admin/GROCERY
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
admin
2026-06-25 21:30:32 +00:00
commit 328faf6251
220 changed files with 162103 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
js/goog/dom/asserts.js
Executable
+398
View File
@@ -0,0 +1,398 @@
/**
* @license
* Copyright The Closure Library Authors.
* SPDX-License-Identifier: Apache-2.0
*/
goog.provide('goog.dom.asserts');
goog.require('goog.asserts');
/**
* @fileoverview Custom assertions to ensure that an element has the appropriate
* type.
*
* Using a goog.dom.safe wrapper on an object on the incorrect type (via an
* incorrect static type cast) can result in security bugs: For instance,
* g.d.s.setAnchorHref ensures that the URL assigned to the .href attribute
* satisfies the SafeUrl contract, i.e., is safe to dereference as a hyperlink.
* However, the value assigned to a HTMLLinkElement's .href property requires
* the stronger TrustedResourceUrl contract, since it can refer to a stylesheet.
* Thus, using g.d.s.setAnchorHref on an (incorrectly statically typed) object
* of type HTMLLinkElement can result in a security vulnerability.
* Assertions of the correct run-time type help prevent such incorrect use.
*
* In some cases, code using the DOM API is tested using mock objects (e.g., a
* plain object such as {'href': url} instead of an actual Location object).
* To allow such mocking, the assertions permit objects of types that are not
* relevant DOM API objects at all (for instance, not Element or Location).
*
* Note that instanceof checks don't work straightforwardly in older versions of
* IE, or across frames (see,
* http://stackoverflow.com/questions/384286/javascript-isdom-how-do-you-check-if-a-javascript-object-is-a-dom-object,
* http://stackoverflow.com/questions/26248599/instanceof-htmlelement-in-iframe-is-not-element-or-object).
*
* Hence, these assertions may pass vacuously in such scenarios. The resulting
* risk of security bugs is limited by the following factors:
* - A bug can only arise in scenarios involving incorrect static typing (the
* wrapper methods are statically typed to demand objects of the appropriate,
* precise type).
* - Typically, code is tested and exercised in multiple browsers.
*/
/**
* Asserts that a given object is a Location.
*
* To permit this assertion to pass in the context of tests where DOM APIs might
* be mocked, also accepts any other type except for subtypes of {!Element}.
* This is to ensure that, for instance, HTMLLinkElement is not being used in
* place of a Location, since this could result in security bugs due to stronger
* contracts required for assignments to the href property of the latter.
*
* @param {?Object} o The object whose type to assert.
* @return {!Location}
*/
goog.dom.asserts.assertIsLocation = function(o) {
'use strict';
if (goog.asserts.ENABLE_ASSERTS) {
var win = goog.dom.asserts.getWindow_(o);
if (win) {
if (!o || (!(o instanceof win.Location) && o instanceof win.Element)) {
goog.asserts.fail(
'Argument is not a Location (or a non-Element mock); got: %s',
goog.dom.asserts.debugStringForType_(o));
}
}
}
return /** @type {!Location} */ (o);
};
/**
* Asserts that a given object is either the given subtype of Element
* or a non-Element, non-Location Mock.
*
* To permit this assertion to pass in the context of tests where DOM
* APIs might be mocked, also accepts any other type except for
* subtypes of {!Element}. This is to ensure that, for instance,
* HTMLScriptElement is not being used in place of a HTMLImageElement,
* since this could result in security bugs due to stronger contracts
* required for assignments to the src property of the latter.
*
* The DOM type is looked up in the window the object belongs to. In
* some contexts, this might not be possible (e.g. when running tests
* outside a browser, cross-domain lookup). In this case, the
* assertions are skipped.
*
* @param {?Object} o The object whose type to assert.
* @param {string} typename The name of the DOM type.
* @return {!Element} The object.
* @private
*/
// TODO(bangert): Make an analog of goog.dom.TagName to correctly handle casts?
goog.dom.asserts.assertIsElementType_ = function(o, typename) {
'use strict';
if (goog.asserts.ENABLE_ASSERTS) {
var win = goog.dom.asserts.getWindow_(o);
if (win && typeof win[typename] != 'undefined') {
if (!o ||
(!(o instanceof win[typename]) &&
(o instanceof win.Location || o instanceof win.Element))) {
goog.asserts.fail(
'Argument is not a %s (or a non-Element, non-Location mock); ' +
'got: %s',
typename, goog.dom.asserts.debugStringForType_(o));
}
}
}
return /** @type {!Element} */ (o);
};
/**
* Asserts that a given object is a HTMLAnchorElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not of type Location nor a subtype
* of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLAnchorElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlAnchorElement instead.
*/
goog.dom.asserts.assertIsHTMLAnchorElement = function(o) {
'use strict';
return /** @type {!HTMLAnchorElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLAnchorElement'));
};
/**
* Asserts that a given object is a HTMLButtonElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLButtonElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlButtonElement instead.
*/
goog.dom.asserts.assertIsHTMLButtonElement = function(o) {
'use strict';
return /** @type {!HTMLButtonElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLButtonElement'));
};
/**
* Asserts that a given object is a HTMLLinkElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLLinkElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlLinkElement instead.
*/
goog.dom.asserts.assertIsHTMLLinkElement = function(o) {
'use strict';
return /** @type {!HTMLLinkElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLLinkElement'));
};
/**
* Asserts that a given object is a HTMLImageElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLImageElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlImageElement instead.
*/
goog.dom.asserts.assertIsHTMLImageElement = function(o) {
'use strict';
return /** @type {!HTMLImageElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLImageElement'));
};
/**
* Asserts that a given object is a HTMLAudioElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLAudioElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlAudioElement instead.
*/
goog.dom.asserts.assertIsHTMLAudioElement = function(o) {
'use strict';
return /** @type {!HTMLAudioElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLAudioElement'));
};
/**
* Asserts that a given object is a HTMLVideoElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLVideoElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlVideoElement instead.
*/
goog.dom.asserts.assertIsHTMLVideoElement = function(o) {
'use strict';
return /** @type {!HTMLVideoElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLVideoElement'));
};
/**
* Asserts that a given object is a HTMLInputElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLInputElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlInputElement instead.
*/
goog.dom.asserts.assertIsHTMLInputElement = function(o) {
'use strict';
return /** @type {!HTMLInputElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLInputElement'));
};
/**
* Asserts that a given object is a HTMLTextAreaElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLTextAreaElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlTextAreaElement instead.
*/
goog.dom.asserts.assertIsHTMLTextAreaElement = function(o) {
'use strict';
return /** @type {!HTMLTextAreaElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLTextAreaElement'));
};
/**
* Asserts that a given object is a HTMLCanvasElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLCanvasElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlCanvasElement instead.
*/
goog.dom.asserts.assertIsHTMLCanvasElement = function(o) {
'use strict';
return /** @type {!HTMLCanvasElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLCanvasElement'));
};
/**
* Asserts that a given object is a HTMLEmbedElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLEmbedElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlEmbedElement instead.
*/
goog.dom.asserts.assertIsHTMLEmbedElement = function(o) {
'use strict';
return /** @type {!HTMLEmbedElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLEmbedElement'));
};
/**
* Asserts that a given object is a HTMLFormElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLFormElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlFormElement instead.
*/
goog.dom.asserts.assertIsHTMLFormElement = function(o) {
'use strict';
return /** @type {!HTMLFormElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLFormElement'));
};
/**
* Asserts that a given object is a HTMLFrameElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLFrameElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlFrameElement instead.
*/
goog.dom.asserts.assertIsHTMLFrameElement = function(o) {
'use strict';
return /** @type {!HTMLFrameElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLFrameElement'));
};
/**
* Asserts that a given object is a HTMLIFrameElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLIFrameElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlIFrameElement instead.
*/
goog.dom.asserts.assertIsHTMLIFrameElement = function(o) {
'use strict';
return /** @type {!HTMLIFrameElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLIFrameElement'));
};
/**
* Asserts that a given object is a HTMLObjectElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLObjectElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlObjectElement instead.
