269 lines
10 KiB
JavaScript
269 lines
10 KiB
JavaScript
/*TRANSPILED*//*
|
|
|
|
Copyright The Closure Library Authors.
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
'use strict';
|
|
goog.provide("goog.dom.safe");
|
|
goog.provide("goog.dom.safe.InsertAdjacentHtmlPosition");
|
|
goog.require("goog.asserts");
|
|
goog.require("goog.asserts.dom");
|
|
goog.require("goog.dom.asserts");
|
|
goog.require("goog.functions");
|
|
goog.require("goog.html.SafeHtml");
|
|
goog.require("goog.html.SafeScript");
|
|
goog.require("goog.html.SafeStyle");
|
|
goog.require("goog.html.SafeUrl");
|
|
goog.require("goog.html.TrustedResourceUrl");
|
|
goog.require("goog.html.uncheckedconversions");
|
|
goog.require("goog.string.Const");
|
|
goog.require("goog.string.internal");
|
|
goog.dom.safe.InsertAdjacentHtmlPosition = {AFTERBEGIN:"afterbegin", AFTEREND:"afterend", BEFOREBEGIN:"beforebegin", BEFOREEND:"beforeend"};
|
|
goog.dom.safe.insertAdjacentHtml = function(node, position, html) {
|
|
node.insertAdjacentHTML(position, goog.html.SafeHtml.unwrapTrustedHTML(html));
|
|
};
|
|
goog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_ = {"MATH":true, "SCRIPT":true, "STYLE":true, "SVG":true, "TEMPLATE":true};
|
|
goog.dom.safe.isInnerHtmlCleanupRecursive_ = goog.functions.cacheReturnValue(function() {
|
|
if (goog.DEBUG && typeof document === "undefined") {
|
|
return false;
|
|
}
|
|
var div = document.createElement("div");
|
|
var childDiv = document.createElement("div");
|
|
childDiv.appendChild(document.createElement("div"));
|
|
div.appendChild(childDiv);
|
|
if (goog.DEBUG && !div.firstChild) {
|
|
return false;
|
|
}
|
|
var innerChild = div.firstChild.firstChild;
|
|
div.innerHTML = goog.html.SafeHtml.unwrapTrustedHTML(goog.html.SafeHtml.EMPTY);
|
|
return !innerChild.parentElement;
|
|
});
|
|
goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse = function(elem, html) {
|
|
if (goog.dom.safe.isInnerHtmlCleanupRecursive_()) {
|
|
while (elem.lastChild) {
|
|
elem.removeChild(elem.lastChild);
|
|
}
|
|
}
|
|
elem.innerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html);
|
|
};
|
|
goog.dom.safe.setInnerHtml = function(elem, html) {
|
|
if (goog.asserts.ENABLE_ASSERTS && elem.tagName) {
|
|
var tagName = elem.tagName.toUpperCase();
|
|
if (goog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_[tagName]) {
|
|
throw new Error("goog.dom.safe.setInnerHtml cannot be used to set content of " + elem.tagName + ".");
|
|
}
|
|
}
|
|
goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse(elem, html);
|
|
};
|
|
goog.dom.safe.setInnerHtmlFromConstant = function(element, constHtml) {
|
|
goog.dom.safe.setInnerHtml(element, goog.html.uncheckedconversions.safeHtmlFromStringKnownToSatisfyTypeContract(goog.string.Const.from("Constant HTML to be immediatelly used."), goog.string.Const.unwrap(constHtml)));
|
|
};
|
|
goog.dom.safe.setOuterHtml = function(elem, html) {
|
|
elem.outerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html);
|
|
};
|
|
goog.dom.safe.setFormElementAction = function(form, url) {
|
|
var safeUrl;
|
|
if (url instanceof goog.html.SafeUrl) {
|
|
safeUrl = url;
|
|
} else {
|
|
safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);
|
|
}
|
|
goog.asserts.dom.assertIsHtmlFormElement(form).action = goog.html.SafeUrl.unwrap(safeUrl);
|
|
};
|
|
goog.dom.safe.setButtonFormAction = function(button, url) {
|
|
var safeUrl;
|
|
if (url instanceof goog.html.SafeUrl) {
|
|
safeUrl = url;
|
|
} else {
|
|
safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);
|
|
}
|
|
goog.asserts.dom.assertIsHtmlButtonElement(button).formAction = goog.html.SafeUrl.unwrap(safeUrl);
|
|
};
|
|
