public final class SafeStylesBuilder extends Object
SafeStyles
. It is used essentially like a StringBuilder
,
but access SafeStyles
instead of Strings.
The accumulated XSS-safe SafeStyles
can be obtained in the form of a
SafeStyles
via the toSafeStyles()
method.
This class is not thread-safe.
Constructor and Description |
---|
SafeStylesBuilder()
Constructs an empty
SafeStylesBuilder . |
Modifier and Type | Method and Description |
---|---|
SafeStylesBuilder |
append(SafeStyles styles)
Appends the contents of another
SafeStyles object, without applying
any escaping or sanitization to it. |
SafeStylesBuilder |
appendTrustedString(String styles)
Appends
SafeStyles constructed from a trusted string, i.e., without
escaping the string. |
SafeStylesBuilder |
backgroundImage(SafeUri uri)
Append the background-image CSS property.
|
SafeStylesBuilder |
borderStyle(Style.BorderStyle value)
Append the border-style CSS property.
|
SafeStylesBuilder |
borderWidth(double value,
Style.Unit unit)
Append the border-width css property.
|
SafeStylesBuilder |
bottom(double value,
Style.Unit unit)
Append the bottom css property.
|
SafeStylesBuilder |
clear(Style.Clear value)
Append the 'clear' CSS property.
|
SafeStylesBuilder |
cursor(Style.Cursor value)
Append the cursor CSS property.
|
SafeStylesBuilder |
display(Style.Display value)
Append the display CSS property.
|
SafeStylesBuilder |
floatprop(Style.Float value)
Append the float css property.
|
SafeStylesBuilder |
fontSize(double value,
Style.Unit unit)
Append the font-size css property.
|
SafeStylesBuilder |
fontStyle(Style.FontStyle value)
Append the font-style CSS property.
|
SafeStylesBuilder |
fontWeight(Style.FontWeight value)
Append the font-weight CSS property.
|
SafeStylesBuilder |
height(double value,
Style.Unit unit)
Append the height css property.
|
SafeStylesBuilder |
left(double value,
Style.Unit unit)
Append the left css property.
|
SafeStylesBuilder |
listStyleType(Style.ListStyleType value)
Append the list-style-type CSS property.
|
SafeStylesBuilder |
margin(double value,
Style.Unit unit)
Append the margin css property.
|
SafeStylesBuilder |
marginBottom(double value,
Style.Unit unit)
Append the margin-bottom css property.
|
SafeStylesBuilder |
marginLeft(double value,
Style.Unit unit)
Append the margin-left css property.
|
SafeStylesBuilder |
marginRight(double value,
Style.Unit unit)
Append the margin-right css property.
|
SafeStylesBuilder |
marginTop(double value,
Style.Unit unit)
Append the margin-top css property.
|
SafeStylesBuilder |
opacity(double value)
Append the opacity css property.
|
SafeStylesBuilder |
overflow(Style.Overflow value)
Append the overflow CSS property.
|
SafeStylesBuilder |
overflowX(Style.Overflow value)
Append the overflow-x CSS property.
|
SafeStylesBuilder |
overflowY(Style.Overflow value)
Append the overflow-y CSS property.
|
SafeStylesBuilder |
padding(double value,
Style.Unit unit)
Append the padding css property.
|
SafeStylesBuilder |
paddingBottom(double value,
Style.Unit unit)
Append the padding-bottom css property.
|
SafeStylesBuilder |
paddingLeft(double value,
Style.Unit unit)
Append the padding-left css property.
|
SafeStylesBuilder |
paddingRight(double value,
Style.Unit unit)
Append the padding-right css property.
|
SafeStylesBuilder |
paddingTop(double value,
Style.Unit unit)
Append the padding-top css property.
|
SafeStylesBuilder |
position(Style.Position value)
Append the position CSS property.
|
SafeStylesBuilder |
right(double value,
Style.Unit unit)
Append the right css property.
|
SafeStylesBuilder |
tableLayout(Style.TableLayout value)
Append the table-layout CSS property.
|
SafeStylesBuilder |
textAlign(Style.TextAlign value)
Append the 'text-align' CSS property.
|
SafeStylesBuilder |
textDecoration(Style.TextDecoration value)
Append the text-decoration CSS property.
|
SafeStylesBuilder |
textIndent(double value,
Style.Unit unit)
Append the 'text-indent' CSS property.
|
SafeStylesBuilder |
textJustify(Style.TextJustify value)
Append the 'text-justify' CSS3 property.
|
SafeStylesBuilder |
textOverflow(Style.TextOverflow value)
Append the 'text-overflow' CSS3 property.
|
SafeStylesBuilder |
textTransform(Style.TextTransform value)
Append the 'text-transform' CSS property.
|
SafeStylesBuilder |
top(double value,
Style.Unit unit)
Append the top css property.
|
SafeStyles |
toSafeStyles()
Returns the safe CSS properties accumulated in the builder as a
SafeStyles . |
SafeStylesBuilder |
trustedBackgroundColor(String value)
Append the trusted background color, i.e., without escaping the value.
