Package overit.geocall.util.services

Interface SafeInlineService

All Known Implementing Classes:
SafeInlineServiceImpl
public interface SafeInlineService
Service interface for handling inline JavaScript and CSS code in a secure manner. This service provides methods to safely add event handlers and styles to HTML elements while maintaining compatibility with Content Security Policy (CSP) restrictions. When the safe inline handlers feature is enabled (via 'foundation.ui.csp.safe' or 'foundation.ui.csp.safe.inline.handler' properties), instead of using unsafe inline attributes like 'onclick' or 'style', this service:
  • For events: converts them to data-event-* attributes and adds appropriate CSS classes
  • For styles: converts them to data-style attributes and adds appropriate CSS classes
These attributes are then processed by the SafeInlineEngine JavaScript module to apply the events and styles in a CSP-compliant way.
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    SAFENESS_SCRIPT_CLASS
     
    static final String
    SAFENESS_STYLE_CLASS
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    setEvent(org.apache.ecs.ConcreteElement e, String event, String script)
    Sets a JS event handler on an HTML element in a CSP-compliant way.
    void
    setEvent(IconHD i, String event, String script)
    Sets a JS event handler on the Icon in a CSP-compliant way.
    void
    setStyle(org.apache.ecs.ConcreteElement e, String style)
    Sets inline CSS styles on an HTML element in a CSP-compliant way.

  • Field Details

  • Method Details

    • setEvent

      void setEvent(org.apache.ecs.ConcreteElement e, String event, String script)
      Sets a JS event handler on an HTML element in a CSP-compliant way. When safe inline handlers are enabled, instead of setting the event directly (e.g., 'onclick'), it adds a data-event-* attribute and the 'activableScripting' class and the SafeInlineEngine will then handle the event.
      Parameters:
      e - The HTML element to which the event handler will be added
      event - The event name (e.g., "click", "change"). The "on" prefix will be automatically added if missing
      script - The JavaScript code to be executed when the event occurs

    • setEvent

      void setEvent(IconHD i, String event, String script)
      Sets a JS event handler on the Icon in a CSP-compliant way. When safe inline handlers are enabled, instead of setting the event directly (e.g., 'onclick'), it adds a data-event-* attribute and the 'activableScripting' class and the SafeInlineEngine will then handle the event.
      Parameters:
      i - The icon element to which the event handler will be added
      event - The event name (e.g., "click", "change"). The "on" prefix will be automatically added if missing
      script - The JavaScript code to be executed when the event occurs

    • setStyle

      void setStyle(org.apache.ecs.ConcreteElement e, String style)
      Sets inline CSS styles on an HTML element in a CSP-compliant way. When safe inline handlers are enabled, instead of using the 'style' attribute, it adds a data-style attribute and the 'activableStyling' class and the SafeInlineEngine will then handle the event.
      Parameters:
      e - The HTML element to which the styles will be applied
      style - The CSS style string to be applied