HTMLer is implemented by any value that has an HTML method, which defines the
safe HTML format for that value.
( T) HTML() HTML
A Identifier is an immutable string-like type that is safe to use in HTML
contexts as an identifier for HTML elements. For example, it is unsafe to
insert an untrusted string into a
<img name="..."></img>
context since the string may be controlled by an attacker who can assign it
a value that masks existing DOM properties (i.e. DOM Clobbering). An
attacker may also be able to force legitimate Javascript code, which uses
document.getElementsByName(...) to read DOM elements, to refer to this
element. This may lead to unintended side effects, particularly if that
element contains attacker-controlled data. It is, however, safe to use an
Identifier in this context since its value is known to be partially or fully
under application control.
In order to ensure that an attacker cannot influence the Identifier value,
an Identifier can only be instantiated from a compile-time constant string
literal prefix.
Note that Identifier is Go-specific and therefore does not have a Proto form
for cross-language use.
We declare an HTML not as a string but as a struct wrapping a string
to prevent construction of HTML values through string conversion.
String returns the string form of the Identifier.
T : expvar.Var
T : fmt.Stringer
T : context.stringer
T : runtime.stringer
func IdentifierFromConstant(value stringConstant) Identifier
func IdentifierFromConstantPrefix(prefix stringConstant, value string) Identifier
func github.com/google/safehtml/legacyconversions.RiskilyAssumeIdentifier(s string) Identifier
func github.com/google/safehtml/uncheckedconversions.IdentifierFromStringKnownToSatisfyTypeContract(s string) Identifier
func golang.org/x/pkgsite/internal/godoc/dochtml/internal/render.SafeGoID(s string) Identifier
func identifierRaw(s string) Identifier
func golang.org/x/pkgsite/internal/frontend.licenseAnchors(paths []string) []Identifier
func golang.org/x/pkgsite/internal/godoc/dochtml.exampleID(id, suffix string) Identifier
A Script is an immutable string-like type which represents JavaScript
code and guarantees that its value, as a string, will not cause execution
of unconstrained attacker controlled code (cross-site scripting) when
evaluated as JavaScript in a browser.
Script's string representation can safely be interpolated as the
content of a script element within HTML, and can safely be passed to DOM
properties and functions which expect JavaScript. In these cases, the Script
string should not be escaped. Script's string representation can also be safely
used as the value for on* attribute handlers in HTML, though the Script string
must be escaped before such use.
Note that the Script might contain text that is attacker-controlled but
that text should have been interpolated with appropriate escaping,
sanitization and/or validation into the right location in the script, such
that it is highly constrained in its effect (for example, it had to match a
set of whitelisted words).
In order to ensure that an attacker cannot influence the Script
value, a Script can only be instantiated from compile-time
constant string literals or security-reviewed unchecked conversions,
but never from arbitrary string values potentially representing untrusted
user input.
We declare an HTML not as a string but as a struct wrapping a string
to prevent construction of HTML values through string conversion.
String returns the string form of the Script.
T : expvar.Var
T : fmt.Stringer
T : context.stringer
T : runtime.stringer
func ScriptFromConstant(script stringConstant) Script
func ScriptFromDataAndConstant(name stringConstant, data interface{}, script stringConstant) (Script, error)
func github.com/google/safehtml/legacyconversions.RiskilyAssumeScript(s string) Script
func github.com/google/safehtml/uncheckedconversions.ScriptFromStringKnownToSatisfyTypeContract(s string) Script
func scriptRaw(s string) Script
A Style is an immutable string-like type which represents a sequence of CSS
declarations (property_name1: property_value1; property_name2: property_value2; ...)
and guarantees that its value will not cause untrusted script execution
(cross-site scripting) when evaluated as CSS in a browser.
Style's string representation can safely be:
* Interpolated as the content of a quoted HTML style attribute. However, the
Style string must be HTML-attribute-escaped before interpolation.
