Builder for appending sanitized content.

[Johannes Nel]

Hi,

I've been digging through the code but I have not seen any way of appending a lot of sanitized content into a single response without converting it to strings again - which seems a ghastly way of doing it.

Any pointers?

Thanks,

Johan

[Luke Sandberg]

what kind of 'response' are you writing?  are you talking about what the soy gencode does? (which backend) or are you trying to use SanitizedContent as part of some other system?

--

---
You received this message because you are subscribed to the Google Groups "Closure Templates Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to closure-templates-...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Mike Samuel]

Does http://static.javadoc.io/com.google.common.html.types/types/1.0.0/com/google/common/html/types/SafeHtmls.html#concat-com.google.common.html.types.SafeHtml...- do what you need?  In general, safe string concatenation is unsafe because you can't put a URL's scheme after a prefix in a way that preserves semantics.

--

[Garry Boyer]

For full disclosure: Although Closure Templates allow TrustedResourceUrl to be concatenated (e.g. <script src="{$a}/{$b}">), that's mostly a limitation of what we've been able to actually deliver so far. (When making a change, we first have to make all of Google's code compatible, so we focus on changes that are realistic but still provide substantial benefit.)

[Mike Samuel]

Good point.  I should have been clear that my caveat explains why there is no SafeUrls.concat.