How to "guarantee HTML-safety of the template"?

106 views
Skip to first unread message

Hilco Wijbenga

unread,
Oct 18, 2011, 6:36:35 PM10/18/11
to GWT Users
Hi all,

I have been getting the warning below for quite some time now and I
decided I finally wanted to do something about it.

[WARN] Template with variable in URL attribute context: The template
code generator cannot guarantee HTML-safety of the template -- please
inspect manually or use SafeUri to specify arguments in a URL
attribute context

It wasn't easy (because the warning doesn't give the slightest hint as
to where the problem might be) but I found the method that triggers
it: getLocation().

class MyWidget ... {
...
@UiConstructor
MyWidget(String location, ...) {
this.location = location;
...
}
...
String getLocation() {
return location;
}
}

This is used in MyWidget.ui.xml:

<ui:with field="widget" type="....MyWidget"/>
<g:HTMLPanel>
<object ... data="{widget.getLocation}">...</object>
</g:HTMLPanel>

The warning seems to indicate I should use something like

SafeUri getLocation() (which then returns a SafeUri wrapper of 'location')

but doing that results in

[ERROR] Returns interface com.google.gwt.safehtml.shared.SafeUri,
can't be used as class java.lang.String

So I guess that's not the right way then. And using SafeUri's asString
(i.e. "{widget.getLocation.asString}") gets me the original warning
back.

What should I do to get rid of the warning?

Cheers,
Hilco

Thomas Broyer

unread,
Oct 19, 2011, 5:34:44 AM10/19/11
to google-we...@googlegroups.com
First: report the bug about the "[ERROR] Returns interface com.google.gwt.safehtml.shared.SafeUri, can't be used as class java.lang.String" !

The thing is: the warning comes from the SafeHtmlTemplates generator, while the error above comes from the UiBinder generator (which generates a SafeHtmlTemplates). UiBinder should allow SafeUri in attribute values.

Given that bug, I don't think you can do anything about this warning.

Thomas Broyer

unread,
Oct 19, 2011, 6:32:36 AM10/19/11
to google-we...@googlegroups.com
Hmm, actually, it seems like this has already been done: http://code.google.com/p/google-web-toolkit/source/detail?r=10548

It hasn't been merged into the GWT 2.4 branch though, so you'll have to build GWT from trunk or wait for GWT 2.5.
Reply all
Reply to author
Forward
0 new messages