diff options
Diffstat (limited to 'srv/src/http/static/viz/2/goog/html/trustedresourceurl.js')
| -rw-r--r-- | srv/src/http/static/viz/2/goog/html/trustedresourceurl.js | 408 |
1 files changed, 0 insertions, 408 deletions
diff --git a/srv/src/http/static/viz/2/goog/html/trustedresourceurl.js b/srv/src/http/static/viz/2/goog/html/trustedresourceurl.js deleted file mode 100644 index c043ef1..0000000 --- a/srv/src/http/static/viz/2/goog/html/trustedresourceurl.js +++ /dev/null @@ -1,408 +0,0 @@ -// Copyright 2013 The Closure Library Authors. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS-IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -/** - * @fileoverview The TrustedResourceUrl type and its builders. - * - * TODO(xtof): Link to document stating type contract. - */ - -goog.provide('goog.html.TrustedResourceUrl'); - -goog.require('goog.asserts'); -goog.require('goog.i18n.bidi.Dir'); -goog.require('goog.i18n.bidi.DirectionalString'); -goog.require('goog.string.Const'); -goog.require('goog.string.TypedString'); - - - -/** - * A URL which is under application control and from which script, CSS, and - * other resources that represent executable code, can be fetched. - * - * Given that the URL can only be constructed from strings under application - * control and is used to load resources, bugs resulting in a malformed URL - * should not have a security impact and are likely to be easily detectable - * during testing. Given the wide number of non-RFC compliant URLs in use, - * stricter validation could prevent some applications from being able to use - * this type. - * - * Instances of this type must be created via the factory method, - * ({@code fromConstant}, {@code fromConstants}, {@code format} or {@code - * formatWithParams}), and not by invoking its constructor. The constructor - * intentionally takes no parameters and the type is immutable; hence only a - * default instance corresponding to the empty string can be obtained via - * constructor invocation. - * - * @see goog.html.TrustedResourceUrl#fromConstant - * @constructor - * @final - * @struct - * @implements {goog.i18n.bidi.DirectionalString} - * @implements {goog.string.TypedString} - */ -goog.html.TrustedResourceUrl = function() { - /** - * The contained value of this TrustedResourceUrl. The field has a purposely - * ugly name to make (non-compiled) code that attempts to directly access this - * field stand out. - * @private {string} - */ - this.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue_ = ''; - - /** - * A type marker used to implement additional run-time type checking. - * @see goog.html.TrustedResourceUrl#unwrap - * @const {!Object} - * @private - */ - this.TRUSTED_RESOURCE_URL_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ = - goog.html.TrustedResourceUrl.TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_; -}; - - -/** - * @override - * @const - */ -goog.html.TrustedResourceUrl.prototype.implementsGoogStringTypedString = true; - - -/** - * Returns this TrustedResourceUrl's value as a string. - * - * IMPORTANT: In code where it is security relevant that an object's type is - * indeed {@code TrustedResourceUrl}, use - * {@code goog.html.TrustedResourceUrl.unwrap} instead of this method. If in - * doubt, assume that it's security relevant. In particular, note that - * goog.html functions which return a goog.html type do not guarantee that - * the returned instance is of the right type. For example: - * - * <pre> - * var fakeSafeHtml = new String('fake'); - * fakeSafeHtml.__proto__ = goog.html.SafeHtml.prototype; - * var newSafeHtml = goog.html.SafeHtml.htmlEscape(fakeSafeHtml); - * // newSafeHtml is just an alias for fakeSafeHtml, it's passed through by - * // goog.html.SafeHtml.htmlEscape() as fakeSafeHtml instanceof - * // goog.html.SafeHtml. - * </pre> - * - * @see goog.html.TrustedResourceUrl#unwrap - * @override - */ -goog.html.TrustedResourceUrl.prototype.getTypedStringValue = function() { - return this.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue_; -}; - - -/** - * @override - * @const - */ -goog.html.TrustedResourceUrl.prototype.implementsGoogI18nBidiDirectionalString = - true; - - -/** - * Returns this URLs directionality, which is always {@code LTR}. - * @override - */ -goog.html.TrustedResourceUrl.prototype.getDirection = function() { - return goog.i18n.bidi.Dir.LTR; -}; - - -if (goog.DEBUG) { - /** - * Returns a debug string-representation of this value. - * - * To obtain the actual string value wrapped in a TrustedResourceUrl, use - * {@code goog.html.TrustedResourceUrl.unwrap}. - * - * @see goog.html.TrustedResourceUrl#unwrap - * @override - */ - goog.html.TrustedResourceUrl.prototype.toString = function() { - return 'TrustedResourceUrl{' + - this.