Package com.google.gwt.safecss.shared

Class SafeStylesUtils

java.lang.Object
com.google.gwt.safecss.shared.SafeStylesUtils
public final class SafeStylesUtils extends Object
Utility class containing static methods for creating SafeStyles.

  • Method Details

    • forBackgroundImage

      public static SafeStyles forBackgroundImage(SafeUri uri)
      Sets the background-image CSS property.
      Parameters:
      uri - the URI of the background image
      Returns:
      a SafeStyles instance
      See Also:

    • forBorderStyle

      public static SafeStyles forBorderStyle(Style.BorderStyle value)
      Sets the border-style CSS property.

    • forBorderWidth

      public static SafeStyles forBorderWidth(double value, Style.Unit unit)
      Set the border-width css property.

    • forBottom

      public static SafeStyles forBottom(double value, Style.Unit unit)
      Set the bottom css property.

    • forClear

      public static SafeStyles forClear(Style.Clear value)
      Sets the 'clear' CSS property.

    • forCursor

      public static SafeStyles forCursor(Style.Cursor value)
      Sets the cursor CSS property.

    • forDisplay

      public static SafeStyles forDisplay(Style.Display value)
      Sets the display CSS property.

    • forFloat

      public static SafeStyles forFloat(Style.Float value)
      Set the float css property.

    • forFontSize

      public static SafeStyles forFontSize(double value, Style.Unit unit)
      Set the font-size css property.

    • forFontStyle

      public static SafeStyles forFontStyle(Style.FontStyle value)
      Sets the font-style CSS property.

    • forFontWeight

      public static SafeStyles forFontWeight(Style.FontWeight value)
      Sets the font-weight CSS property.

    • forHeight

      public static SafeStyles forHeight(double value, Style.Unit unit)
      Set the height css property.

    • forLeft

      public static SafeStyles forLeft(double value, Style.Unit unit)
      Set the left css property.

    • forLineHeight

      public static SafeStyles forLineHeight(double value, Style.Unit unit)
      Set the line-height css property.

    • forListStyleType

      public static SafeStyles forListStyleType(Style.ListStyleType value)
      Sets the list-style-type CSS property.

    • forMargin

      public static SafeStyles forMargin(double value, Style.Unit unit)
      Set the margin css property.

    • forMarginBottom

      public static SafeStyles forMarginBottom(double value, Style.Unit unit)
      Set the margin-bottom css property.

    • forMarginLeft

      public static SafeStyles forMarginLeft(double value, Style.Unit unit)
      Set the margin-left css property.

    • forMarginRight

      public static SafeStyles forMarginRight(double value, Style.Unit unit)
      Set the margin-right css property.

    • forMarginTop

      public static SafeStyles forMarginTop(double value, Style.Unit unit)
      Set the margin-top css property.

    • forOpacity

      public static SafeStyles forOpacity(double value)
      Set the opacity css property.

    • forOutlineStyle

      public static SafeStyles forOutlineStyle(Style.OutlineStyle value)
      Sets the outline-style CSS property.

    • forOutlineWidth

      public static SafeStyles forOutlineWidth(double value, Style.Unit unit)
      Set the outline-width css property.

    • forOverflow

      public static SafeStyles forOverflow(Style.Overflow value)
      Sets the overflow CSS property.

    • forOverflowX

      public static SafeStyles forOverflowX(Style.Overflow value)
      Sets the overflow-x CSS property.

    • forOverflowY

      public static SafeStyles forOverflowY(Style.Overflow value)
      Sets the overflow-y CSS property.

    • forPadding

      public static SafeStyles forPadding(double value, Style.Unit unit)
      Set the padding css property.

    • forPaddingBottom

      public static SafeStyles forPaddingBottom(double value, Style.Unit unit)
      Set the padding-bottom css property.

    • forPaddingLeft

      public static SafeStyles forPaddingLeft(double value, Style.Unit unit)
      Set the padding-left css property.

    • forPaddingRight

      public static SafeStyles forPaddingRight(double value, Style.Unit unit)
      Set the padding-right css property.

    • forPaddingTop

      public static SafeStyles forPaddingTop(double value, Style.Unit unit)
      Set the padding-top css property.

    • forPosition

      public static SafeStyles forPosition(Style.Position value)
      Sets the position CSS property.

    • forRight

      public static SafeStyles forRight(double value, Style.Unit unit)
      Set the right css property.

    • forTableLayout

      public static SafeStyles forTableLayout(Style.TableLayout value)
      Set the table-layout CSS property.

    • forTextAlign

      public static SafeStyles forTextAlign(Style.TextAlign value)
      Sets the 'text-align' CSS property.

    • forTextDecoration

      public static SafeStyles forTextDecoration(Style.TextDecoration value)
      Sets the 'text-decoration' CSS property.

    • forTextIndent

      public static SafeStyles forTextIndent(double value, Style.Unit unit)
      Set the 'text-indent' CSS property.

    • forTextJustify

      public static SafeStyles forTextJustify(Style.TextJustify value)
      Set the 'text-justify' CSS3 property.