*/
goog.dom.asserts.assertIsHTMLObjectElement = function(o) {
'use strict';
return /** @type {!HTMLObjectElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLObjectElement'));
};
/**
* Asserts that a given object is a HTMLScriptElement.
*
* To permit this assertion to pass in the context of tests where elements might
* be mocked, also accepts objects that are not a subtype of Element.
*
* @param {?Object} o The object whose type to assert.
* @return {!HTMLScriptElement}
* @deprecated Use goog.asserts.dom.assertIsHtmlScriptElement instead.
*/
goog.dom.asserts.assertIsHTMLScriptElement = function(o) {
'use strict';
return /** @type {!HTMLScriptElement} */ (
goog.dom.asserts.assertIsElementType_(o, 'HTMLScriptElement'));
};
/**
* Returns a string representation of a value's type.
*
* @param {*} value An object, or primitive.
* @return {string} The best display name for the value.
* @private
*/
goog.dom.asserts.debugStringForType_ = function(value) {
'use strict';
if (goog.isObject(value)) {
try {
return /** @type {string|undefined} */ (value.constructor.displayName) ||
value.constructor.name || Object.prototype.toString.call(value);
} catch (e) {
return '<object could not be stringified>';
}
} else {
return value === undefined ? 'undefined' :
value === null ? 'null' : typeof value;
}
};
/**
* Gets window of element.
* @param {?Object} o
* @return {?Window}
* @private
* @suppress {strictMissingProperties} ownerDocument not defined on Object
*/
goog.dom.asserts.getWindow_ = function(o) {
'use strict';
try {
var doc = o && o.ownerDocument;
// This can throw “Blocked a frame with origin "chrome-extension://..." from
// accessing a cross-origin frame” in Chrome extension.
var win =
doc && /** @type {?Window} */ (doc.defaultView || doc.parentWindow);
win = win || /** @type {!Window} */ (goog.global);
// This can throw “Permission denied to access property "Element" on
// cross-origin object”.
if (win.Element && win.Location) {
return win;
}
} catch (ex) {
}
return null;
};
js/goog/dom/browserfeature.js
Executable
+94
View File
@@ -0,0 +1,94 @@
/**
* @license
* Copyright The Closure Library Authors.
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @fileoverview Browser capability checks for the dom package.
*/
goog.provide('goog.dom.BrowserFeature');
goog.require('goog.userAgent');
/**
* @define {boolean} Whether we know at compile time that the browser doesn't
* support OffscreenCanvas.
*/
goog.dom.BrowserFeature.ASSUME_NO_OFFSCREEN_CANVAS =
goog.define('goog.dom.ASSUME_NO_OFFSCREEN_CANVAS', false);
/**
* @define {boolean} Whether we know at compile time that the browser supports
* all OffscreenCanvas contexts.
*/
// TODO(user): Eventually this should default to "FEATURESET_YEAR >= 202X".
goog.dom.BrowserFeature.ASSUME_OFFSCREEN_CANVAS =
goog.define('goog.dom.ASSUME_OFFSCREEN_CANVAS', false);
/**
* Detects if a particular OffscreenCanvas context is supported.
* @param {string} contextName name of the context to test.
* @return {boolean} Whether the browser supports this OffscreenCanvas context.
* @private
*/
goog.dom.BrowserFeature.detectOffscreenCanvas_ = function(contextName) {
'use strict';
// This code only gets removed because we forced @nosideeffects on
// the functions. See: b/138802376
try {
return Boolean(new self.OffscreenCanvas(0, 0).getContext(contextName));
} catch (ex) {
}
return false;
};
/**
* Whether the browser supports OffscreenCanvas 2D context.
* @const {boolean}
*/
goog.dom.BrowserFeature.OFFSCREEN_CANVAS_2D =
!goog.dom.BrowserFeature.ASSUME_NO_OFFSCREEN_CANVAS &&
(goog.dom.BrowserFeature.ASSUME_OFFSCREEN_CANVAS ||
goog.dom.BrowserFeature.detectOffscreenCanvas_('2d'));
/**
* Whether attributes 'name' and 'type' can be added to an element after it's
* created. False in Internet Explorer prior to version 9.
* @const {boolean}
*/
goog.dom.BrowserFeature.CAN_ADD_NAME_OR_TYPE_ATTRIBUTES = true;
/**
* Whether we can use element.children to access an element's Element
* children. Available since Gecko 1.9.1, IE 9. (IE<9 also includes comment
* nodes in the collection.)
* @const {boolean}
*/
goog.dom.BrowserFeature.CAN_USE_CHILDREN_ATTRIBUTE = true;
/**
* Opera, Safari 3, and Internet Explorer 9 all support innerText but they
* include text nodes in script and style tags. Not document-mode-dependent.
* @const {boolean}
*/
goog.dom.BrowserFeature.CAN_USE_INNER_TEXT = false;
/**
* MSIE, Opera, and Safari>=4 support element.parentElement to access an
* element's parent if it is an Element.
* @const {boolean}
*/
goog.dom.BrowserFeature.CAN_USE_PARENT_ELEMENT_PROPERTY =
goog.userAgent.IE || goog.userAgent.WEBKIT;
/**
* Whether NoScope elements need a scoped element written before them in
* innerHTML.
* MSDN: http://msdn.microsoft.com/en-us/library/ms533897(VS.85).aspx#1
* @const {boolean}
*/
goog.dom.BrowserFeature.INNER_HTML_NEEDS_SCOPED_ELEMENT = goog.userAgent.IE;
js/goog/dom/dom.js
Executable
+3499
View File
File diff suppressed because it is too large Load Diff
js/goog/dom/htmlelement.js
Executable
+21
View File
@@ -0,0 +1,21 @@
/**
* @license
* Copyright The Closure Library Authors.
* SPDX-License-Identifier: Apache-2.0
*/
goog.provide('goog.dom.HtmlElement');
/**
* This subclass of HTMLElement is used when only a HTMLElement is possible and
* not any of its subclasses. Normally, a type can refer to an instance of
* itself or an instance of any subtype. More concretely, if HTMLElement is used
* then the compiler must assume that it might still be e.g. HTMLScriptElement.
* With this, the type check knows that it couldn't be any special element.
*
* @constructor
* @extends {HTMLElement}
*/
goog.dom.HtmlElement = function() {};
js/goog/dom/inputtype.js
Executable
+56
View File
@@ -0,0 +1,56 @@
/**
* @license
* Copyright The Closure Library Authors.
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @fileoverview Defines the goog.dom.InputType enum. This enumerates all
* input element types (for INPUT, BUTTON, SELECT and TEXTAREA elements) in
* either the W3C HTML 4.01 index of elements or the HTML5 draft specification.
*
* References:
* http://www.w3.org/TR/html401/sgml/dtd.html#InputType
* http://www.w3.org/TR/html-markup/input.html#input
* https://html.spec.whatwg.org/multipage/forms.html#dom-input-type
* https://html.spec.whatwg.org/multipage/forms.html#dom-button-type
* https://html.spec.whatwg.org/multipage/forms.html#dom-select-type
* https://html.spec.whatwg.org/multipage/forms.html#dom-textarea-type
*/
goog.provide('goog.dom.InputType');
/**
* Enum of all input types (for INPUT, BUTTON, SELECT and TEXTAREA elements)
* specified by the W3C HTML4.01 and HTML5 specifications.
* @enum {string}
*/
goog.dom.InputType = {
BUTTON: 'button',
CHECKBOX: 'checkbox',
COLOR: 'color',
DATE: 'date',
DATETIME: 'datetime',
DATETIME_LOCAL: 'datetime-local',
EMAIL: 'email',
FILE: 'file',
HIDDEN: 'hidden',
IMAGE: 'image',
MENU: 'menu',
MONTH: 'month',
NUMBER: 'number',
PASSWORD: 'password',
RADIO: 'radio',
RANGE: 'range',
RESET: 'reset',
SEARCH: 'search',
SELECT_MULTIPLE: 'select-multiple',
SELECT_ONE: 'select-one',
SUBMIT: 'submit',
TEL: 'tel',
TEXT: 'text',
TEXTAREA: 'textarea',
TIME: 'time',
URL: 'url',
WEEK: 'week'
};
js/goog/dom/nodetype.js
Executable
+40
View File
@@ -0,0 +1,40 @@
/**
* @license
* Copyright The Closure Library Authors.
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @fileoverview Definition of goog.dom.NodeType.
*/
goog.provide('goog.dom.NodeType');
/**
* Constants for the nodeType attribute in the Node interface.
*
* These constants match those specified in the Node interface. These are
* usually present on the Node object in recent browsers, but not in older
* browsers (specifically, early IEs) and thus are given here.
*
* In some browsers (early IEs), these are not defined on the Node object,
* so they are provided here.
*
* See http://www.w3.org/TR/DOM-Level-2-Core/core.html#ID-1950641247
* @enum {number}
*/
goog.dom.NodeType = {
ELEMENT: 1,
ATTRIBUTE: 2,
TEXT: 3,
CDATA_SECTION: 4,
ENTITY_REFERENCE: 5,
ENTITY: 6,
PROCESSING_INSTRUCTION: 7,
COMMENT: 8,
DOCUMENT: 9,
DOCUMENT_TYPE: 10,
DOCUMENT_FRAGMENT: 11,
NOTATION: 12
};
js/goog/dom/safe.js
Executable
+941
View File
@@ -0,0 +1,941 @@
/**
* @license
* Copyright The Closure Library Authors.
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @fileoverview Type-safe wrappers for unsafe DOM APIs.
*
* This file provides type-safe wrappers for DOM APIs that can result in
* cross-site scripting (XSS) vulnerabilities, if the API is supplied with
* untrusted (attacker-controlled) input. Instead of plain strings, the type
* safe wrappers consume values of types from the goog.html package whose
* contract promises that values are safe to use in the corresponding context.
*
* Hence, a program that exclusively uses the wrappers in this file (i.e., whose
* only reference to security-sensitive raw DOM APIs are in this file) is
* guaranteed to be free of XSS due to incorrect use of such DOM APIs (modulo
* correctness of code that produces values of the respective goog.html types,
* and absent code that violates type safety).
*
* For example, assigning to an element's .innerHTML property a string that is
* derived (even partially) from untrusted input typically results in an XSS
* vulnerability. The type-safe wrapper goog.dom.safe.setInnerHtml consumes a
* value of type goog.html.SafeHtml, whose contract states that using its values
* in a HTML context will not result in XSS. Hence a program that is free of
* direct assignments to any element's innerHTML property (with the exception of
* the assignment to .innerHTML in this file) is guaranteed to be free of XSS
* due to assignment of untrusted strings to the innerHTML property.
*/
goog.provide('goog.dom.safe');
goog.provide('goog.dom.safe.InsertAdjacentHtmlPosition');
goog.require('goog.asserts');
goog.require('goog.dom.asserts');
goog.require('goog.functions');
goog.require('goog.html.SafeHtml');
goog.require('goog.html.SafeScript');
goog.require('goog.html.SafeStyle');
goog.require('goog.html.SafeUrl');
goog.require('goog.html.TrustedResourceUrl');
goog.require('goog.html.uncheckedconversions');
goog.require('goog.string.Const');
goog.require('goog.string.internal');
/** @enum {string} */
goog.dom.safe.InsertAdjacentHtmlPosition = {
AFTERBEGIN: 'afterbegin',
AFTEREND: 'afterend',
BEFOREBEGIN: 'beforebegin',
BEFOREEND: 'beforeend'
};
/**
* Inserts known-safe HTML into a Node, at the specified position.
* @param {!Node} node The node on which to call insertAdjacentHTML.
* @param {!goog.dom.safe.InsertAdjacentHtmlPosition} position Position where
* to insert the HTML.
* @param {!goog.html.SafeHtml} html The known-safe HTML to insert.
*/
goog.dom.safe.insertAdjacentHtml = function(node, position, html) {
'use strict';
node.insertAdjacentHTML(position, goog.html.SafeHtml.unwrapTrustedHTML(html));
};
/**
* Tags not allowed in goog.dom.safe.setInnerHtml.
* @private @const {!Object<string, boolean>}
*/
goog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_ = {
'MATH': true,
'SCRIPT': true,
'STYLE': true,
'SVG': true,
'TEMPLATE': true
};
/**
* Whether assigning to innerHTML results in a non-spec-compliant clean-up. Used
* to define goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse.
*
* <p>As mentioned in https://stackoverflow.com/questions/28741528, re-rendering
* an element in IE by setting innerHTML causes IE to recursively disconnect all
* parent/children connections that were in the previous contents of the
* element. Unfortunately, this can unexpectedly result in confusing cases where
* a function is run (typically asynchronously) on element that has since
* disconnected from the DOM but assumes the presence of its children. A simple
* workaround is to remove all children first. Testing on IE11 via
* https://jsperf.com/innerhtml-vs-removechild/239, removeChild seems to be
* ~10x faster than innerHTML='' for a large number of children (perhaps due
* to the latter's recursive behavior), implying that this workaround would
* not hurt performance and might actually improve it.
* @return {boolean}
* @private
*/
goog.dom.safe.isInnerHtmlCleanupRecursive_ =
goog.functions.cacheReturnValue(function() {
'use strict';
// `document` missing in some test frameworks.
if (goog.DEBUG && typeof document === 'undefined') {
return false;
}
// Create 3 nested <div>s without using innerHTML.
// We're not chaining the appendChilds in one call, as this breaks
// in a DocumentFragment.
var div = document.createElement('div');
var childDiv = document.createElement('div');
childDiv.appendChild(document.createElement('div'));
div.appendChild(childDiv);
// `firstChild` is null in Google Js Test.
if (goog.DEBUG && !div.firstChild) {
return false;
}
var innerChild = div.firstChild.firstChild;
div.innerHTML =
goog.html.SafeHtml.unwrapTrustedHTML(goog.html.SafeHtml.EMPTY);
return !innerChild.parentElement;
});
/**
* Assigns HTML to an element's innerHTML property. Helper to use only here and
* in soy.js.
* @param {?Element|?ShadowRoot} elem The element whose innerHTML is to be
* assigned to.
* @param {!goog.html.SafeHtml} html
*/
goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse = function(elem, html) {
'use strict';
// See comment above goog.dom.safe.isInnerHtmlCleanupRecursive_.
if (goog.dom.safe.isInnerHtmlCleanupRecursive_()) {
while (elem.lastChild) {
elem.removeChild(elem.lastChild);
}
}
elem.innerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html);
};
/**
* Assigns known-safe HTML to an element's innerHTML property.
* @param {!Element|!ShadowRoot} elem The element whose innerHTML is to be
* assigned to.
* @param {!goog.html.SafeHtml} html The known-safe HTML to assign.
* @throws {Error} If called with one of these tags: math, script, style, svg,
* template.
*/
goog.dom.safe.setInnerHtml = function(elem, html) {
'use strict';
if (goog.asserts.ENABLE_ASSERTS && elem.tagName) {
var tagName = elem.tagName.toUpperCase();
if (goog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_[tagName]) {
throw new Error(
'goog.dom.safe.setInnerHtml cannot be used to set content of ' +
elem.tagName + '.');
}
}
goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse(elem, html);
};
/**
* Assigns constant HTML to an element's innerHTML property.
* @param {!Element} element The element whose innerHTML is to be assigned to.
* @param {!goog.string.Const} constHtml The known-safe HTML to assign.
* @throws {!Error} If called with one of these tags: math, script, style, svg,
* template.
*/
goog.dom.safe.setInnerHtmlFromConstant = function(element, constHtml) {
'use strict';
goog.dom.safe.setInnerHtml(
element,
goog.html.uncheckedconversions
.safeHtmlFromStringKnownToSatisfyTypeContract(
goog.string.Const.from('Constant HTML to be immediatelly used.'),
goog.string.Const.unwrap(constHtml)));
};
/**
* Assigns known-safe HTML to an element's outerHTML property.
* @param {!Element} elem The element whose outerHTML is to be assigned to.