* Interpolated as the content of a {}-wrapped block within a StyleSheet.
'<' runes in the Style string must be CSS-escaped before interpolation.
The Style string is also guaranteed not to be able to introduce new
properties or elide existing ones.
* Interpolated as the content of a {}-wrapped block within an HTML <style>
element. '<' runes in the Style string must be CSS-escaped before interpolation.
* Assigned to the style property of a DOM node. The Style string should not
be escaped before being assigned to the property.
In addition, values of this type are composable, that is, for any two Style
values |style1| and |style2|, style1.style() + style2.style() is itself a
value that satisfies the Style type constraint.
We declare an HTML not as a string but as a struct wrapping a string
to prevent construction of HTML values through string conversion.
String returns the string form of the Style.
T : expvar.Var
T : fmt.Stringer
T : context.stringer
T : runtime.stringer
func StyleFromConstant(style stringConstant) Style
func StyleFromProperties(properties StyleProperties) Style
func github.com/google/safehtml/legacyconversions.RiskilyAssumeStyle(s string) Style
func github.com/google/safehtml/uncheckedconversions.StyleFromStringKnownToSatisfyTypeContract(s string) Style
func style(s string) Style
func CSSRule(selector string, style Style) (StyleSheet, error)
StyleProperties contains property values for CSS properties whose names are
the hyphen-separated form of the field names. These values will be validated
by StyleFromProperties before being included in a Style.
For example, BackgroundPosition contains the value for the
"background-position" property, and Display contains the value for the "display"
property.
The following values can only contain whitelisted runes, that is, alphanumerics,
space, tab, and the set [+-.!#%_/*]. In addition, comment markers "//", "/*",
and "*/" are disallowed. Non-conforming values will be replaced by
InnocuousPropertyValue in StyleFromProperties.
BackgroundImageURLs contains URL values for the background-image property.
These values val_1, val_2, ..., val_n will be passed through URLSanitized and CSS-escaped in
StyleFromProperties, then interpolated into to a comma-separated list of CSS URLs of the form
url("val_1"), url("val_2"), ..., url("val_n")
See https://www.w3.org/TR/CSS2/syndata.html#value-def-uri and https://drafts.csswg.org/css-backgrounds-3/#layering.
BackgroundPositionstringBackgroundRepeatstringBackgroundSizestringBottomstringColorstring
Display must consist of only ASCII alphabetic or '-' runes.
Non-conforming values will be replaced by InnocuousPropertyValue in
StyleFromProperties.
FontFamily values are used, comma-separated, as the font-family property.
* Names starting with a Latin alphabet runes and containing only Latin alphabets and hyphens will be included unquoted.
* Names enclosed in double quote literals (e.g. `"21st Century"`) will be CSS-escaped without the outermost quotes,
then included within double quotes.
* All other names will be CSS-escaped, and included within double quotes.
See https://drafts.csswg.org/css-fonts-3/#font-family-prop.
FontWeightstringHeightstringLeftstringPaddingstringRightstringTopstringWidthstring
Note: this property might allow clickjacking, but the risk is limited without
the ability to set the position property to "absolute" or "fixed".
func StyleFromProperties(properties StyleProperties) Style
A StyleSheet is an immutable string-like type which represents a CSS
style sheet and guarantees that its value, as a string, will not cause
untrusted script execution (cross-site scripting) when evaluated as CSS
in a browser.
StyleSheet's string representation can safely be interpolated as the
content of a style element within HTML. The StyleSheet string should
not be escaped before interpolation.
We declare an HTML not as a string but as a struct wrapping a string
to prevent construction of HTML values through string conversion.
String returns the string form of the StyleSheet.