    • forTextOverflow

      public static SafeStyles forTextOverflow(Style.TextOverflow value)
      Set the 'text-overflow' CSS3 property.

    • forTextTransform

      public static SafeStyles forTextTransform(Style.TextTransform value)
      Set the 'text-transform' CSS property.

    • forTop

      public static SafeStyles forTop(double value, Style.Unit unit)
      Set the top css property.

    • forTrustedBackgroundColor

      public static SafeStyles forTrustedBackgroundColor(String value)

      Returns a SafeStyles constructed from a trusted background color, i.e., without escaping the value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

      SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

      Parameters:
      value - the property value
      Returns:
      a SafeStyles instance

    • forTrustedBackgroundImage

      public static SafeStyles forTrustedBackgroundImage(String value)

      Returns a SafeStyles constructed from a trusted background image, i.e., without escaping the value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

      SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

      Parameters:
      value - the property value
      Returns:
      a SafeStyles instance
      See Also:

    • forTrustedBorderColor

      public static SafeStyles forTrustedBorderColor(String value)

      Returns a SafeStyles constructed from a trusted border color, i.e., without escaping the value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

      SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

      Parameters:
      value - the property value
      Returns:
      a SafeStyles instance

    • forTrustedColor

      public static SafeStyles forTrustedColor(String value)

      Returns a SafeStyles constructed from a trusted font color, i.e., without escaping the value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

      SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

      Parameters:
      value - the property value
      Returns:
      a SafeStyles instance

    • forTrustedOutlineColor

      public static SafeStyles forTrustedOutlineColor(String value)

      Returns a SafeStyles constructed from a trusted outline color, i.e., without escaping the value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

      SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

      Parameters:
      value - the property value
      Returns:
      a SafeStyles instance

    • forVerticalAlign

      public static SafeStyles forVerticalAlign(double value, Style.Unit unit)
      Sets the vertical-align CSS property.

    • forVerticalAlign

      public static SafeStyles forVerticalAlign(Style.VerticalAlign value)
      Sets the vertical-align CSS property.

    • forVisibility

      public static SafeStyles forVisibility(Style.Visibility value)
      Sets the visibility CSS property.

    • forWhiteSpace

      public static SafeStyles forWhiteSpace(Style.WhiteSpace value)
      Set the 'white-space' CSS property.

    • forWidth

      public static SafeStyles forWidth(double value, Style.Unit unit)
      Set the width css property.

    • forZIndex

      public static SafeStyles forZIndex(int value)
      Set the z-index css property.

    • fromTrustedNameAndValue

      public static SafeStyles fromTrustedNameAndValue(String name, double value, Style.Unit unit)

      Returns a SafeStyles constructed from a trusted name and a trusted value, i.e., without escaping the name and value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

      SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

      The name should be in hyphenated format, not camelCase format.

      Parameters:
      name - the property name
      value - the value
      unit - the units of the value
      Returns:
      a SafeStyles instance

    • fromTrustedNameAndValue

      public static SafeStyles fromTrustedNameAndValue(String name, String value)

      Returns a SafeStyles constructed from a trusted name and a trusted value, i.e., without escaping the name and value. No checks are performed. The calling code should be carefully reviewed to ensure the argument will satisfy the SafeStyles contract when they are composed into the form: "<name>:<value>;".

      SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

      The name should be in hyphenated format, not camelCase format.

      Parameters:
      name - the property name
      value - the property value
      Returns:
      a SafeStyles instance

    • fromTrustedString

      public static SafeStyles fromTrustedString(String s)

      Returns a SafeStyles constructed from a trusted string, i.e., without escaping the string. No checks are performed. The calling code should be carefully reviewed to ensure the argument meets the SafeStyles contract.

      Generally, SafeStyles should be of the form cssPropertyName:value;, where neither the name nor the value contain malicious scripts.

      SafeStyles may never contain literal angle brackets. Otherwise, it could be unsafe to place a SafeStyles into a <style> tag (where it can't be HTML escaped). For example, if the SafeStyles containing " font: 'foo <style><script>evil</script>'" is used in a style sheet in a <style> tag, this could then break out of the style context into HTML.

      The following example values comply with this type's contract:

      • width: 1em;
      • height:1em;
      • width: 1em;height: 1em;
      • background:url('http://url');
      In addition, the empty string is safe for use in a CSS attribute.

      The following example values do not comply with this type's contract:

      • background: red (missing a trailing semi-colon)
      • background: (missing a value and a trailing semi-colon)
      • 1em (missing an attribute name, which provides context for the value)
      Parameters:
      s - the input String
      Returns:
      a SafeStyles instance

    • verifySafeStylesConstraints

      static void verifySafeStylesConstraints(String styles)
      Verify that the basic constraints of a SafeStyles are met. This method is not a guarantee that the specified css is safe for use in a CSS style attribute. It is a minimal set of assertions to check for common errors.
      Parameters:
      styles - the CSS properties string
      Throws:
      NullPointerException - if the css is null
      AssertionError - if the css does not meet the constraints