* @param {!goog.html.SafeHtml} html The known-safe HTML to assign.
*/
goog.dom.safe.setOuterHtml = function(elem, html) {
'use strict';
elem.outerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html);
};
/**
* Safely assigns a URL a form element's action property.
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
* form's action property. If url is of type string however, it is first
* sanitized using goog.html.SafeUrl.sanitize.
*
* Example usage:
* goog.dom.safe.setFormElementAction(formEl, url);
* which is a safe alternative to
* formEl.action = url;
* The latter can result in XSS vulnerabilities if url is a
* user-/attacker-controlled value.
*
* @param {!Element} form The form element whose action property
* is to be assigned to.
* @param {string|!goog.html.SafeUrl} url The URL to assign.
* @return {void}
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.setFormElementAction = function(form, url) {
'use strict';
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url);
}
goog.dom.asserts.assertIsHTMLFormElement(form).action =
goog.html.SafeUrl.unwrap(safeUrl);
};
/**
* Safely assigns a URL to a button element's formaction property.
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
* button's formaction property. If url is of type string however, it is first
* sanitized using goog.html.SafeUrl.sanitize.
*
* Example usage:
* goog.dom.safe.setButtonFormAction(buttonEl, url);
* which is a safe alternative to
* buttonEl.action = url;
* The latter can result in XSS vulnerabilities if url is a
* user-/attacker-controlled value.
*
* @param {!Element} button The button element whose action property
* is to be assigned to.
* @param {string|!goog.html.SafeUrl} url The URL to assign.
* @return {void}
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.setButtonFormAction = function(button, url) {
'use strict';
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url);
}
goog.dom.asserts.assertIsHTMLButtonElement(button).formAction =
goog.html.SafeUrl.unwrap(safeUrl);
};
/**
* Safely assigns a URL to an input element's formaction property.
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
* input's formaction property. If url is of type string however, it is first
* sanitized using goog.html.SafeUrl.sanitize.
*
* Example usage:
* goog.dom.safe.setInputFormAction(inputEl, url);
* which is a safe alternative to
* inputEl.action = url;
* The latter can result in XSS vulnerabilities if url is a
* user-/attacker-controlled value.
*
* @param {!Element} input The input element whose action property
* is to be assigned to.
* @param {string|!goog.html.SafeUrl} url The URL to assign.
* @return {void}
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.setInputFormAction = function(input, url) {
'use strict';
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url);
}
goog.dom.asserts.assertIsHTMLInputElement(input).formAction =
goog.html.SafeUrl.unwrap(safeUrl);
};
/**
* Sets the given element's style property to the contents of the provided
* SafeStyle object.
* @param {!Element} elem
* @param {!goog.html.SafeStyle} style
* @return {void}
*/
goog.dom.safe.setStyle = function(elem, style) {
'use strict';
elem.style.cssText = goog.html.SafeStyle.unwrap(style);
};
/**
* Writes known-safe HTML to a document.
* @param {!Document} doc The document to be written to.
* @param {!goog.html.SafeHtml} html The known-safe HTML to assign.
* @return {void}
*/
goog.dom.safe.documentWrite = function(doc, html) {
'use strict';
doc.write(goog.html.SafeHtml.unwrapTrustedHTML(html));
};
/**
* Safely assigns a URL to an anchor element's href property.
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
* anchor's href property. If url is of type string however, it is first
* sanitized using goog.html.SafeUrl.sanitize.
*
* Example usage:
* goog.dom.safe.setAnchorHref(anchorEl, url);
* which is a safe alternative to
* anchorEl.href = url;
* The latter can result in XSS vulnerabilities if url is a
* user-/attacker-controlled value.
*
* @param {!HTMLAnchorElement} anchor The anchor element whose href property
* is to be assigned to.
* @param {string|!goog.html.SafeUrl} url The URL to assign.
* @return {void}
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.setAnchorHref = function(anchor, url) {
'use strict';
goog.dom.asserts.assertIsHTMLAnchorElement(anchor);
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url);
}
anchor.href = goog.html.SafeUrl.unwrap(safeUrl);
};
/**
* Safely assigns a URL to an image element's src property.
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
* image's src property. If url is of type string however, it is first
* sanitized using goog.html.SafeUrl.sanitize.
*
* @param {!HTMLImageElement} imageElement The image element whose src property
* is to be assigned to.
* @param {string|!goog.html.SafeUrl} url The URL to assign.
* @return {void}
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.setImageSrc = function(imageElement, url) {
'use strict';
goog.dom.asserts.assertIsHTMLImageElement(imageElement);
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
var allowDataUrl = /^data:image\//i.test(url);
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url, allowDataUrl);
}
imageElement.src = goog.html.SafeUrl.unwrap(safeUrl);
};
/**
* Safely assigns a URL to a audio element's src property.
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
* audio's src property. If url is of type string however, it is first
* sanitized using goog.html.SafeUrl.sanitize.
*
* @param {!HTMLAudioElement} audioElement The audio element whose src property
* is to be assigned to.
* @param {string|!goog.html.SafeUrl} url The URL to assign.
* @return {void}
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.setAudioSrc = function(audioElement, url) {
'use strict';
goog.dom.asserts.assertIsHTMLAudioElement(audioElement);
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
var allowDataUrl = /^data:audio\//i.test(url);
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url, allowDataUrl);
}
audioElement.src = goog.html.SafeUrl.unwrap(safeUrl);
};
/**
* Safely assigns a URL to a video element's src property.
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
* video's src property. If url is of type string however, it is first
* sanitized using goog.html.SafeUrl.sanitize.
*
* @param {!HTMLVideoElement} videoElement The video element whose src property
* is to be assigned to.
* @param {string|!goog.html.SafeUrl} url The URL to assign.
* @return {void}
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.setVideoSrc = function(videoElement, url) {
'use strict';
goog.dom.asserts.assertIsHTMLVideoElement(videoElement);
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
var allowDataUrl = /^data:video\//i.test(url);
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url, allowDataUrl);
}
videoElement.src = goog.html.SafeUrl.unwrap(safeUrl);
};
/**
* Safely assigns a URL to an embed element's src property.
*
* Example usage:
* goog.dom.safe.setEmbedSrc(embedEl, url);
* which is a safe alternative to
* embedEl.src = url;
* The latter can result in loading untrusted code unless it is ensured that
* the URL refers to a trustworthy resource.
*
* @param {!HTMLEmbedElement} embed The embed element whose src property
* is to be assigned to.
* @param {!goog.html.TrustedResourceUrl} url The URL to assign.
*/
goog.dom.safe.setEmbedSrc = function(embed, url) {
'use strict';
goog.dom.asserts.assertIsHTMLEmbedElement(embed);
embed.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);
};
/**
* Safely assigns a URL to a frame element's src property.
*
* Example usage:
* goog.dom.safe.setFrameSrc(frameEl, url);
* which is a safe alternative to
* frameEl.src = url;
* The latter can result in loading untrusted code unless it is ensured that
* the URL refers to a trustworthy resource.
*
* @param {!HTMLFrameElement} frame The frame element whose src property
* is to be assigned to.
* @param {!goog.html.TrustedResourceUrl} url The URL to assign.
* @return {void}
*/
goog.dom.safe.setFrameSrc = function(frame, url) {
'use strict';
goog.dom.asserts.assertIsHTMLFrameElement(frame);
frame.src = goog.html.TrustedResourceUrl.unwrap(url);
};
/**
* Safely assigns a URL to an iframe element's src property.
*
* Example usage:
* goog.dom.safe.setIframeSrc(iframeEl, url);
* which is a safe alternative to
* iframeEl.src = url;
* The latter can result in loading untrusted code unless it is ensured that
* the URL refers to a trustworthy resource.
*
* @param {!HTMLIFrameElement} iframe The iframe element whose src property
* is to be assigned to.
* @param {!goog.html.TrustedResourceUrl} url The URL to assign.
* @return {void}
*/
goog.dom.safe.setIframeSrc = function(iframe, url) {
'use strict';
goog.dom.asserts.assertIsHTMLIFrameElement(iframe);
iframe.src = goog.html.TrustedResourceUrl.unwrap(url);
};
/**
* Safely assigns HTML to an iframe element's srcdoc property.
