Remove package visibility restriction from goog.html.sanitizer.CssSan…

…itizer.sanitizeInlineStyle and make it return a SafeStyle. RELNOTES[NEW]: Make goog.html.sanitizer.CssSanitizer.sanitizeInlineStyle public. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=126817772
google · Jul 7, 2016 · 005bc11 · 005bc11
1 parent e4beff3
commit 005bc11
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 10 deletions.
diff --git a/closure/goog/deps.js b/closure/goog/deps.js
diff --git a/closure/goog/html/sanitizer/csssanitizer.js b/closure/goog/html/sanitizer/csssanitizer.js
@@ -23,6 +23,8 @@
 goog.provide('goog.html.sanitizer.CssSanitizer');
 
 goog.require('goog.array');
+goog.require('goog.html.SafeStyle');
+goog.require('goog.html.uncheckedconversions');
 goog.require('goog.object');
 goog.require('goog.string');
 
@@ -207,13 +209,12 @@ goog.html.sanitizer.CssSanitizer.sanitizeProperty_ = function(
  * @param {?CSSStyleDeclaration} cssStyle A CSS style object.
  * @param {function(string, string)=} opt_uriRewriter A URI rewriter that
  *    returns an unwrapped goog.html.SafeUrl.
- * @return {?string} A sanitized inline cssText.
- * @package
+ * @return {!goog.html.SafeStyle} A sanitized inline cssText.
  */
 goog.html.sanitizer.CssSanitizer.sanitizeInlineStyle = function(
     cssStyle, opt_uriRewriter) {
   if (!cssStyle) {
-    return null;
+    return goog.html.SafeStyle.EMPTY;
   }
 
   var cleanCssStyle = document.createElement('div').style;
@@ -233,7 +234,10 @@ goog.html.sanitizer.CssSanitizer.sanitizeInlineStyle = function(
           cleanCssStyle, propName, sanitizedValue);
     }
   }
-  return cleanCssStyle.cssText || null;
+  return goog.html.uncheckedconversions
+      .safeStyleFromStringKnownToSatisfyTypeContract(
+          goog.string.Const.from('Output of CSS sanitizer'),
+          cleanCssStyle.cssText || '');
 };
 
 

diff --git a/closure/goog/html/sanitizer/csssanitizer_test.js b/closure/goog/html/sanitizer/csssanitizer_test.js
@@ -17,6 +17,7 @@
 goog.setTestOnly();
 
 goog.require('goog.array');
+goog.require('goog.html.SafeStyle');
 goog.require('goog.html.SafeUrl');
 goog.require('goog.html.sanitizer.CssSanitizer');
 goog.require('goog.string');
@@ -89,8 +90,9 @@ function assertCSSTextEquals(expectedCssText, actualCssText) {
  */
 function getSanitizedInlineStyle(sourceCss, opt_urlRewrite) {
   try {
-    return goog.html.sanitizer.CssSanitizer.sanitizeInlineStyle(
-               getStyleFromCssText(sourceCss), opt_urlRewrite) ||
+    return goog.html.SafeStyle.unwrap(
+               goog.html.sanitizer.CssSanitizer.sanitizeInlineStyle(
+                   getStyleFromCssText(sourceCss), opt_urlRewrite)) ||
         '';
   } catch (err) {
     // IE8 doesn't like setting invalid properties. It throws an "Invalid

diff --git a/closure/goog/html/sanitizer/htmlsanitizer.js b/closure/goog/html/sanitizer/htmlsanitizer.js
@@ -40,6 +40,7 @@ goog.require('goog.asserts');
 goog.require('goog.dom');
 goog.require('goog.dom.NodeType');
 goog.require('goog.functions');
+goog.require('goog.html.SafeStyle');
 goog.require('goog.html.SafeUrl');
 goog.require('goog.html.sanitizer.AttributeWhitelist');
 goog.require('goog.html.sanitizer.CssSanitizer');
@@ -527,8 +528,9 @@ goog.html.sanitizer.HtmlSanitizer.sanitizeCssBlock_ = function(
         policyHints.cssProperty = prop;
         return policySanitizeUrl(uri, policyHints);
       });
-  return goog.html.sanitizer.CssSanitizer.sanitizeInlineStyle(
-      policyContext.cssStyle, naiveUriRewriter);
+  return goog.html.SafeStyle.unwrap(
+      goog.html.sanitizer.CssSanitizer.sanitizeInlineStyle(
+          policyContext.cssStyle, naiveUriRewriter));
 };