T : expvar.Var
T : fmt.Stringer
T : context.stringer
T : runtime.stringer
func CSSRule(selector string, style Style) (StyleSheet, error)
func StyleSheetFromConstant(styleSheet stringConstant) StyleSheet
func github.com/google/safehtml/legacyconversions.RiskilyAssumeStyleSheet(s string) StyleSheet
func github.com/google/safehtml/uncheckedconversions.StyleSheetFromStringKnownToSatisfyTypeContract(s string) StyleSheet
func styleSheetRaw(s string) StyleSheet
A TrustedResourceURL is an immutable string-like type referencing the
application’s own, trusted resources. It can be used to safely load scripts,
CSS and other sensitive resources without the risk of untrusted code execution.
For example, it is unsafe to insert a plain string in a
<script src=“...”></script>
context since the URL may originate from untrusted user input and the
script it is pointing to may thus be controlled by an attacker. It is,
however, safe to use a TrustedResourceURL since its value is known to never
have left application control.
In order to ensure that an attacker cannot influence the TrustedResourceURL
value, a TrustedResourceURL can only be instantiated from compile-time
constant string literals, command-line flags or a combination of the two,
but never from arbitrary string values potentially representing untrusted user input.
Additionally, TrustedResourceURLs can be serialized and passed along within
the application via protocol buffers. It is the application’s responsibility
to ensure that the protocol buffers originate from within the application
itself and not from an external entity outside its trust domain.
Note that TrustedResourceURLs can also use absolute paths (starting with '/')
and relative paths. This allows the same binary to be used for different
hosts without hard-coding the hostname in a string literal.
We declare an HTML not as a string but as a struct wrapping a string
to prevent construction of HTML values through string conversion.
String returns the string form of the TrustedResourceURL.
T : expvar.Var
T : fmt.Stringer
T : context.stringer
T : runtime.stringer
func TrustedResourceURLAppend(t TrustedResourceURL, s string) (TrustedResourceURL, error)
func TrustedResourceURLFormatFromConstant(format stringConstant, args map[string]string) (TrustedResourceURL, error)
func TrustedResourceURLFormatFromFlag(format flag.Value, args map[string]string) (TrustedResourceURL, error)
func TrustedResourceURLFromConstant(url stringConstant) TrustedResourceURL
func TrustedResourceURLFromFlag(value flag.Value) TrustedResourceURL
func TrustedResourceURLWithParams(t TrustedResourceURL, params map[string]string) TrustedResourceURL
func github.com/google/safehtml/legacyconversions.RiskilyAssumeTrustedResourceURL(s string) TrustedResourceURL
func github.com/google/safehtml/uncheckedconversions.TrustedResourceURLFromStringKnownToSatisfyTypeContract(s string) TrustedResourceURL
func trustedResourceURLFormat(format string, args map[string]string) (TrustedResourceURL, error)
func trustedResourceURLRaw(s string) TrustedResourceURL
func TrustedResourceURLAppend(t TrustedResourceURL, s string) (TrustedResourceURL, error)
func TrustedResourceURLWithParams(t TrustedResourceURL, params map[string]string) TrustedResourceURL
A URL is an immutable string-like type that is safe to use in URL contexts in
DOM APIs and HTML documents.
URL guarantees that its value as a string will not cause untrusted script execution
when evaluated as a hyperlink URL in a browser.
Values of this type are guaranteed to be safe to use in URL/hyperlink contexts,
such as assignment to URL-valued DOM properties, in the sense that the use
will not result in a Cross-site Scripting (XSS) vulnerability. Similarly, URLs can
be interpolated into the URL context of an HTML template (e.g. inside a href attribute).
However, appropriate HTML-escaping must still be applied.
Note that this type's contract does not imply any guarantees regarding the resource
the URL refers to. In particular, URLs are not safe to use in a context
where the referred-to resource is interpreted as trusted code, e.g., as the src of
a script tag. For safely loading trusted resources, use the TrustedResourceURL type.
We declare an HTML not as a string but as a struct wrapping a string
to prevent construction of HTML values through string conversion.
String returns the string form of the URL.
