-Dave
On Mar 21, 9:48 am, Thomas Broyer <t.bro...@gmail.com> wrote:
> On Wednesday, March 21, 2012 4:15:10 PM UTC+1, dhoffer wrote:
>
> > I have a few questions about this.
>
> > If I change to:
>
> > interface Template extends SafeHtmlTemplates {
> > @Template("<img src=\"{0}\"/>")
> > SafeHtml img(SafeUri safeUri);
> > }
>
> > 1. How does the template know to call asString() on the safeUri
> > instance?
>
> SafeHtmlTemplates knows about SafeUri (remember the warning it outputs when
> you use String? ;-) )
>
> > 2. With this change I now have the same problem but in the SafeUri
> > implementation. How do I take a URL variable and sanitize it so it's
> > safe?
>
> UriUtils.fromString()http://google-web-toolkit.googlecode.com/svn/javadoc/latest/com/googl...)
>
> > Or because these URL's come from the server can I just declare
> > them safe by convention.
>
> No. Only those URLs that are hard-coded in your client-side app can be
> trusted.
>
> > 3. How do I get rid of the compiler warning? Once I've manually made
> > these safe is there a way to annotate the @Template usage so the
> > compiler knows it's safe?
>
> The only way to shut the generator up is to use SafeUri and SafeStyles when
> it tells you to do so.
--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment