Closure disable URL substitution with autoescape=strict
Question
I am rendering a soy template using Closure for a chrome extension and am having trouble inserting chrome-extension://* links since they are being filtered by soy.$$filterNormalizeUri
While normally it would be undesirable to allow chrome-extension://* links, it makes sense within a chrome extension.
Is there a way to whitelist the protocol or allow a particular case of unfiltered URL substitution (perhaps using soy.$$normalizeUri instead of soy.$$filterNormalizeUri )? The input is not user-defined and should be safe for consumption.
Example:
{template .t}
{foreach $src in $list}
<link rel="stylesheet" href="{$src}" />
{/foreach}
{/template}
Where $list is a generated list of stylesheet paths beginning with chrome-extension://*
The error returned is Uncaught AssertionError: Failure: Bad value chrome-extension://... for |filterNormalizeUri
Info about escaping: https://developers.google.com/closure/templates/docs/security#in_urls
1 answers
solution1
0 2015-04-14 17:33:17
如果$ list的元素是SanitizedContent实例而不是字符串,那么我认为不应对其进行转义。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.