T : expvar.Var
T : fmt.Stringer
T : context.stringer
T : runtime.stringer
func URLSanitized(url string) URL
func github.com/google/safehtml/legacyconversions.RiskilyAssumeURL(s string) URL
func github.com/google/safehtml/uncheckedconversions.URLFromStringKnownToSatisfyTypeContract(s string) URL
func urlRaw(s string) URL
URLSet corresponds to the value of a srcset attribute outside a
TrustedResourceURL context.
We declare an HTML not as a string but as a struct wrapping a string
to prevent construction of HTML values through string conversion.
String returns the string content of a URLSet
T : expvar.Var
T : fmt.Stringer
T : context.stringer
T : runtime.stringer
func URLSetSanitized(str string) URLSet
Package-Level Functions (total 38, in which 18 are exported)
CSSRule constructs a StyleSheet containng a CSS rule of the form:
selector{style}
It returns an error if selector contains disallowed characters or unbalanced
brackets.
The constructed StyleSheet value is guaranteed to fulfill its type contract,
but is not guaranteed to be semantically valid CSS.
HTMLConcat returns an HTML which contains, in order, the string representations
of the given htmls.
HTMLEscaped returns an HTML whose value is text, with the characters [&<>"'] escaped.
text is coerced to interchange valid, so the resulting HTML contains only
valid UTF-8 characters which are legal in HTML and XML.
IdentifierFromConstant constructs an Identifier with its underlying identifier
set to the given string value, which must be an untyped string constant. It
panics if value does not start with an alphabetic rune or contains any
non-alphanumeric runes other than '-' and '_'.
IdentifierFromConstantPrefix constructs an Identifier with its underlying string
set to the string formed by joining prefix, which must be an untyped string
constant, and value with a hyphen. It panics if prefix or value contain any
non-alphanumeric runes other than '-' and '_', or if prefix does not start with
an alphabetic rune.
ScriptFromConstant constructs a Script with its underlying script set
to the given script, which must be an untyped string constant.
No runtime validation or sanitization is performed on script; being under
application control, it is simply assumed to comply with the Script
contract.
ScriptFromDataAndConstant constructs a Script of the form
var name = data; script
where name is the supplied variable name, data is the supplied data value
encoded as JSON using encoding/json.Marshal, and script is the supplied
JavaScript statement or sequence of statements. The supplied name and script
must both be untyped string constants. It returns an error if name is not a
valid Javascript identifier or JSON encoding fails.
No runtime validation or sanitization is performed on script; being under
application control, it is simply assumed to comply with the Script
contract.
StyleFromConstant constructs a Style with its underlying style set to the
given style, which must be an untyped string constant, and panics if the
style string does not pass basic syntax checks.
Users of this function must ensure themselves that the style:
* Does not contain unsafe CSS.
* Does not contain literal angle brackets. Otherwise, it could be unsafe to
place a Style into the contents of a <style> element where it can't be
HTML escaped (see http://www.w3.org/International/questions/qa-escapes).
For example, if the Style containing
"font: 'foo <style/><script>evil</script>'" was interpolated within a
<style> tag, it would then break out of the style context into HTML.
* Does not end in a property value or property name context.
For example, a value of "background:url(\"" or "font-" does not satisfy
the Style type contract. This rule is enforced to ensure composability:
concatenating two incomplete strings that themselves do not contain unsafe
CSS can result in an overall string that does. For example, if
"javascript:evil())\"" is appended to "background:url(\"", the resulting
string may result in the execution of a malicious script.
The style may, however, contain literal single or double quotes (for example,
in the "content" property). Therefore, the entire style string must be
escaped when used in a style attribute.
The following example values comply with Style's type contract:
width: 1em;
height:1em;
width: 1em;height: 1em;
background:url('http://url');
In addition, the empty string is safe for use in a style attribute.
The following example values do NOT comply with this type's contract:
background: red --- missing a trailing semi-colon
background: --- missing a value and a trailing semi-colon
1em --- missing an attribute name, which provides context
for the value
See also http://www.w3.org/TR/css3-syntax/.
