Implementation:SeleniumHQ Selenium Closure Dom Safe
| Knowledge Sources | |
|---|---|
| Domains | JavaScript_Atoms, Vendored_Library |
| Last Updated | 2026-02-12 00:00 GMT |
Overview
Vendored Google Closure Library module providing type-safe wrappers for XSS-prone DOM APIs used by Selenium JavaScript atoms.
Description
goog.dom.safe is a vendored copy of the Google Closure Library module. It provides type-safe wrappers for unsafe DOM APIs that can result in cross-site scripting (XSS) vulnerabilities. Instead of accepting plain strings, the wrappers consume values from the goog.html package (SafeHtml, SafeUrl, TrustedResourceUrl, SafeScript, SafeStyle) whose contracts guarantee safety in their respective contexts. This ensures that programs exclusively using these wrappers are free of XSS from incorrect DOM API usage. Selenium uses this as part of its JavaScript atom infrastructure for browser automation commands.
Usage
This module is consumed internally by Selenium's JavaScript atoms build system. It is not imported directly by end users.
Code Reference
Source Location
- Repository: SeleniumHQ_Selenium
- File: third_party/closure/goog/dom/safe.js
- Lines: 1-910
Key Exports
goog.provide('goog.dom.safe');
goog.provide('goog.dom.safe.InsertAdjacentHtmlPosition');
// InsertAdjacentHtmlPosition enum: AFTERBEGIN, AFTEREND, BEFOREBEGIN, BEFOREEND
// Key exported functions:
goog.dom.safe.insertAdjacentHtml(node, position, html)
goog.dom.safe.setInnerHtml(elem, html)
goog.dom.safe.setInnerHtmlFromConstant(element, constHtml)
goog.dom.safe.setOuterHtml(elem, html)
goog.dom.safe.setFormElementAction(form, url)
goog.dom.safe.setStyle(elem, style)
goog.dom.safe.documentWrite(doc, html)
goog.dom.safe.setAnchorHref(anchor, url)
goog.dom.safe.setAudioSrc(audioElement, url)
goog.dom.safe.setVideoSrc(videoElement, url)
goog.dom.safe.setFrameSrc(frame, url)