*
* Example usage:
* goog.dom.safe.setIframeSrcdoc(iframeEl, safeHtml);
* which is a safe alternative to
* iframeEl.srcdoc = html;
* The latter can result in loading untrusted code.
*
* @param {!HTMLIFrameElement} iframe The iframe element whose srcdoc property
* is to be assigned to.
* @param {!goog.html.SafeHtml} html The HTML to assign.
* @return {void}
*/
goog.dom.safe.setIframeSrcdoc = function(iframe, html) {
'use strict';
goog.dom.asserts.assertIsHTMLIFrameElement(iframe);
iframe.srcdoc = goog.html.SafeHtml.unwrapTrustedHTML(html);
};
/**
* Safely sets a link element's href and rel properties. Whether or not
* the URL assigned to href has to be a goog.html.TrustedResourceUrl
* depends on the value of the rel property. If rel contains "stylesheet"
* then a TrustedResourceUrl is required.
*
* Example usage:
* goog.dom.safe.setLinkHrefAndRel(linkEl, url, 'stylesheet');
* which is a safe alternative to
* linkEl.rel = 'stylesheet';
* linkEl.href = url;
* The latter can result in loading untrusted code unless it is ensured that
* the URL refers to a trustworthy resource.
*
* @param {!HTMLLinkElement} link The link element whose href property
* is to be assigned to.
* @param {string|!goog.html.SafeUrl|!goog.html.TrustedResourceUrl} url The URL
* to assign to the href property. Must be a TrustedResourceUrl if the
* value assigned to rel contains "stylesheet". A string value is
* sanitized with goog.html.SafeUrl.sanitize.
* @param {string} rel The value to assign to the rel property.
* @return {void}
* @throws {Error} if rel contains "stylesheet" and url is not a
* TrustedResourceUrl
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.setLinkHrefAndRel = function(link, url, rel) {
'use strict';
goog.dom.asserts.assertIsHTMLLinkElement(link);
link.rel = rel;
if (goog.string.internal.caseInsensitiveContains(rel, 'stylesheet')) {
goog.asserts.assert(
url instanceof goog.html.TrustedResourceUrl,
'URL must be TrustedResourceUrl because "rel" contains "stylesheet"');
link.href = goog.html.TrustedResourceUrl.unwrap(url);
const win = link.ownerDocument && link.ownerDocument.defaultView;
const nonce = goog.dom.safe.getStyleNonce(win);
if (nonce) {
link.setAttribute('nonce', nonce);
}
} else if (url instanceof goog.html.TrustedResourceUrl) {
link.href = goog.html.TrustedResourceUrl.unwrap(url);
} else if (url instanceof goog.html.SafeUrl) {
link.href = goog.html.SafeUrl.unwrap(url);
} else { // string
// SafeUrl.sanitize must return legitimate SafeUrl when passed a string.
link.href = goog.html.SafeUrl.unwrap(
goog.html.SafeUrl.sanitizeAssertUnchanged(url));
}
};
/**
* Safely assigns a URL to an object element's data property.
*
* Example usage:
* goog.dom.safe.setObjectData(objectEl, url);
* which is a safe alternative to
* objectEl.data = url;
* The latter can result in loading untrusted code unless setit is ensured that
* the URL refers to a trustworthy resource.
*
* @param {!HTMLObjectElement} object The object element whose data property
* is to be assigned to.
* @param {!goog.html.TrustedResourceUrl} url The URL to assign.
* @return {void}
*/
goog.dom.safe.setObjectData = function(object, url) {
'use strict';
goog.dom.asserts.assertIsHTMLObjectElement(object);
object.data = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);
};
/**
* Safely assigns a URL to a script element's src property.
*
* Example usage:
* goog.dom.safe.setScriptSrc(scriptEl, url);
* which is a safe alternative to
* scriptEl.src = url;
* The latter can result in loading untrusted code unless it is ensured that
* the URL refers to a trustworthy resource.
*
* @param {!HTMLScriptElement} script The script element whose src property
* is to be assigned to.
* @param {!goog.html.TrustedResourceUrl} url The URL to assign.
* @return {void}
*/
goog.dom.safe.setScriptSrc = function(script, url) {
'use strict';
goog.dom.asserts.assertIsHTMLScriptElement(script);
script.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);
goog.dom.safe.setNonceForScriptElement_(script);
};
/**
* Safely assigns a value to a script element's content.
*
* Example usage:
* goog.dom.safe.setScriptContent(scriptEl, content);
* which is a safe alternative to
* scriptEl.text = content;
* The latter can result in executing untrusted code unless it is ensured that
* the code is loaded from a trustworthy resource.
*
* @param {!HTMLScriptElement} script The script element whose content is being
* set.
* @param {!goog.html.SafeScript} content The content to assign.
* @return {void}
*/
goog.dom.safe.setScriptContent = function(script, content) {
'use strict';
goog.dom.asserts.assertIsHTMLScriptElement(script);
script.textContent = goog.html.SafeScript.unwrapTrustedScript(content);
goog.dom.safe.setNonceForScriptElement_(script);
};
/**
* Set nonce-based CSPs to dynamically created scripts.
* @param {!HTMLScriptElement} script The script element whose nonce value
* is to be calculated
* @private
*/
goog.dom.safe.setNonceForScriptElement_ = function(script) {
'use strict';
var win = script.ownerDocument && script.ownerDocument.defaultView;
const nonce = goog.dom.safe.getScriptNonce(win);
if (nonce) {
script.setAttribute('nonce', nonce);
}
};
/**
* Safely assigns a URL to a Location object's href property.
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to
* loc's href property. If url is of type string however, it is first sanitized
* using goog.html.SafeUrl.sanitize.
*
* Example usage:
* goog.dom.safe.setLocationHref(document.location, redirectUrl);
* which is a safe alternative to
* document.location.href = redirectUrl;
* The latter can result in XSS vulnerabilities if redirectUrl is a
* user-/attacker-controlled value.
*
* @param {!Location} loc The Location object whose href property is to be
* assigned to.
* @param {string|!goog.html.SafeUrl} url The URL to assign.
* @return {void}
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.setLocationHref = function(loc, url) {
'use strict';
goog.dom.asserts.assertIsLocation(loc);
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url);
}
loc.href = goog.html.SafeUrl.unwrap(safeUrl);
};
/**
* Safely assigns the URL of a Location object.
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and
* passed to Location#assign. If url is of type string however, it is
* first sanitized using goog.html.SafeUrl.sanitize.
*
* Example usage:
* goog.dom.safe.assignLocation(document.location, newUrl);
* which is a safe alternative to
* document.location.assign(newUrl);
* The latter can result in XSS vulnerabilities if newUrl is a
* user-/attacker-controlled value.
*
* This has the same behaviour as setLocationHref, however some test
* mock Location.assign instead of a property assignment.
*
* @param {!Location} loc The Location object which is to be assigned.
* @param {string|!goog.html.SafeUrl} url The URL to assign.
* @return {void}
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.assignLocation = function(loc, url) {
'use strict';
goog.dom.asserts.assertIsLocation(loc);
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url);
}
loc.assign(goog.html.SafeUrl.unwrap(safeUrl));
};
/**
* Safely replaces the URL of a Location object.
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and
* passed to Location#replace. If url is of type string however, it is
* first sanitized using goog.html.SafeUrl.sanitize.
*
* Example usage:
* goog.dom.safe.replaceLocation(document.location, newUrl);
* which is a safe alternative to
* document.location.replace(newUrl);
* The latter can result in XSS vulnerabilities if newUrl is a
* user-/attacker-controlled value.
*
* @param {!Location} loc The Location object which is to be replaced.
* @param {string|!goog.html.SafeUrl} url The URL to assign.
* @return {void}
* @see goog.html.SafeUrl#sanitize
*/
goog.dom.safe.replaceLocation = function(loc, url) {
'use strict';
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url);
}
loc.replace(goog.html.SafeUrl.unwrap(safeUrl));
};
/**
* Safely opens a URL in a new window (via window.open).