|
SafeStylesBuilder |
trustedBackgroundImage(String value)
Append the trusted background image, i.e., without escaping the value.
|
SafeStylesBuilder |
trustedBorderColor(String value)
Append the trusted border color, i.e., without escaping the value.
|
SafeStylesBuilder |
trustedColor(String value)
Append the trusted font color, i.e., without escaping the value.
|
SafeStylesBuilder |
trustedNameAndValue(String name,
double value,
Style.Unit unit)
Append a
SafeStyles constructed from a trusted name and a trusted
value, i.e., without escaping the name and value. |
SafeStylesBuilder |
trustedNameAndValue(String name,
String value)
Append a
SafeStyles constructed from a trusted name and a trusted
value, i.e., without escaping the name and value. |
SafeStylesBuilder |
verticalAlign(double value,
Style.Unit unit)
Append the vertical-align CSS property.
|
SafeStylesBuilder |
verticalAlign(Style.VerticalAlign value)
Append the vertical-align CSS property.
|
SafeStylesBuilder |
visibility(Style.Visibility value)
Append the visibility CSS property.
|
SafeStylesBuilder |
whiteSpace(Style.WhiteSpace whiteSpace)
Append the 'white-space' CSS property.
|
SafeStylesBuilder |
width(double value,
Style.Unit unit)
Append the width css property.
|
SafeStylesBuilder |
zIndex(int value)
Append the z-index css property.
|
public SafeStylesBuilder()
SafeStylesBuilder
.public SafeStylesBuilder append(SafeStyles styles)
SafeStyles
object, without applying
any escaping or sanitization to it.styles
- the SafeStyles
to appendpublic SafeStylesBuilder appendTrustedString(String styles)
Appends SafeStyles
constructed from a trusted string, i.e., without
escaping the string. Only minimal checks are performed. The calling code
should be carefully reviewed to ensure the argument meets the
SafeStyles
contract.
Generally, SafeStyles
should be of the form
cssPropertyName:value;
, where neither the name nor the value
contain malicious scripts.
SafeStyles
may never contain literal angle brackets. Otherwise, it
could be unsafe to place a SafeStyles
into a <style> tag
(where it can't be HTML escaped). For example, if the SafeStyles
containing "
font: 'foo <style><script>evil</script>
'" is
used in a style sheet in a <style> tag, this could then break out of
the style context into HTML.
The following example values comply with this type's contract:
width: 1em;
height:1em;
width: 1em;height: 1em;
background:url('http://url');
The following example values do not comply with this type's contract:
background: red
(missing a trailing semi-colon)background:
(missing a value and a trailing semi-colon)1em
(missing an attribute name, which provides context for
the value)styles
- the input StringSafeStyles
instancepublic SafeStylesBuilder backgroundImage(SafeUri uri)
uri
- the URI of the background imagetrustedBackgroundImage(String)
public SafeStylesBuilder borderStyle(Style.BorderStyle value)
public SafeStylesBuilder borderWidth(double value, Style.Unit unit)
public SafeStylesBuilder bottom(double value, Style.Unit unit)
public SafeStylesBuilder clear(Style.Clear value)
public SafeStylesBuilder cursor(Style.Cursor value)
public SafeStylesBuilder display(Style.Display value)
public SafeStylesBuilder floatprop(Style.Float value)
Note: This method has the suffix "prop" to avoid Java compilation errors. The term "float" is a reserved word in Java representing the primitive float.
public SafeStylesBuilder fontSize(double value, Style.Unit unit)
public SafeStylesBuilder fontStyle(Style.FontStyle value)
public SafeStylesBuilder fontWeight(Style.FontWeight value)
public SafeStylesBuilder height(double value, Style.Unit unit)
public SafeStylesBuilder left(double value, Style.Unit unit)
public SafeStylesBuilder listStyleType(Style.ListStyleType value)
public SafeStylesBuilder margin(double value, Style.Unit unit)
public SafeStylesBuilder marginBottom(double value, Style.Unit unit)
public SafeStylesBuilder marginLeft(double value, Style.Unit unit)
public SafeStylesBuilder marginRight(double value, Style.Unit unit)
public SafeStylesBuilder marginTop(double value, Style.Unit unit)
public SafeStylesBuilder opacity(double value)
public SafeStylesBuilder overflow(Style.Overflow value)
public SafeStylesBuilder overflowX(Style.Overflow value)
public SafeStylesBuilder overflowY(Style.Overflow value)
public SafeStylesBuilder padding(double value, Style.Unit unit)
public SafeStylesBuilder paddingBottom(double value, Style.Unit unit)
public SafeStylesBuilder paddingLeft(double value, Style.Unit unit)
public SafeStylesBuilder paddingRight(double value, Style.Unit unit)
public SafeStylesBuilder paddingTop(double value, Style.Unit unit)
public SafeStylesBuilder position(Style.Position value)
public SafeStylesBuilder right(double value, Style.Unit unit)
public SafeStylesBuilder tableLayout(Style.TableLayout value)
public SafeStylesBuilder textAlign(Style.TextAlign value)
public SafeStylesBuilder textDecoration(Style.TextDecoration value)
public SafeStylesBuilder textIndent(double value, Style.Unit unit)
public SafeStylesBuilder textJustify(Style.TextJustify value)
public SafeStylesBuilder textOverflow(Style.TextOverflow value)
public SafeStylesBuilder textTransform(Style.TextTransform value)
public SafeStylesBuilder top(double value, Style.Unit unit)
public SafeStyles toSafeStyles()
SafeStyles
.SafeStyles
instancepublic SafeStylesBuilder trustedBackgroundColor(String value)
Append the trusted background color, i.e., without escaping the value. No
checks are performed. The calling code should be carefully reviewed to
ensure the argument will satisfy the SafeStyles
contract when they
are composed into the form: "<name>:<value>;".
