google / safe-html-types Goto Github PK
View Code? Open in Web Editor NEWSecurity contract types
License: Apache License 2.0
Security contract types
License: Apache License 2.0
@mikesamuel while generating a Bazel config for Soy, I noticed that this project schlepped Guava testlib and junit into the transitive closure. I'm sending you a CL to mark the guava-testlib dependency as optional. I recommend creating a separate pom artifact for your html testing directory.
https://github.com/google/safe-html-types/blob/master/doc/safehtml-types.md shows examples of using safe html types C++ backend, tasty.
Would you open source the C++ version as well? Thanks.
When using the 1.0.5 maven jar I receive the following exception:
Exception in thread "main" java.lang.NoClassDefFoundError: com/google/protobuf/GeneratedMessageV3
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:467)
at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run(URLClassLoader.java:368)
at java.net.URLClassLoader$1.run(URLClassLoader.java:362)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:361)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at com.google.template.soy.types.proto.SafeStringTypes.<clinit>(SafeStringTypes.java:38)
at com.google.template.soy.types.proto.SoyProtoTypeProvider.<init>(SoyProtoTypeProvider.java:186)
at com.google.template.soy.types.proto.SoyProtoTypeProvider.<init>(SoyProtoTypeProvider.java:55)
at com.google.template.soy.types.proto.SoyProtoTypeProvider$Builder.build(SoyProtoTypeProvider.java:120)
at com.google.template.soy.AbstractSoyCompiler.doMain(AbstractSoyCompiler.java:176)
at com.google.template.soy.AbstractSoyCompiler.access$000(AbstractSoyCompiler.java:49)
at com.google.template.soy.AbstractSoyCompiler$2.main(AbstractSoyCompiler.java:149)
at com.google.template.soy.MainClassUtils.runInternal(MainClassUtils.java:255)
at com.google.template.soy.AbstractSoyCompiler.run(AbstractSoyCompiler.java:146)
at com.google.template.soy.AbstractSoyCompiler.runMain(AbstractSoyCompiler.java:138)
at com.google.template.soy.SoyToIncrementalDomSrcCompiler.main(SoyToIncrementalDomSrcCompiler.java:64)
Caused by: java.lang.ClassNotFoundException: com.google.protobuf.GeneratedMessageV3
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
This was not present when using 1.0.4. Let me know if you need any additional information.
Package com.google.common.html.types
is annotated with @CheckReturnValue
:
This causes builds that enforce the annotation (like Error Prone) to fail on generated protocol buffers which reference the safe html types defined in this repository.
Example:
import "webutil/html/types/html.proto";
message Test {
optional webutil.html.types.SafeUrlProto url_field = 1;
}
Attempting to compile with error prone will fail on the generated java protobuf code with a message like:
error: [CheckReturnValue] Ignored return value of method that is annotated with @CheckReturnValue
subBuilder.mergeFrom(urlField_);
^
(see http://errorprone.info/bugpattern/CheckReturnValue)
Did you mean 'subBuilder = subBuilder.mergeFrom(urlField_);'?
error: [CheckReturnValue] Ignored return value of method that is annotated with @CheckReturnValue
com.google.common.html.types.Html.getDescriptor();
^
(see http://errorprone.info/bugpattern/CheckReturnValue)
Did you mean to remove this line?
Because the protocol buffer messages reside in the same java_package
com.google.common.html.types
, I don't believe there's a quick fix for this other than removing the annotation from from the package and instead annotating all classes in types/src/main/java/com/google/common/html/types
individually.
Update: This actually also affects several of the non-protobuf classes--@CheckReturnValue
shouldn't apply to the following builders:
SafeHtmlBuilder
SafeStyleBuilder
TrustedResourceUrlBuilder
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.