goog.dom.safe.setInputFormAction = function(input, url) {
|
|
var safeUrl;
|
|
if (url instanceof goog.html.SafeUrl) {
|
|
safeUrl = url;
|
|
} else {
|
|
safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);
|
|
}
|
|
goog.asserts.dom.assertIsHtmlInputElement(input).formAction = goog.html.SafeUrl.unwrap(safeUrl);
|
|
};
|
|
goog.dom.safe.setStyle = function(elem, style) {
|
|
elem.style.cssText = goog.html.SafeStyle.unwrap(style);
|
|
};
|
|
goog.dom.safe.documentWrite = function(doc, html) {
|
|
doc.write(goog.html.SafeHtml.unwrapTrustedHTML(html));
|
|
};
|
|
goog.dom.safe.setAnchorHref = function(anchor, url) {
|
|
goog.asserts.dom.assertIsHtmlAnchorElement(anchor);
|
|
var safeUrl;
|
|
if (url instanceof goog.html.SafeUrl) {
|
|
safeUrl = url;
|
|
} else {
|
|
safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);
|
|
}
|
|
anchor.href = goog.html.SafeUrl.unwrap(safeUrl);
|
|
};
|
|
goog.dom.safe.setAudioSrc = function(audioElement, url) {
|
|
goog.asserts.dom.assertIsHtmlAudioElement(audioElement);
|
|
var safeUrl;
|
|
if (url instanceof goog.html.SafeUrl) {
|
|
safeUrl = url;
|
|
} else {
|
|
safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);
|
|
}
|
|
audioElement.src = goog.html.SafeUrl.unwrap(safeUrl);
|
|
};
|
|
goog.dom.safe.setVideoSrc = function(videoElement, url) {
|
|
goog.asserts.dom.assertIsHtmlVideoElement(videoElement);
|
|
var safeUrl;
|
|
if (url instanceof goog.html.SafeUrl) {
|
|
safeUrl = url;
|
|
} else {
|
|
safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);
|
|
}
|
|
videoElement.src = goog.html.SafeUrl.unwrap(safeUrl);
|
|
};
|
|
goog.dom.safe.setEmbedSrc = function(embed, url) {
|
|
goog.asserts.dom.assertIsHtmlEmbedElement(embed);
|
|
embed.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);
|
|
};
|
|
goog.dom.safe.setFrameSrc = function(frame, url) {
|
|
goog.asserts.dom.assertIsHtmlFrameElement(frame);
|
|
frame.src = goog.html.TrustedResourceUrl.unwrap(url);
|
|
};
|
|
goog.dom.safe.setIframeSrc = function(iframe, url) {
|
|
goog.asserts.dom.assertIsHtmlIFrameElement(iframe);
|
|
iframe.src = goog.html.TrustedResourceUrl.unwrap(url);
|
|
};
|
|
goog.dom.safe.setIframeSrcdoc = function(iframe, html) {
|
|
goog.asserts.dom.assertIsHtmlIFrameElement(iframe);
|
|
iframe.srcdoc = goog.html.SafeHtml.unwrapTrustedHTML(html);
|
|
};
|
|
goog.dom.safe.setLinkHrefAndRel = function(link, url, rel) {
|
|
goog.asserts.dom.assertIsHtmlLinkElement(link);
|
|
link.rel = rel;
|
|
if (goog.string.internal.caseInsensitiveContains(rel, "stylesheet")) {
|
|
goog.asserts.assert(url instanceof goog.html.TrustedResourceUrl, 'URL must be TrustedResourceUrl because "rel" contains "stylesheet"');
|
|
link.href = goog.html.TrustedResourceUrl.unwrap(url);
|
|
const win = link.ownerDocument && link.ownerDocument.defaultView;
|
|
const nonce = goog.dom.safe.getStyleNonce(win);
|
|
if (nonce) {
|
|
link.setAttribute("nonce", nonce);
|
|
}
|
|
} else if (url instanceof goog.html.TrustedResourceUrl) {
|
|
link.href = goog.html.TrustedResourceUrl.unwrap(url);
|
|
} else if (url instanceof goog.html.SafeUrl) {
|
|
link.href = goog.html.SafeUrl.unwrap(url);
|
|
} else {
|
|
link.href = goog.html.SafeUrl.unwrap(goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url));
|
|
}
|
|
};
|
|
goog.dom.safe.setObjectData = function(object, url) {
|
|
goog.asserts.dom.assertIsHtmlObjectElement(object);
|
|
object.data = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);
|
|
};
|
|
goog.dom.safe.setScriptSrc = function(script, url) {
|
|
goog.asserts.dom.assertIsHtmlScriptElement(script);
|
|
goog.dom.safe.setNonceForScriptElement_(script);
|
|
script.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);
