/// <summary>
/// Returns HTML-escaped text as a SafeHtml object.
///
/// If text is of a type that implements
/// {@code goog.i18n.bidi.DirectionalString}, the directionality of the new
/// {@code SafeHtml} object is set to {@code text}'s directionality, if known.
/// Otherwise, the directionality of the resulting SafeHtml is unknown (i.e.,
/// {@code null}).
/// </summary>
/// <param name="opt_html">The text to escape. If
/// the parameter is of type SafeHtml it is returned directly (no escaping
/// is done).</param>
/// <returns>The escaped text, wrapped as a SafeHtml.</returns>
public static SafeHtml htmlEscape(object textOrHtml_)
{
if (textOrHtml_ is goog.html.SafeHtml)
{
return(textOrHtml_ as goog.html.SafeHtml);
}
var textOrHtml = textOrHtml_ as goog.html.ISafeCode;
goog.i18n.bidi.Dir dir = null;
if (textOrHtml != null && textOrHtml.implementsGoogI18nBidiDirectionalString)
{
dir = textOrHtml.getDirection();
}
string textAsString;
if (textOrHtml != null && textOrHtml.implementsGoogStringTypedString)
{
textAsString = textOrHtml.getTypedStringValue();
}
else
{
textAsString = textOrHtml_.ToString();
}
return(goog.html.SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(
[email protected](textAsString), dir));
}
/// <summary>
/// Like create() but does not restrict which tags can be constructed.
/// </summary>
/// <param name="tagName"></param>
/// <param name="opt_attributes"></param>
/// <param name="opt_content"></param>
/// <returns></returns>
public static SafeHtml createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(string tagName, Dictionary <string, object> opt_attributes = null, JsArray <SafeHtml> opt_content = null)
{
goog.i18n.bidi.Dir dir = null;
var result = "<" + tagName;
result += goog.html.SafeHtml.stringifyAttributes(tagName, opt_attributes);
var content = opt_content;
if (content == null)
{
content = new JsArray <SafeHtml>();
}
else if (!(content is IEnumerable <SafeHtml>))
{
content = new JsArray <SafeHtml>((IEnumerable <SafeHtml>)content);
}
if (goog.dom.tags.isVoidTag(tagName.ToLowerCase()))
{
goog.asserts.assert(
content.Length == 0, "Void tag <" + tagName + "> does not allow content.");
result += ">";
}
else
{
var html = goog.html.SafeHtml.concat(content);
result += ">" + goog.html.SafeHtml.unwrap(html) + "</" + tagName + ">";
dir = html.getDirection();
}
var dirAttribute = opt_attributes != null && opt_attributes.ContainsKey("dir") ? (string)opt_attributes["dir"] : null;
if (dirAttribute != null)
{
if (new Regex(@"^(ltr|rtl|auto)$", RegexOptions.IgnoreCase).Test(dirAttribute))
{
// If the tag has the "dir" attribute specified then its direction is
// neutral because it can be safely used in any context.
dir = goog.i18n.bidi.Dir.NEUTRAL;
}
else
{
dir = null;
}
}
return(goog.html.SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(
result, dir));
}
public SafeHtml()
{
privateDoNotAccessOrElseSafeHtmlWrappedValue_ = "";
SAFE_HTML_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ = TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_;
dir_ = null;
}
/// <summary>
/// Called from createSafeHtmlSecurityPrivateDoNotAccessOrElse(). This
/// method exists only so that the compiler can dead code eliminate static
/// fields (like EMPTY) when they're not accessed.
/// </summary>
/// <param name="html"></param>
/// <param name="dir"></param>
/// <returns></returns>
private SafeHtml initSecurityPrivateDoNotAccessOrElse_(string html, goog.i18n.bidi.Dir dir)
{
this.privateDoNotAccessOrElseSafeHtmlWrappedValue_ = html;
this.dir_ = dir;
return(this);
}
/// <summary>
/// Package-internal utility method to create SafeHtml instances.
/// </summary>
/// <param name="html">The string to initialize the SafeHtml object with.</param>
/// <param name="dir">The directionality of the SafeHtml to be
/// constructed, or null if unknown.</param>
/// <returns>The initialized SafeHtml object.</returns>
public static SafeHtml createSafeHtmlSecurityPrivateDoNotAccessOrElse(string html, goog.i18n.bidi.Dir dir)
{
return((new goog.html.SafeHtml()).initSecurityPrivateDoNotAccessOrElse_(
html, dir));
}