summaryrefslogtreecommitdiff
path: root/assets/viz/2/goog/html/safestylesheet.js
diff options
context:
space:
mode:
Diffstat (limited to 'assets/viz/2/goog/html/safestylesheet.js')
-rw-r--r--assets/viz/2/goog/html/safestylesheet.js68
1 files changed, 67 insertions, 1 deletions
diff --git a/assets/viz/2/goog/html/safestylesheet.js b/assets/viz/2/goog/html/safestylesheet.js
index 65a81b0..cdd9e31 100644
--- a/assets/viz/2/goog/html/safestylesheet.js
+++ b/assets/viz/2/goog/html/safestylesheet.js
@@ -22,6 +22,8 @@ goog.provide('goog.html.SafeStyleSheet');
goog.require('goog.array');
goog.require('goog.asserts');
+goog.require('goog.html.SafeStyle');
+goog.require('goog.object');
goog.require('goog.string');
goog.require('goog.string.Const');
goog.require('goog.string.TypedString');
@@ -84,7 +86,7 @@ goog.html.SafeStyleSheet = function() {
/**
* A type marker used to implement additional run-time type checking.
* @see goog.html.SafeStyleSheet#unwrap
- * @const
+ * @const {!Object}
* @private
*/
this.SAFE_STYLE_SHEET_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ =
@@ -109,6 +111,70 @@ goog.html.SafeStyleSheet.TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ = {};
/**
+ * Creates a style sheet consisting of one selector and one style definition.
+ * Use {@link goog.html.SafeStyleSheet.concat} to create longer style sheets.
+ * This function doesn't support @import, @media and similar constructs.
+ * @param {string} selector CSS selector, e.g. '#id' or 'tag .class, #id'. We
+ * support CSS3 selectors: https://w3.org/TR/css3-selectors/#selectors.
+ * @param {!goog.html.SafeStyle.PropertyMap|!goog.html.SafeStyle} style Style
+ * definition associated with the selector.
+ * @return {!goog.html.SafeStyleSheet}
+ * @throws {Error} If invalid selector is provided.
+ */
+goog.html.SafeStyleSheet.createRule = function(selector, style) {
+ if (goog.string.contains(selector, '<')) {
+ throw Error('Selector does not allow \'<\', got: ' + selector);
+ }
+
+ // Remove strings.
+ var selectorToCheck =
+ selector.replace(/('|")((?!\1)[^\r\n\f\\]|\\[\s\S])*\1/g, '');
+
+ // Check characters allowed in CSS3 selectors.
+ if (!/^[-_a-zA-Z0-9#.:* ,>+~[\]()=^$|]+$/.test(selectorToCheck)) {
+ throw Error(
+ 'Selector allows only [-_a-zA-Z0-9#.:* ,>+~[\\]()=^$|] and ' +
+ 'strings, got: ' + selector);
+ }
+
+ // Check balanced () and [].
+ if (!goog.html.SafeStyleSheet.hasBalancedBrackets_(selectorToCheck)) {
+ throw Error('() and [] in selector must be balanced, got: ' + selector);
+ }
+
+ if (!(style instanceof goog.html.SafeStyle)) {
+ style = goog.html.SafeStyle.create(style);
+ }
+ var styleSheet = selector + '{' + goog.html.SafeStyle.unwrap(style) + '}';
+ return goog.html.SafeStyleSheet
+ .createSafeStyleSheetSecurityPrivateDoNotAccessOrElse(styleSheet);
+};
+
+
+/**
+ * Checks if a string has balanced () and [] brackets.
+ * @param {string} s String to check.
+ * @return {boolean}
+ * @private
+ */
+goog.html.SafeStyleSheet.hasBalancedBrackets_ = function(s) {
+ var brackets = {'(': ')', '[': ']'};
+ var expectedBrackets = [];
+ for (var i = 0; i < s.length; i++) {
+ var ch = s[i];
+ if (brackets[ch]) {
+ expectedBrackets.push(brackets[ch]);
+ } else if (goog.object.contains(brackets, ch)) {
+ if (expectedBrackets.pop() != ch) {
+ return false;
+ }
+ }
+ }
+ return expectedBrackets.length == 0;
+};
+
+
+/**
* Creates a new SafeStyleSheet object by concatenating values.
* @param {...(!goog.html.SafeStyleSheet|!Array<!goog.html.SafeStyleSheet>)}
* var_args Values to concatenate.