*
* If url is of type goog.html.SafeUrl, its value is unwrapped and passed in to
* window.open. If url is of type string however, it is first sanitized
* using goog.html.SafeUrl.sanitize.
*
* Note that this function does not prevent leakages via the referer that is
* sent by window.open. It is advised to only use this to open 1st party URLs.
*
* Example usage:
* goog.dom.safe.openInWindow(url);
* which is a safe alternative to
* window.open(url);
* The latter can result in XSS vulnerabilities if url is a
* user-/attacker-controlled value.
*
* @param {string|!goog.html.SafeUrl} url The URL to open.
* @param {Window=} opt_openerWin Window of which to call the .open() method.
* Defaults to the global window.
* @param {!goog.string.Const|string=} opt_name Name of the window to open in.
* Can be _top, etc as allowed by window.open(). This accepts string for
* legacy reasons. Pass goog.string.Const if possible.
* @param {string=} opt_specs Comma-separated list of specifications, same as
* in window.open().
* @return {Window} Window the url was opened in.
*/
goog.dom.safe.openInWindow = function(url, opt_openerWin, opt_name, opt_specs) {
'use strict';
/** @type {!goog.html.SafeUrl} */
var safeUrl;
if (url instanceof goog.html.SafeUrl) {
safeUrl = url;
} else {
safeUrl = goog.html.SafeUrl.sanitizeAssertUnchanged(url);
}
var win = opt_openerWin || goog.global;
// If opt_name is undefined, simply passing that in to open() causes IE to
// reuse the current window instead of opening a new one. Thus we pass '' in
// instead, which according to spec opens a new window. See
// https://html.spec.whatwg.org/multipage/browsers.html#dom-open .
var name = opt_name instanceof goog.string.Const ?
goog.string.Const.unwrap(opt_name) :
opt_name || '';
// Do not pass opt_specs to window.open unless it was provided by the caller.
// IE11 will use it as a signal to open a new window rather than a new tab
// (even if it is undefined).
if (opt_specs !== undefined) {
return win.open(goog.html.SafeUrl.unwrap(safeUrl), name, opt_specs);
} else {
return win.open(goog.html.SafeUrl.unwrap(safeUrl), name);
}
};
/**
* Parses the HTML as 'text/html'.
* @param {!DOMParser} parser
* @param {!goog.html.SafeHtml} html The HTML to be parsed.
* @return {!Document}
*/
goog.dom.safe.parseFromStringHtml = function(parser, html) {
'use strict';
return goog.dom.safe.parseFromString(parser, html, 'text/html');
};
/**
* Parses the string.
* @param {!DOMParser} parser
* @param {!goog.html.SafeHtml} content Note: We don't have a special type for
* XML or SVG supported by this function so we use SafeHtml.
* @param {string} type
* @return {!Document}
*/
goog.dom.safe.parseFromString = function(parser, content, type) {
'use strict';
return parser.parseFromString(
goog.html.SafeHtml.unwrapTrustedHTML(content), type);
};
/**
* Safely creates an HTMLImageElement from a Blob.
*
* Example usage:
* goog.dom.safe.createImageFromBlob(blob);
* which is a safe alternative to
* image.src = createObjectUrl(blob)
* The latter can result in executing malicious same-origin scripts from a bad
* Blob.
* @param {!Blob} blob The blob to create the image from.
* @return {!HTMLImageElement} The image element created from the blob.
* @throws {!Error} If called with a Blob with a MIME type other than image/.*.
*/
goog.dom.safe.createImageFromBlob = function(blob) {
'use strict';
// Any image/* MIME type is accepted as safe.
if (!/^image\/.*/g.test(blob.type)) {
throw new Error(
'goog.dom.safe.createImageFromBlob only accepts MIME type image/.*.');
}
var objectUrl = goog.global.URL.createObjectURL(blob);
var image = new goog.global.Image();
image.onload = function() {
'use strict';
goog.global.URL.revokeObjectURL(objectUrl);
};
goog.dom.safe.setImageSrc(
image,
goog.html.uncheckedconversions
.safeUrlFromStringKnownToSatisfyTypeContract(
goog.string.Const.from('Image blob URL.'), objectUrl));
return image;
};
/**
* Creates a DocumentFragment by parsing html in the context of a Range.
* @param {!Range} range The Range object starting from the context node to
* create a fragment in.
* @param {!goog.html.SafeHtml} html HTML to create a fragment from.
* @return {?DocumentFragment}
*/
goog.dom.safe.createContextualFragment = function(range, html) {
'use strict';
return range.createContextualFragment(
goog.html.SafeHtml.unwrapTrustedHTML(html));
};
/**
* Returns CSP script nonce, if set for any <script> tag.
* @param {?Window=} opt_window The window context used to retrieve the nonce.
* Defaults to global context.
* @return {string} CSP nonce or empty string if no nonce is present.
*/
goog.dom.safe.getScriptNonce = function(opt_window) {
return goog.dom.safe.getNonce_('script[nonce]', opt_window);
};
/**
* Returns CSP style nonce, if set for any <style> or <link rel="stylesheet">
* tag.
* @param {?Window=} opt_window The window context used to retrieve the nonce.
* Defaults to global context.
* @return {string} CSP nonce or empty string if no nonce is present.
*/
goog.dom.safe.getStyleNonce = function(opt_window) {
return goog.dom.safe.getNonce_(
'style[nonce],link[rel="stylesheet"][nonce]', opt_window);
};
/**
* According to the CSP3 spec a nonce must be a valid base64 string.
* @see https://www.w3.org/TR/CSP3/#grammardef-base64-value
* @private @const
*/
goog.dom.safe.NONCE_PATTERN_ = /^[\w+/_-]+[=]{0,2}$/;
/**
* Returns CSP nonce, if set for any tag of given type.
* @param {string} selector Selector for locating the element with nonce.
* @param {?Window=} win The window context used to retrieve the nonce.
* @return {string} CSP nonce or empty string if no nonce is present.
* @private
*/
goog.dom.safe.getNonce_ = function(selector, win) {
const doc = (win || goog.global).document;
if (!doc.querySelector) {
return '';
}
let el = doc.querySelector(selector);
if (el) {
// Try to get the nonce from the IDL property first, because browsers that
// implement additional nonce protection features (currently only Chrome) to
// prevent nonce stealing via CSS do not expose the nonce via attributes.
// See https://github.com/whatwg/html/issues/2369
const nonce = el['nonce'] || el.getAttribute('nonce');
if (nonce && goog.dom.safe.NONCE_PATTERN_.test(nonce)) {
return nonce;
}
}
return '';
};
js/goog/dom/tagname.js
Executable
+457
View File
@@ -0,0 +1,457 @@
/**
* @license
* Copyright The Closure Library Authors.
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @fileoverview Defines the goog.dom.TagName class. Its constants enumerate
* all HTML tag names specified in either the W3C HTML 4.01 index of elements
* or the HTML5.1 specification.
*
* References:
* https://www.w3.org/TR/html401/index/elements.html
* https://www.w3.org/TR/html51/dom.html#elements
*/
goog.provide('goog.dom.TagName');
goog.require('goog.dom.HtmlElement');
/**
* A tag name for an HTML element.
*
* This type is a lie. All instances are actually strings. Do not implement it.
*
* It exists because we need an object type to host the template type parameter,
* and that's not possible with literal or enum types. It is a record type so
* that runtime type checks don't try to validate the lie.
*
* @template T
* @record
*/
goog.dom.TagName = class {
/**
* Cast a string into the tagname for the associated constructor.
*
* @template T
* @param {string} name
* @param {function(new:T, ...?)} type
* @return {!goog.dom.TagName<T>}
*/
static cast(name, type) {
return /** @type {?} */ (name);
}
/** @suppress {unusedPrivateMembers} */
constructor() {
/** @private {null} */
this.googDomTagName_doNotImplementThisTypeOrElse_;
/** @private {T} */
this.ensureTypeScriptRemembersTypeT_;
}
/**
* Appease the compiler that instances are stringafiable for the
* purpose of being a dictionary key.
*
* Never implemented; always backed by `String::toString`.
