Package com.oorian.html.elements

Class RawHtml<T extends RawHtml<T>>

java.lang.Object

com.oorian.html.Element<T>

com.oorian.html.elements.Text<T>

com.oorian.html.elements.RawHtml<T>

Direct Known Subclasses:

HtmlFragment

public class RawHtml<T extends RawHtml<T>>
extends Text<T>

Represents raw, unescaped HTML content within an HTML document structure.

This class extends Text but overrides the HTML escaping behavior to output content exactly as provided, without any HTML entity encoding. This is useful when you need to inject trusted HTML markup directly into the document.

Security Warning:

Only use this class with trusted HTML content. Never use RawHtml with user-provided input, as it bypasses XSS protection and could allow injection attacks. For user-provided text content, use the regular Text class which automatically HTML-escapes all content.

Usage:

 // Safe: Trusted static HTML
 Div div = new Div();
 div.addElement(new RawHtml("<strong>Bold text</strong>"));

 // Safe: Pre-sanitized content from trusted source
 String trustedMarkup = contentManagementSystem.getRenderedContent();
 div.addElement(new RawHtml(trustedMarkup));

 // DANGEROUS - Never do this:
 // String userInput = request.getParameter("comment");
 // div.addElement(new RawHtml(userInput));  // XSS vulnerability!

 // Safe alternative for user input:
 String userInput = request.getParameter("comment");
 div.addElement(new Text(userInput));  // Automatically escaped
 

Since:

2025

Version:

1.0

Author:

Marvin P. Warble Jr.

See Also:

• Text

Constructor Summary

Constructors

Constructor	Description
RawHtml()	Constructs an empty RawHtml element.
RawHtml(String html)	Constructs a RawHtml element with the specified HTML content.

Method Summary

Modifier and Type	Method	Description
void	getHtml(StringBuilder sb)	Appends the raw HTML content to the provided StringBuilder without escaping.

Methods inherited from class com.oorian.html.elements.Text

getText, setText

Methods inherited from class com.oorian.html.Element

addAttribute, addAttribute, addAttribute, addAttribute, addElement, addLineBreak, addLineOfText, addLineOfText, addLineOfText, addParagraph, addParagraph, addSpacer, addText, addText, addText, addText, assignId, containsElement, containsElement, create, dispatchEvent, dispatchEvent, dispatchEvent, dispatchEvent, equals, excludeId, executeJs, executeJs, executeJs, getAccept, getAllElements, getAncestor, getAttribute, getAttributes, getComponent, getDir, getElement, getElementById, getElementCount, getElementCount, getElements, getElements, getElementsByComponentName, getElementsByTagName, getHtml, getId, getInnerHtml, getInnerHtml, getIs, getItemId, getItemProp, getItemRef, getItemType, getLang, getNextSibling, getPage, getParent, getPart, getPrevSibling, getSlot, getTagName, getTextContent, getUrl, hasAttribute, hasElements, hidden, initialize, insertElement, isChildOf, isClosedTag, isCreated, isDescendantOf, isDescendantOf, isInitialized, isItemScope, isTranslate, onCallback, onCreated, onElementAdded, onElementRemoved, onHashChange, onHidden, onInitialized, onJsReturn, onPageLoaded, onPageUnloaded, onRefresh, onRemovedFromPage, onShown, onUpdated, onUserEvent, prewrite, recreate, refresh, refresh, registerAddition, registerListener, registerListener, registerListener, registerListener, registerListener, registerListener, registerListener, registerSubtraction, registerUpdate, removeAllElements, removeAttribute, removeAttribute, removeElement, removeElement, removeFromParent, requestCallback, requestCallback, requestCallback, requestCallback, resetId, scrollTo, scrollToBottom, scrollToTop, self, sendCommand, sendUpdate, setAccept, setComponent, setDir, setDir, setElement, setId, setIs, setItemId, setItemProp, setItemRef, setItemScope, setItemType, setLang, setOnError, setOnLoad, setPage, setParent, setPart, setSlot, setTagName, setText, setText, setText, setTranslate, shown, toString, unregisterListener, update, updateAttributes

Methods inherited from class java.lang.Object

clone, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

RawHtml

public RawHtml()

Constructs an empty RawHtml element.

Content can be set later using Text.setText(String).

RawHtml

public RawHtml(String html)

Constructs a RawHtml element with the specified HTML content.

The provided HTML will be rendered exactly as-is, without any escaping. Only use with trusted content.

Parameters:

html - the raw HTML content (must be trusted)

Method Details

getHtml

public void getHtml(StringBuilder sb)

Appends the raw HTML content to the provided StringBuilder without escaping.

Unlike Text.getHtml(StringBuilder), this method outputs the content exactly as stored, without any HTML entity encoding. This allows trusted HTML markup to be rendered directly.

Overrides:

getHtml in class Text<T extends RawHtml<T>>

Parameters:

sb - the StringBuilder to append the raw HTML content to

See Also:

• RawHtml
• Sanitizer.escapeHtml(String)