SafeStyles
may never contain literal angle brackets. Otherwise, it
could be unsafe to place a SafeStyles
into a <style> tag
(where it can't be HTML escaped). For example, if the SafeStyles
containing "
font: 'foo <style><script>evil</script>
'" is
used in a style sheet in a <style> tag, this could then break out of
the style context into HTML.
value
- the property valueSafeStyles
instancepublic SafeStylesBuilder trustedBackgroundImage(String value)
Append the trusted background image, i.e., without escaping the value. No
checks are performed. The calling code should be carefully reviewed to
ensure the argument will satisfy the SafeStyles
contract when they
are composed into the form: "<name>:<value>;".
SafeStyles
may never contain literal angle brackets. Otherwise, it
could be unsafe to place a SafeStyles
into a <style> tag
(where it can't be HTML escaped). For example, if the SafeStyles
containing "
font: 'foo <style><script>evil</script>
'" is
used in a style sheet in a <style> tag, this could then break out of
the style context into HTML.
value
- the property valueSafeStyles
instancebackgroundImage(SafeUri)
public SafeStylesBuilder trustedBorderColor(String value)
Append the trusted border color, i.e., without escaping the value. No
checks are performed. The calling code should be carefully reviewed to
ensure the argument will satisfy the SafeStyles
contract when they
are composed into the form: "<name>:<value>;".
SafeStyles
may never contain literal angle brackets. Otherwise, it
could be unsafe to place a SafeStyles
into a <style> tag
(where it can't be HTML escaped). For example, if the SafeStyles
containing "
font: 'foo <style><script>evil</script>
'" is
used in a style sheet in a <style> tag, this could then break out of
the style context into HTML.
value
- the property valueSafeStyles
instancepublic SafeStylesBuilder trustedColor(String value)
Append the trusted font color, i.e., without escaping the value. No checks
are performed. The calling code should be carefully reviewed to ensure the
argument will satisfy the SafeStyles
contract when they are
composed into the form: "<name>:<value>;".
SafeStyles
may never contain literal angle brackets. Otherwise, it
could be unsafe to place a SafeStyles
into a <style> tag
(where it can't be HTML escaped). For example, if the SafeStyles
containing "
font: 'foo <style><script>evil</script>
'" is
used in a style sheet in a <style> tag, this could then break out of
the style context into HTML.
value
- the property valueSafeStyles
instancepublic SafeStylesBuilder trustedNameAndValue(String name, double value, Style.Unit unit)
Append a SafeStyles
constructed from a trusted name and a trusted
value, i.e., without escaping the name and value. No checks are performed.
The calling code should be carefully reviewed to ensure the argument will
satisfy the SafeStyles
contract when they are composed into the
form: "<name>:<value>;".
SafeStyles
may never contain literal angle brackets. Otherwise, it
could be unsafe to place a SafeStyles
into a <style> tag
(where it can't be HTML escaped). For example, if the SafeStyles
containing "
font: 'foo <style><script>evil</script>
'" is
used in a style sheet in a <style> tag, this could then break out of
the style context into HTML.
The name should be in hyphenated format, not camelCase format.
name
- the property namevalue
- the property valueSafeStyles
instancepublic SafeStylesBuilder trustedNameAndValue(String name, String value)
Append a SafeStyles
constructed from a trusted name and a trusted
value, i.e., without escaping the name and value. No checks are performed.
The calling code should be carefully reviewed to ensure the argument will
satisfy the SafeStyles
contract when they are composed into the
form: "<name>:<value>;".
SafeStyles
may never contain literal angle brackets. Otherwise, it
could be unsafe to place a SafeStyles
into a <style> tag
(where it can't be HTML escaped). For example, if the SafeStyles
containing "
font: 'foo <style><script>evil</script>
'" is
used in a style sheet in a <style> tag, this could then break out of
the style context into HTML.
The name should be in hyphenated format, not camelCase format.
name
- the property namevalue
- the property valueSafeStyles
instancepublic SafeStylesBuilder verticalAlign(double value, Style.Unit unit)
public SafeStylesBuilder verticalAlign(Style.VerticalAlign value)
public SafeStylesBuilder visibility(Style.Visibility value)
public SafeStylesBuilder whiteSpace(Style.WhiteSpace whiteSpace)
public SafeStylesBuilder width(double value, Style.Unit unit)
public SafeStylesBuilder zIndex(int value)
Copyright © 2018. All rights reserved.