*
* @override
* @return {string}
*/
toString() {}
};
/** @const {!goog.dom.TagName<!HTMLAnchorElement>} */
goog.dom.TagName.A = /** @type {?} */ ('A');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.ABBR = /** @type {?} */ ('ABBR');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.ACRONYM = /** @type {?} */ ('ACRONYM');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.ADDRESS = /** @type {?} */ ('ADDRESS');
/** @const {!goog.dom.TagName<!HTMLAppletElement>} */
goog.dom.TagName.APPLET = /** @type {?} */ ('APPLET');
/** @const {!goog.dom.TagName<!HTMLAreaElement>} */
goog.dom.TagName.AREA = /** @type {?} */ ('AREA');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.ARTICLE = /** @type {?} */ ('ARTICLE');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.ASIDE = /** @type {?} */ ('ASIDE');
/** @const {!goog.dom.TagName<!HTMLAudioElement>} */
goog.dom.TagName.AUDIO = /** @type {?} */ ('AUDIO');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.B = /** @type {?} */ ('B');
/** @const {!goog.dom.TagName<!HTMLBaseElement>} */
goog.dom.TagName.BASE = /** @type {?} */ ('BASE');
/** @const {!goog.dom.TagName<!HTMLBaseFontElement>} */
goog.dom.TagName.BASEFONT = /** @type {?} */ ('BASEFONT');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.BDI = /** @type {?} */ ('BDI');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.BDO = /** @type {?} */ ('BDO');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.BIG = /** @type {?} */ ('BIG');
/** @const {!goog.dom.TagName<!HTMLQuoteElement>} */
goog.dom.TagName.BLOCKQUOTE = /** @type {?} */ ('BLOCKQUOTE');
/** @const {!goog.dom.TagName<!HTMLBodyElement>} */
goog.dom.TagName.BODY = /** @type {?} */ ('BODY');
/** @const {!goog.dom.TagName<!HTMLBRElement>} */
goog.dom.TagName.BR = /** @type {?} */ ('BR');
/** @const {!goog.dom.TagName<!HTMLButtonElement>} */
goog.dom.TagName.BUTTON = /** @type {?} */ ('BUTTON');
/** @const {!goog.dom.TagName<!HTMLCanvasElement>} */
goog.dom.TagName.CANVAS = /** @type {?} */ ('CANVAS');
/** @const {!goog.dom.TagName<!HTMLTableCaptionElement>} */
goog.dom.TagName.CAPTION = /** @type {?} */ ('CAPTION');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.CENTER = /** @type {?} */ ('CENTER');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.CITE = /** @type {?} */ ('CITE');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.CODE = /** @type {?} */ ('CODE');
/** @const {!goog.dom.TagName<!HTMLTableColElement>} */
goog.dom.TagName.COL = /** @type {?} */ ('COL');
/** @const {!goog.dom.TagName<!HTMLTableColElement>} */
goog.dom.TagName.COLGROUP = /** @type {?} */ ('COLGROUP');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.COMMAND = /** @type {?} */ ('COMMAND');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.DATA = /** @type {?} */ ('DATA');
/** @const {!goog.dom.TagName<!HTMLDataListElement>} */
goog.dom.TagName.DATALIST = /** @type {?} */ ('DATALIST');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.DD = /** @type {?} */ ('DD');
/** @const {!goog.dom.TagName<!HTMLModElement>} */
goog.dom.TagName.DEL = /** @type {?} */ ('DEL');
/** @const {!goog.dom.TagName<!HTMLDetailsElement>} */
goog.dom.TagName.DETAILS = /** @type {?} */ ('DETAILS');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.DFN = /** @type {?} */ ('DFN');
/** @const {!goog.dom.TagName<!HTMLDialogElement>} */
goog.dom.TagName.DIALOG = /** @type {?} */ ('DIALOG');
/** @const {!goog.dom.TagName<!HTMLDirectoryElement>} */
goog.dom.TagName.DIR = /** @type {?} */ ('DIR');
/** @const {!goog.dom.TagName<!HTMLDivElement>} */
goog.dom.TagName.DIV = /** @type {?} */ ('DIV');
/** @const {!goog.dom.TagName<!HTMLDListElement>} */
goog.dom.TagName.DL = /** @type {?} */ ('DL');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.DT = /** @type {?} */ ('DT');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.EM = /** @type {?} */ ('EM');
/** @const {!goog.dom.TagName<!HTMLEmbedElement>} */
goog.dom.TagName.EMBED = /** @type {?} */ ('EMBED');
/** @const {!goog.dom.TagName<!HTMLFieldSetElement>} */
goog.dom.TagName.FIELDSET = /** @type {?} */ ('FIELDSET');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.FIGCAPTION = /** @type {?} */ ('FIGCAPTION');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.FIGURE = /** @type {?} */ ('FIGURE');
/** @const {!goog.dom.TagName<!HTMLFontElement>} */
goog.dom.TagName.FONT = /** @type {?} */ ('FONT');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.FOOTER = /** @type {?} */ ('FOOTER');
/** @const {!goog.dom.TagName<!HTMLFormElement>} */
goog.dom.TagName.FORM = /** @type {?} */ ('FORM');
/** @const {!goog.dom.TagName<!HTMLFrameElement>} */
goog.dom.TagName.FRAME = /** @type {?} */ ('FRAME');
/** @const {!goog.dom.TagName<!HTMLFrameSetElement>} */
goog.dom.TagName.FRAMESET = /** @type {?} */ ('FRAMESET');
/** @const {!goog.dom.TagName<!HTMLHeadingElement>} */
goog.dom.TagName.H1 = /** @type {?} */ ('H1');
/** @const {!goog.dom.TagName<!HTMLHeadingElement>} */
goog.dom.TagName.H2 = /** @type {?} */ ('H2');
/** @const {!goog.dom.TagName<!HTMLHeadingElement>} */
goog.dom.TagName.H3 = /** @type {?} */ ('H3');
/** @const {!goog.dom.TagName<!HTMLHeadingElement>} */
goog.dom.TagName.H4 = /** @type {?} */ ('H4');
/** @const {!goog.dom.TagName<!HTMLHeadingElement>} */
goog.dom.TagName.H5 = /** @type {?} */ ('H5');
/** @const {!goog.dom.TagName<!HTMLHeadingElement>} */
goog.dom.TagName.H6 = /** @type {?} */ ('H6');
/** @const {!goog.dom.TagName<!HTMLHeadElement>} */
goog.dom.TagName.HEAD = /** @type {?} */ ('HEAD');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.HEADER = /** @type {?} */ ('HEADER');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.HGROUP = /** @type {?} */ ('HGROUP');
/** @const {!goog.dom.TagName<!HTMLHRElement>} */
goog.dom.TagName.HR = /** @type {?} */ ('HR');
/** @const {!goog.dom.TagName<!HTMLHtmlElement>} */
goog.dom.TagName.HTML = /** @type {?} */ ('HTML');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.I = /** @type {?} */ ('I');
/** @const {!goog.dom.TagName<!HTMLIFrameElement>} */
goog.dom.TagName.IFRAME = /** @type {?} */ ('IFRAME');
/** @const {!goog.dom.TagName<!HTMLImageElement>} */
goog.dom.TagName.IMG = /** @type {?} */ ('IMG');
/** @const {!goog.dom.TagName<!HTMLInputElement>} */
goog.dom.TagName.INPUT = /** @type {?} */ ('INPUT');
/** @const {!goog.dom.TagName<!HTMLModElement>} */
goog.dom.TagName.INS = /** @type {?} */ ('INS');
/** @const {!goog.dom.TagName<!HTMLIsIndexElement>} */
goog.dom.TagName.ISINDEX = /** @type {?} */ ('ISINDEX');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.KBD = /** @type {?} */ ('KBD');
// HTMLKeygenElement is deprecated.
