SafeStyles instance

      • fromTrustedNameAndValue

        public static SafeStyles fromTrustedNameAndValue​(java.lang.String name,
                                                 java.lang.String value)

        Returns a SafeStyles constructed from a trusted name and a trusted value, i.e., without escaping the name and value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

        SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

        The name should be in hyphenated format, not camelCase format.

        Parameters:
        name - the property name
        value - the property value
        Returns:
        a SafeStyles instance

      • fromTrustedString

        public static SafeStyles fromTrustedString​(java.lang.String s)

        Returns a SafeStyles constructed from a trusted string, i.e., without escaping the string. No checks are performed. The calling code should be carefully reviewed to ensure the argument meets the SafeStyles contract.

        Generally, SafeStyles should be of the form cssPropertyName:value;, where neither the name nor the value contain malicious scripts.

        SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

        The following example values comply with this type's contract:

        • width: 1em;
        • height:1em;
        • width: 1em;height: 1em;
        • background:url('http://url');
        In addition, the empty string is safe for use in a CSS attribute.

        The following example values do not comply with this type's contract:

        • background: red (missing a trailing semi-colon)
        • background: (missing a value and a trailing semi-colon)
        • 1em (missing an attribute name, which provides context for the value)
        Parameters:
        s - the input String
        Returns:
        a SafeStyles instance

      • verifySafeStylesConstraints

        static void verifySafeStylesConstraints​(java.lang.String styles)
        Verify that the basic constraints of a SafeStyles are met. This method is not a guarantee that the specified css is safe for use in a CSS style attribute. It is a minimal set of assertions to check for common errors.
        Parameters:
        styles - the CSS properties string
        Throws:
        java.lang.NullPointerException - if the css is null
        java.lang.AssertionError - if the css does not meet the constraints