hterm: Add HTMLImageElement cast to avoid XSS compilation warnings.
It is a common practice to enable custom Closure compiler conformance
configs to forbid unsafe assignments to the src attribute of arbitrary
Element objects to prevent XSS bugs. Assignment to src of specific
Element subtypes such as HTMLImageElement is considered safe and
generally granted an exception. Closure compiler cannot however infer
the type of createElement('img') and considers it of type Element. This
annotation forces Closure compiler to consider the return type of
createElement('img') as HTMLImageElement even when it couldn't infer it
on its own.
More information about conformance checks:
https://github.com/google/closure-compiler/wiki/JS-Conformance-Framework
Change-Id: I607bd8cc643e7d08aa03deee22504b2872c4b357
Reviewed-on: https://chromium-review.googlesource.com/1199970
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Adrián Pérez-Orozco <adrianpo@google.com>
diff --git a/hterm/js/hterm_terminal.js b/hterm/js/hterm_terminal.js
index 30c3adc..0ed6b86 100644
--- a/hterm/js/hterm_terminal.js
+++ b/hterm/js/hterm_terminal.js
@@ -3181,7 +3181,8 @@
io.onVTKeystroke = io.sendString = () => {};
// Initialize this new image.
- const img = this.document_.createElement('img');
+ const img =
+ /** @type {!HTMLImageElement} */ (this.document_.createElement('img'));
img.src = options.uri;
img.title = img.alt = options.name;