StyleFromProperties constructs a Style containining properties whose values
are set in properties. The contents of the returned Style will be of the form
property_1:val_1;property2:val_2; ... ;property_n:val_n;
This syntax is defined in https://www.w3.org/TR/css-style-attr/.
All property values are validated and, if necessary, modified to ensure that their
inclusion in a HTML style attribute does not result in untrusted script execution,
the addition of new properties, or the removal of existing properties. Please refer
to the StyleProperties documentation for validation rules.
The constructed Style is guaranteed to fulfill its type contract, but is not
guaranteed to be semantically valid CSS.
StyleSheetFromConstant constructs a StyleSheet with the
underlying stylesheet set to the given styleSheet, which must be an untyped string
constant.
No runtime validation or sanitization is performed on script; being under
application control, it is simply assumed to comply with the StyleSheet
contract.
TrustedResourceURLAppend URL-escapes a string and appends it to the TrustedResourceURL.
This function can only be used if the TrustedResourceURL has a prefix of one of the following
forms:
* `https://<origin>/`
* `//<origin>/`
* `/<pathStart>`
* `about:blank#`
`<origin>` must contain only alphanumerics, '.', ':', '[', ']', or '-', and
`<pathStart>` is any character except `/` and `\`.
TrustedResourceURLFormatFromConstant constructs a TrustedResourceURL from a
format string, which must be an untyped string constant, and string arguments.
Arguments are specified as a map of labels, which must contain only alphanumeric
and '_' runes, to string values. Each `%{<label>}` marker in the format string is
replaced by the string value identified by <label> after it has been URL-escaped.
Arguments that do not match any label in the format string are ignored.
The format string must have a prefix of one of the following forms:
* `https://<origin>/`
* `//<origin>/`
* `/<pathStart>`
* `about:blank#`
`<origin>` must contain only alphanumerics, '.', ':', '[', ']', or '-', and
`<pathStart>` is any character except `/` and `\`.
TrustedResourceURLFormatFromFlag is a variant of TrustedResourceURLFormatFromConstant
that constructs a TrustedResourceURL from a format string, which is given as a flag.Value,
and string arguments.
See TrustedResourceURLFormatFromConstant for more details about format
string markers and validation.
TrustedResourceURLFromConstant constructs a TrustedResourceURL with its underlying
URL set to the given url, which must be an untyped string constant.
No runtime validation or sanitization is performed on url; being under
application control, it is simply assumed to comply with the TrustedResourceURL type
contract.
TrustedResourceURLFromFlag returns a TrustedResourceURL containing the string
representation of the retrieved value of the flag.
In a server setting, flags are part of the application's deployment
configuration and are hence considered application-controlled.
TrustedResourceURLWithParams constructs a new TrustedResourceURL with the
given key-value pairs added as query parameters.
Map entries with empty keys or values are ignored.
URLSanitized returns a URL whose value is url, validating that the input string matches
a pattern of commonly used safe URLs. If url fails validation, this method returns a
URL containing InnocuousURL.
url may be a URL with the http, https, ftp or mailto scheme, or a relative URL,
i.e. a URL without a scheme. Specifically, a relative URL may be scheme-relative,
absolute-path-relative, or path-relative. See
http://url.spec.whatwg.org/#concept-relative-url.
url may also be a base64 data URL with a whitelisted audio, image or video MIME type.
No attempt is made at validating that the URL percent-decodes to structurally valid or
interchange-valid UTF-8 since the percent-decoded representation is unsafe to use in an
HTML context regardless of UTF-8 validity.
