Initial commit for XSS Sanitization.

Author: kevzlou7979

gwt-material/src/main/java/gwt/material/design/client/base/AbstractTextWidget.java

@@ -24,11 +24,13 @@
 import com.google.gwt.editor.client.LeafValueEditor;
 import com.google.gwt.editor.ui.client.adapters.HasTextEditor;
 import com.google.gwt.safehtml.shared.SafeHtmlUtils;
+import com.google.gwt.safehtml.shared.SimpleHtmlSanitizer;
 import com.google.gwt.user.client.ui.HasHTML;
 
 /**
  * @author Ben Dol
  */
+//TODO : Setting HasRawValue - break the sanitizer
 public abstract class AbstractTextWidget extends AbstractValueWidget<String> implements HasId, HasHTML,
         IsEditor<LeafValueEditor<String>> {
 
@@ -40,11 +42,12 @@ protected AbstractTextWidget(Element element) {
 
     @Override
     public String getValue() {
-        return getElement().getInnerText();
+        return SafeHtmlUtils.fromString(getElement().getInnerText()).asString();
     }
 
     @Override
     public void setValue(String value, boolean fireEvents) {
+        value = SafeHtmlUtils.fromString(value).asString();
         getElement().setInnerText(value);
         super.setValue(value, fireEvents);
     }

gwt-material/src/main/java/gwt/material/design/client/base/AbstractValueWidget.java

@@ -40,6 +40,7 @@
 
 import java.util.List;
 
+//TODO: HasRawValue
 public abstract class AbstractValueWidget<V> extends MaterialWidget implements HasValue<V>, LeafValueEditor<V>,
         HasEditorErrors<V>, HasErrorHandler, HasError, HasValidators<V> {
 
@@ -80,6 +81,9 @@ public void setValue(V value, boolean fireEvents, boolean reload) {
         }
     }
 
+    //TODO:
+    //setSanitizer();
+
     @Override
     public void setError(String error) {
         getErrorMixin().setError(error);

gwt-material/src/main/java/gwt/material/design/client/ui/MaterialBadge.java

@@ -84,7 +84,7 @@ public MaterialBadge(String text, Color textColor, Color bgColor) {
 
     @Override
     public String getText() {
-        return getElement().getInnerHTML();
+        return SafeHtmlUtils.fromString(getElement().getInnerText()).asString();
     }
 
     @Override

gwt-material/src/main/java/gwt/material/design/client/ui/MaterialTitle.java

@@ -112,6 +112,6 @@ public void setValue(String value, boolean fireEvents) {
 
     @Override
     public String getValue() {
-        return header.getElement().getInnerHTML();
+        return SafeHtmlUtils.fromString(header.getElement().getInnerHTML()).asString();
     }
 }

gwt-material/src/main/java/gwt/material/design/client/ui/html/IFrame.java

@@ -1,3 +1,22 @@
+/*
+ * #%L
+ * GwtMaterial
+ * %%
+ * Copyright (C) 2015 - 2018 GwtMaterialDesign
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
 package gwt.material.design.client.ui.html;
 
 import com.google.gwt.dom.client.Document;

gwt-material/src/main/java/gwt/material/design/client/ui/html/Pre.java

@@ -21,6 +21,8 @@
  */
 
 import com.google.gwt.dom.client.Document;
+import com.google.gwt.safehtml.shared.SafeHtml;
+import com.google.gwt.safehtml.shared.SafeHtmlUtils;
 import gwt.material.design.client.base.AbstractTextWidget;
 
 /**
@@ -39,6 +41,6 @@ public Pre(final String text) {
 
     @Override
     public void setHTML(String html) {
-        getElement().setInnerHTML(html);
+        getElement().setInnerSafeHtml(SafeHtmlUtils.fromString(html));
     }
 }