|
|
};
|
|
goog.dom.safe.setScriptContent = function(script, content) {
|
|
goog.asserts.dom.assertIsHtmlScriptElement(script);
|
|
goog.dom.safe.setNonceForScriptElement_(script);
|
|
script.textContent = goog.html.SafeScript.unwrapTrustedScript(content);
|
|
};
|
|
goog.dom.safe.setNonceForScriptElement_ = function(script) {
|
|
var win = script.ownerDocument && script.ownerDocument.defaultView;
|
|
const nonce = goog.dom.safe.getScriptNonce(win);
|
|
if (nonce) {
|
|
script.setAttribute("nonce", nonce);
|
|
}
|
|
};
|
|
goog.dom.safe.setLocationHref = function(loc, url) {
|
|
goog.dom.asserts.assertIsLocation(loc);
|
|
var safeUrl;
|
|
if (url instanceof goog.html.SafeUrl) {
|
|
safeUrl = url;
|
|
} else {
|
|
safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);
|
|
}
|
|
loc.href = goog.html.SafeUrl.unwrap(safeUrl);
|
|
};
|
|
goog.dom.safe.assignLocation = function(loc, url) {
|
|
goog.dom.asserts.assertIsLocation(loc);
|
|
var safeUrl;
|
|
if (url instanceof goog.html.SafeUrl) {
|
|
safeUrl = url;
|
|
} else {
|
|
safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);
|
|
}
|
|
loc.assign(goog.html.SafeUrl.unwrap(safeUrl));
|
|
};
|
|
goog.dom.safe.replaceLocation = function(loc, url) {
|
|
var safeUrl;
|
|
if (url instanceof goog.html.SafeUrl) {
|
|
safeUrl = url;
|
|
} else {
|
|
safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);
|
|
}
|
|
loc.replace(goog.html.SafeUrl.unwrap(safeUrl));
|
|
};
|
|
goog.dom.safe.openInWindow = function(url, opt_openerWin, opt_name, opt_specs) {
|
|
var safeUrl;
|
|
if (url instanceof goog.html.SafeUrl) {
|
|
safeUrl = url;
|
|
} else {
|
|
safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);
|
|
}
|
|
var win = opt_openerWin || goog.global;
|
|
var name = opt_name instanceof goog.string.Const ? goog.string.Const.unwrap(opt_name) : opt_name || "";
|
|
if (opt_specs !== undefined) {
|
|
return win.open(goog.html.SafeUrl.unwrap(safeUrl), name, opt_specs);
|
|
} else {
|
|
return win.open(goog.html.SafeUrl.unwrap(safeUrl), name);
|
|
}
|
|
};
|
|
goog.dom.safe.parseFromStringHtml = function(parser, html) {
|
|
return goog.dom.safe.parseFromString(parser, html, "text/html");
|
|
};
|
|
goog.dom.safe.parseFromString = function(parser, content, type) {
|
|
return parser.parseFromString(goog.html.SafeHtml.unwrapTrustedHTML(content), type);
|
|
};
|
|
goog.dom.safe.createImageFromBlob = function(blob) {
|
|
if (!/^image\/.*/g.test(blob.type)) {
|
|
throw new Error("goog.dom.safe.createImageFromBlob only accepts MIME type image/.*.");
|
|
}
|
|
var objectUrl = goog.global.URL.createObjectURL(blob);
|
|
var image = new goog.global.Image();
|
|
image.onload = function() {
|
|
goog.global.URL.revokeObjectURL(objectUrl);
|
|
};
|
|
image.src = objectUrl;
|
|
return image;
|
|
};
|
|
goog.dom.safe.createContextualFragment = function(range, html) {
|
|
return range.createContextualFragment(goog.html.SafeHtml.unwrapTrustedHTML(html));
|
|
};
|
|
goog.dom.safe.getScriptNonce = function(opt_window) {
|
|
return goog.dom.safe.getNonce_("script[nonce]", opt_window);
|
|
};
|
|
goog.dom.safe.getStyleNonce = function(opt_window) {
|
|
return goog.dom.safe.getNonce_('style[nonce],link[rel\x3d"stylesheet"][nonce]', opt_window);
|
|
};
|
|
goog.dom.safe.NONCE_PATTERN_ = /^[\w+/_-]+[=]{0,2}$/;
|
|
goog.dom.safe.getNonce_ = function(selector, win) {
|
|
const doc = (win || goog.global).document;
|
|
if (!doc.querySelector) {
|
|
return "";
|
|
}
|
|
let el = doc.querySelector(selector);
|
|
if (el) {
|
|
const nonce = el["nonce"] || el.getAttribute("nonce");
|
|
if (nonce && goog.dom.safe.NONCE_PATTERN_.test(nonce)) {
|
|
return nonce;
|
|
}
|
|
}
|
|
return "";
|
|
};
|