URLSetSanitized returns a safe srcset by individually vetting each
substring that specifies a URL.
https://html.spec.whatwg.org/multipage/images.html#srcset-attributes
appendURLToSet appends a URL so that it does not start or end with a comma
https://html.spec.whatwg.org/multipage/images.html#srcset-attributes
parsing step 2 which says:
"""
A valid non-empty URL that does not start or end with a U+002C COMMA character (,),
referencing a non-interactive, optionally animated, image resource that is neither
paged nor scripted
"""
Simply replacing all commas would break data:image/png;base64,IMAGECONTENT
Note: This breaks data URLs with empty content since they end with a comma.
We could handle that case by appending a '#'.
coerceToUTF8InterchangeValid coerces a string to interchange-valid UTF-8.
Illegal UTF-8 bytes are replaced with the Unicode replacement character
('\uFFFD'). C0 and C1 control codes (other than CR LF HT FF) and
non-characters are also replaced with the Unicode replacement character.
consumeIn is like consumeNotIn but treats mask as inverted.
consumeNotIn uses bytes in str as bit indices in mask to find
the least index >= left whose byte corresponds to a zero bit.
cssEscapeString escapes s so that it is safe to put between "" to form a CSS <string-token>.
See syntax at https://www.w3.org/TR/css-syntax-3/#string-token-diagram.
On top of the escape sequences required in <string-token>, this function also escapes
control runes to minimize the risk of these runes triggering browser-specific bugs.
escapeAndCoerceToInterchangeValid coerces the string to interchange-valid
UTF-8 and then HTML-escapes it.
filter returns value if it matches pattern. Otherwise, it returns InnocuousPropertyValue.
hasBalancedBrackets returns whether s has balanced () and [] brackets.
isOptionalSrcMetadataWellFormed is true when its input is empty and
when it is a floating point number optionally followed by an ASCII letter.
isSafeURL matches url to a subset of URLs that will not cause script execution if used in
a URL context within a HTML document. Specifically, this method returns true if url:
(a) Starts with a scheme in the default whitelist (http, https, mailto, ftp); or
(b) Contains no scheme. To ensure that the URL cannot be interpreted as a
non-whitelisted scheme URL, the runes ':', and '&' may only appear
after one of the runes [/?#].
Package-Level Variables (total 17, none are exported)
https://infra.spec.whatwg.org/#ascii-whitespace
ASCII whitespace is U+0009 TAB, U+000A LF, U+000C FF, U+000D CR, or U+0020 SPACE.
controlAndNonCharacters contains the non-interchange-valid codepoints.
See http://www.w3.org/TR/html5/syntax.html#preprocessing-the-input-stream
safehtml functions do a lot of lookups on these tables, so merging them is probably
worth it to avoid comparing against both tables each time.
controlChar contains Unicode control characters disallowed in interchange
valid UTF-8. This table is slightly different from unicode.Cc:
- Disallows null.
- Allows LF, CR, HT, and FF.
unicode.C is mentioned in unicode.IsControl; it contains "special" characters
which includes at least control characters, surrogate code points, and
formatting codepoints (e.g. word joiner). We don't need to exclude all of
those. In particular, surrogates are handled by the for loop converting
invalid UTF-8 byte sequences to the Unicode replacement character.
cssStringPattern matches a single- or double-quoted CSS string.
dataURLPattern matches base-64 data URLs (RFC 2397), with the first capture group being the media type
specification given as a MIME type.
Note: this pattern does not match data URLs containig media type specifications with optional parameters,
such as `data:text/javascript;charset=UTF-8;base64,...`. This is ok since this pattern only needs to
match audio, image and video MIME types in its capture group.
identifierPattern matches a subset of valid <ident-token> values defined in
https://www.w3.org/TR/css-syntax-3/#ident-token-diagram. This pattern matches all generic family name
keywords defined in https://drafts.csswg.org/css-fonts-3/#family-name-value.
invalidCSSSelectorRune matches a rune that is not allowed in a CSS3
selector that does not contain string literals.
See https://w3.org/TR/css3-selectors/#selectors.
jsIdentifierPattern matches strings that are valid Javascript identifiers.