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue_ + '}'; - }; -} - - -/** - * Performs a runtime check that the provided object is indeed a - * TrustedResourceUrl object, and returns its value. - * - * @param {!goog.html.TrustedResourceUrl} trustedResourceUrl The object to - * extract from. - * @return {string} The trustedResourceUrl object's contained string, unless - * the run-time type check fails. In that case, {@code unwrap} returns an - * innocuous string, or, if assertions are enabled, throws - * {@code goog.asserts.AssertionError}. - */ -goog.html.TrustedResourceUrl.unwrap = function(trustedResourceUrl) { - // Perform additional Run-time type-checking to ensure that - // trustedResourceUrl is indeed an instance of the expected type. This - // provides some additional protection against security bugs due to - // application code that disables type checks. - // Specifically, the following checks are performed: - // 1. The object is an instance of the expected type. - // 2. The object is not an instance of a subclass. - // 3. The object carries a type marker for the expected type. "Faking" an - // object requires a reference to the type marker, which has names intended - // to stand out in code reviews. - if (trustedResourceUrl instanceof goog.html.TrustedResourceUrl && - trustedResourceUrl.constructor === goog.html.TrustedResourceUrl && - trustedResourceUrl - .TRUSTED_RESOURCE_URL_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ === - goog.html.TrustedResourceUrl - .TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_) { - return trustedResourceUrl - .privateDoNotAccessOrElseTrustedResourceUrlWrappedValue_; - } else { - goog.asserts.fail('expected object of type TrustedResourceUrl, got \'' + - trustedResourceUrl + '\' of type ' + goog.typeOf(trustedResourceUrl)); - return 'type_error:TrustedResourceUrl'; - } -}; - - -/** - * Creates a TrustedResourceUrl from a format string and arguments. - * - * The arguments for interpolation into the format string map labels to values. - * Values of type `goog.string.Const` are interpolated without modifcation. - * Values of other types are cast to string and encoded with - * encodeURIComponent. - * - * `%{<label>}` markers are used in the format string to indicate locations - * to be interpolated with the valued mapped to the given label. `<label>` - * must contain only alphanumeric and `_` characters. - * - * The format string must start with one of the following: - * - `https://<origin>/` - * - `//<origin>/` - * - `/<pathStart>` - * - `about:blank` - * - * `<origin>` must contain only alphanumeric or any of the following: `-.:[]`. - * `<pathStart>` is any character except `/` and `\`. - * - * Example usage: - * - * var url = goog.html.TrustedResourceUrl.format(goog.string.Const.from( - * 'https://www.google.com/search?q=%{query}), {'query': searchTerm}); - * - * var url = goog.html.TrustedResourceUrl.format(goog.string.Const.from( - * '//www.youtube.com/v/%{videoId}?hl=en&fs=1%{autoplay}'), { - * 'videoId': videoId, - * 'autoplay': opt_autoplay ? - * goog.string.Const.EMPTY : goog.string.Const.from('&autoplay=1') - * }); - * - * While this function can be used to create a TrustedResourceUrl from only - * constants, fromConstant() and fromConstants() are generally preferable for - * that purpose. - * - * @param {!goog.string.Const} format The format string. - * @param {!Object<string, (string|number|!goog.string.Const)>} args Mapping - * of labels to values to be interpolated into the format string. - * goog.string.Const values are interpolated without encoding. - * @return {!goog.html.TrustedResourceUrl} - * @throws {!Error} On an invalid format string or if a label used in the - * the format string is not present in args. - */ -goog.html.TrustedResourceUrl.format = function(format, args) { - var result = goog.html.TrustedResourceUrl.format_(format, args); - return goog.html.TrustedResourceUrl - .createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse(result); -}; - - -/** - * String version of TrustedResourceUrl.format. - * @param {!goog.string.Const} format - * @param {!Object<string, (string|number|!goog.string.Const)>} args - * @return {string} - * @throws {!Error} - * @private - */ -goog.html.TrustedResourceUrl.format_ = function(format, args) { - var formatStr = goog.string.Const.unwrap(format); - if (!goog.html.TrustedResourceUrl.BASE_URL_.test(formatStr)) { - throw new Error('Invalid TrustedResourceUrl format: ' + formatStr); - } - return formatStr.replace( - goog.html.TrustedResourceUrl.FORMAT_MARKER_, function(match, id) { - if (!Object.prototype.hasOwnProperty.call(args, id)) { - throw new Error( - 'Found marker, "' + id + '", in format string, "' + formatStr + - '", but no valid label mapping found ' + - 'in args: ' + JSON.stringify(args)); - } - var arg = args[id]; - if (arg instanceof goog.string.Const) { - return goog.string.Const.unwrap(arg); - } else { - return encodeURIComponent(String(arg)); - } - }); -}; - - -/** - * @private @const {!RegExp} - */ -goog.html.TrustedResourceUrl.FORMAT_MARKER_ = /%{(\w+)}/g; - - -/** - * The URL must be absolute, scheme-relative or path-absolute. So it must - * start with: - * - https:// followed by allowed origin characters. - * - // followed by allowed origin characters. - * - / not followed by / or \. There will only be an absolute path. - * - * Based on - * https://url.spec.whatwg.org/commit-snapshots/56b74ce7cca8883eab62e9a12666e2fac665d03d/#url-parsing - * an initial / which is not followed by another / or \ will end up in the "path - * state" and from there it can only go to "fragment state" and "query state". - * - * We don't enforce a well-formed domain name. So '.' or '1.2' are valid. - * That's ok because the origin comes from a compile-time constant. - * - * A regular expression is used instead of goog.uri for several reasons: - * - Strictness. E.g. we don't want any userinfo component and we don't - * want '/./, nor \' in the first path component. - * - Small trusted base. goog.uri is generic and might need to change, - * reasoning about all the ways it can parse a URL now and in the future - * is error-prone. - * - Code size. We expect many calls to .format(), many of which might - * not be using goog.uri. - * - Simplicity. Using goog.uri would likely not result in simpler nor shorter - * code. - * @private @const {!RegExp} - */ -goog.html.TrustedResourceUrl.BASE_URL_ = - /^(?:https:)?\/\/[0-9a-z.:[\]-]+\/|^\/[^\/\\]|^about:blank(#|$)/i; - - -/** - * Formats the URL same as TrustedResourceUrl.format and then adds extra URL - * parameters. - * - * Example usage: - * - * // Creates '//www.youtube.com/v/abc?autoplay=1' for videoId='abc' and - * // opt_autoplay=1. Creates '//www.youtube.com/v/abc' for videoId='abc' - * // and opt_autoplay=undefined. - * var url = goog.html.TrustedResourceUrl.formatWithParams( - * goog.string.Const.from('//www.youtube.com/v/%{videoId}'), - * {'videoId': videoId}, - * {'autoplay': opt_autoplay}); - * - * @param {!goog.string.Const} format The format string. - * @param {!Object<string, (string|number|!goog.string.Const)>} args Mapping - * of labels to values to be interpolated into the format string. - * goog.string.Const values are interpolated without encoding. - * @param {!Object<string, *>} params Parameters to add to URL. Parameters with - * value {@code null} or {@code undefined} are skipped. Both keys and values - * are encoded. Note that JavaScript doesn't guarantee the order of values - * in an object which might result in non-deterministic order of the - * parameters. However, browsers currently preserve the order. - * @return {!goog.html.TrustedResourceUrl} - * @throws {!Error} On an invalid format string or if a label used in the - * the format string is not present in args. - */ -goog.html.TrustedResourceUrl.formatWithParams = function(format, args, params) { - var url = goog.html.TrustedResourceUrl.format_(format, args); - var separator = /\?/.test(url) ? '&' : '?'; - for (var key in params) { - if (params[key] == null) { - continue; - } - url += separator + encodeURIComponent(key) + '=' + - encodeURIComponent(String(params[key])); - separator = '&'; - } - return goog.html.TrustedResourceUrl - .createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse(url); -}; - - -/** - * Creates a TrustedResourceUrl object from a compile-time constant string. - * - * Compile-time constant strings are inherently program-controlled and hence - * trusted. - * - * @param {!goog.string.Const} url A compile-time-constant string from which to - * create a TrustedResourceUrl. - * @return {!goog.html.TrustedResourceUrl} A TrustedResourceUrl object - * initialized to {@code url}. - */ -goog.html.TrustedResourceUrl.fromConstant = function(url) { - return goog.html.TrustedResourceUrl - .createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse( - goog.string.Const.unwrap(url)); -}; - - -/** - * Creates a TrustedResourceUrl object from a compile-time constant strings. - * - * Compile-time constant strings are inherently program-controlled and hence - * trusted. - * - * @param {!Array<!goog.string.Const>} parts Compile-time-constant strings from - * which to create a TrustedResourceUrl. - * @return {!goog.html.TrustedResourceUrl} A TrustedResourceUrl object - * initialized to concatenation of {@code parts}. - */ -goog.html.TrustedResourceUrl.fromConstants = function(parts) { - var unwrapped = ''; - for (var i = 0; i < parts.length; i++) { - unwrapped += goog.string.Const.unwrap(parts[i]); - } - return goog.html.TrustedResourceUrl - .createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse(unwrapped); -}; - - -/** - * Type marker for the TrustedResourceUrl type, used to implement additional - * run-time type checking. - * @const {!Object} - * @private - */ -goog.html.TrustedResourceUrl.TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ = {}; - - -/** - * Package-internal utility method to create TrustedResourceUrl instances. - * - * @param {string} url The string to initialize the TrustedResourceUrl object - * with. - * @return {!goog.html.TrustedResourceUrl} The initialized TrustedResourceUrl - * object. - * @package - */ -goog.html.TrustedResourceUrl - .createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse = function(url) { - var trustedResourceUrl = new goog.html.TrustedResourceUrl(); - trustedResourceUrl.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue_ = - url; - return trustedResourceUrl; -}; |