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.KEYGEN = /** @type {?} */ ('KEYGEN');
/** @const {!goog.dom.TagName<!HTMLLabelElement>} */
goog.dom.TagName.LABEL = /** @type {?} */ ('LABEL');
/** @const {!goog.dom.TagName<!HTMLLegendElement>} */
goog.dom.TagName.LEGEND = /** @type {?} */ ('LEGEND');
/** @const {!goog.dom.TagName<!HTMLLIElement>} */
goog.dom.TagName.LI = /** @type {?} */ ('LI');
/** @const {!goog.dom.TagName<!HTMLLinkElement>} */
goog.dom.TagName.LINK = /** @type {?} */ ('LINK');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.MAIN = /** @type {?} */ ('MAIN');
/** @const {!goog.dom.TagName<!HTMLMapElement>} */
goog.dom.TagName.MAP = /** @type {?} */ ('MAP');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.MARK = /** @type {?} */ ('MARK');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.MATH = /** @type {?} */ ('MATH');
/** @const {!goog.dom.TagName<!HTMLMenuElement>} */
goog.dom.TagName.MENU = /** @type {?} */ ('MENU');
/** @const {!goog.dom.TagName<!HTMLMenuItemElement>} */
goog.dom.TagName.MENUITEM = /** @type {?} */ ('MENUITEM');
/** @const {!goog.dom.TagName<!HTMLMetaElement>} */
goog.dom.TagName.META = /** @type {?} */ ('META');
/** @const {!goog.dom.TagName<!HTMLMeterElement>} */
goog.dom.TagName.METER = /** @type {?} */ ('METER');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.NAV = /** @type {?} */ ('NAV');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.NOFRAMES = /** @type {?} */ ('NOFRAMES');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.NOSCRIPT = /** @type {?} */ ('NOSCRIPT');
/** @const {!goog.dom.TagName<!HTMLObjectElement>} */
goog.dom.TagName.OBJECT = /** @type {?} */ ('OBJECT');
/** @const {!goog.dom.TagName<!HTMLOListElement>} */
goog.dom.TagName.OL = /** @type {?} */ ('OL');
/** @const {!goog.dom.TagName<!HTMLOptGroupElement>} */
goog.dom.TagName.OPTGROUP = /** @type {?} */ ('OPTGROUP');
/** @const {!goog.dom.TagName<!HTMLOptionElement>} */
goog.dom.TagName.OPTION = /** @type {?} */ ('OPTION');
/** @const {!goog.dom.TagName<!HTMLOutputElement>} */
goog.dom.TagName.OUTPUT = /** @type {?} */ ('OUTPUT');
/** @const {!goog.dom.TagName<!HTMLParagraphElement>} */
goog.dom.TagName.P = /** @type {?} */ ('P');
/** @const {!goog.dom.TagName<!HTMLParamElement>} */
goog.dom.TagName.PARAM = /** @type {?} */ ('PARAM');
/** @const {!goog.dom.TagName<!HTMLPictureElement>} */
goog.dom.TagName.PICTURE = /** @type {?} */ ('PICTURE');
/** @const {!goog.dom.TagName<!HTMLPreElement>} */
goog.dom.TagName.PRE = /** @type {?} */ ('PRE');
/** @const {!goog.dom.TagName<!HTMLProgressElement>} */
goog.dom.TagName.PROGRESS = /** @type {?} */ ('PROGRESS');
/** @const {!goog.dom.TagName<!HTMLQuoteElement>} */
goog.dom.TagName.Q = /** @type {?} */ ('Q');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.RP = /** @type {?} */ ('RP');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.RT = /** @type {?} */ ('RT');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.RTC = /** @type {?} */ ('RTC');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.RUBY = /** @type {?} */ ('RUBY');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.S = /** @type {?} */ ('S');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.SAMP = /** @type {?} */ ('SAMP');
/** @const {!goog.dom.TagName<!HTMLScriptElement>} */
goog.dom.TagName.SCRIPT = /** @type {?} */ ('SCRIPT');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.SECTION = /** @type {?} */ ('SECTION');
/** @const {!goog.dom.TagName<!HTMLSelectElement>} */
goog.dom.TagName.SELECT = /** @type {?} */ ('SELECT');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.SMALL = /** @type {?} */ ('SMALL');
/** @const {!goog.dom.TagName<!HTMLSourceElement>} */
goog.dom.TagName.SOURCE = /** @type {?} */ ('SOURCE');
/** @const {!goog.dom.TagName<!HTMLSpanElement>} */
goog.dom.TagName.SPAN = /** @type {?} */ ('SPAN');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.STRIKE = /** @type {?} */ ('STRIKE');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.STRONG = /** @type {?} */ ('STRONG');
/** @const {!goog.dom.TagName<!HTMLStyleElement>} */
goog.dom.TagName.STYLE = /** @type {?} */ ('STYLE');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.SUB = /** @type {?} */ ('SUB');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.SUMMARY = /** @type {?} */ ('SUMMARY');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.SUP = /** @type {?} */ ('SUP');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.SVG = /** @type {?} */ ('SVG');
/** @const {!goog.dom.TagName<!HTMLTableElement>} */
goog.dom.TagName.TABLE = /** @type {?} */ ('TABLE');
/** @const {!goog.dom.TagName<!HTMLTableSectionElement>} */
goog.dom.TagName.TBODY = /** @type {?} */ ('TBODY');
/** @const {!goog.dom.TagName<!HTMLTableCellElement>} */
goog.dom.TagName.TD = /** @type {?} */ ('TD');
/** @const {!goog.dom.TagName<!HTMLTemplateElement>} */
goog.dom.TagName.TEMPLATE = /** @type {?} */ ('TEMPLATE');
/** @const {!goog.dom.TagName<!HTMLTextAreaElement>} */
goog.dom.TagName.TEXTAREA = /** @type {?} */ ('TEXTAREA');
/** @const {!goog.dom.TagName<!HTMLTableSectionElement>} */
goog.dom.TagName.TFOOT = /** @type {?} */ ('TFOOT');
/** @const {!goog.dom.TagName<!HTMLTableCellElement>} */
goog.dom.TagName.TH = /** @type {?} */ ('TH');
/** @const {!goog.dom.TagName<!HTMLTableSectionElement>} */
goog.dom.TagName.THEAD = /** @type {?} */ ('THEAD');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.TIME = /** @type {?} */ ('TIME');
/** @const {!goog.dom.TagName<!HTMLTitleElement>} */
goog.dom.TagName.TITLE = /** @type {?} */ ('TITLE');
/** @const {!goog.dom.TagName<!HTMLTableRowElement>} */
goog.dom.TagName.TR = /** @type {?} */ ('TR');
/** @const {!goog.dom.TagName<!HTMLTrackElement>} */
goog.dom.TagName.TRACK = /** @type {?} */ ('TRACK');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.TT = /** @type {?} */ ('TT');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.U = /** @type {?} */ ('U');
/** @const {!goog.dom.TagName<!HTMLUListElement>} */
goog.dom.TagName.UL = /** @type {?} */ ('UL');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.VAR = /** @type {?} */ ('VAR');
/** @const {!goog.dom.TagName<!HTMLVideoElement>} */
goog.dom.TagName.VIDEO = /** @type {?} */ ('VIDEO');
/** @const {!goog.dom.TagName<!goog.dom.HtmlElement>} */
goog.dom.TagName.WBR = /** @type {?} */ ('WBR');
js/goog/dom/tags.js
Executable
+34
View File
@@ -0,0 +1,34 @@
/**
* @license
* Copyright The Closure Library Authors.
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @fileoverview Utilities for HTML element tag names.
*/
goog.provide('goog.dom.tags');
goog.require('goog.object');
/**
* The void elements specified by
* http://www.w3.org/TR/html-markup/syntax.html#void-elements.
* @const @private {!Object<string, boolean>}
*/
goog.dom.tags.VOID_TAGS_ = goog.object.createSet(
'area', 'base', 'br', 'col', 'command', 'embed', 'hr', 'img', 'input',
'keygen', 'link', 'meta', 'param', 'source', 'track', 'wbr');
/**
* Checks whether the tag is void (with no contents allowed and no legal end
* tag), for example 'br'.
* @param {string} tagName The tag name in lower case.
* @return {boolean}
*/
goog.dom.tags.isVoidTag = function(tagName) {
'use strict';
return goog.dom.tags.VOID_TAGS_[tagName] === true;
};