This pattern accepts only a subset of valid identifiers defined in
https://tc39.github.io/ecma262/#sec-names-and-keywords. In particular,
it does not match identifiers that contain non-ASCII letters, Unicode
escape sequences, and the Unicode format-control characters
\u200C (zero-width non-joiner) and \u200D (zero-width joiner).
matchingBrackets[x] is the opening bracket that matches closing bracket x.
onlyAlphanumericsOrHyphenPattern matches strings that only contain alphanumeric,
'-' and '_' runes.
safeEnumPropertyValuePattern matches strings that are safe to use as enumerated property values.
Specifically, it matches strings that contain only alphabetic and '-' runes.
safeMIMETypePattern matches MIME types that are safe to include in a data URL.
safeRegularPropertyValuePattern matches strings that are safe to use as property values.
Specifically, it matches string where every '*' or '/' is followed by end-of-text or a safe rune
(i.e. alphanumberics or runes in the set [+-.!#%_ \t]). This regex ensures that the following
are disallowed:
* "/*" and "*/", which are CSS comment markers.
* "//", even though this is not a comment marker in the CSS specification. Disallowing
this string minimizes the chance that browser peculiarities or parsing bugs will allow
sanitization to be bypassed.
* '(' and ')', which can be used to call functions.
* ',', since it can be used to inject extra values into a property.
* Runes which could be matched on CSS error recovery of a previously malformed token, such as '@'
and ':'. See http://www.w3.org/TR/css3-syntax/#error-handling.
safeURLPattern matches URLs that
(a) Start with a scheme in a whitelist (http, https, mailto, ftp); or
(b) Contain no scheme. To ensure that the URL cannot be interpreted as a
non-whitelisted scheme URL, ':' may only appear after one of the runes [/?#].
The origin (RFC 6454) in which a URL is loaded depends on
its scheme. We assume that the scheme used by the current document is HTTPS, HTTP, or
something equivalent. We allow relative URLs unless in a particularly sensitive context
called a "TrustedResourceUrl" context. In a non-TrustedResourceURL context we allow absolute
URLs whose scheme is on a white-list.
The position of the first colon (':') character determines whether a URL is absolute or relative.
Looking at the prefix leading up to the first colon allows us to identify relative and absolute URLs,
extract the scheme, and minimize the risk of a user-agent concluding a URL specifies a scheme not in
our whitelist.
According to RFC 3986 Section 3, the normative interpretation of the canonicial WHATWG specification
(https://url.spec.whatwg.org/#url-scheme-string), colons can appear in a URL in these locations:
* A colon after a non-empty run of (ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )) ends a scheme.
If the colon after the scheme is not followed by "//" then any subsequent colons are part
of an opaque URI body.
* Otherwise, a colon after a hash (#) must be in the fragment.
* Otherwise, a colon after a (?) must be in the query.
* Otherwise, a colon after a single solidus ("/") must be in the path.
* Otherwise, a colon after a double solidus ("//") must be in the authority (before port).
* Otherwise, a colon after a valid protocol must be in the opaque part of the URL.
Metacharacters that affect parsing of srcset values.
startsWithAlphabetPattern matches strings that start with an alphabetical rune.
trustedResourceURLFormatMarkerPattern matches markers in TrustedResourceURLFormat
format strings.
Package-Level Constants (total 2, both are exported)
InnocuousPropertyValue is an innocuous property generated by filter when its input unsafe.
InnocuousURL is an innocuous URL generated by URLSanitized when passed an unsafe URL.
about:invalid is registered in http://www.w3.org/TR/css3-values/#about-invalid,
and "references a non-existent document with a generic error condition. It can be
used when a URI is necessary, but the default value shouldn't be resolveable as any
type of document."
http://tools.ietf.org/html/rfc6694#section-2.1 permits about URLs to contain
a fragment, which is not to be considered when determining if an about URL is
well-known.
The pages are generated with Goldsv0.3.2-preview. (GOOS=darwin GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.
