/** * @license * SPDX-License-Identifier: Apache-2.0 */ /** * A secret token that must be passed to safe type constructors. It is only * accessible from within safevalues, ensuring that unrestricted safe type * creation is only possible within safevalues. In particular, this prevents * forgery such as `safeHtmlValue.constructor('javascript:evil')`. */ export const secretToken = {}; /** * Asserts that the given token matches the secret safevalues token. An * exception is thrown if that is not the case. */ export function ensureTokenIsValid(token) { if (token !== secretToken) { throw new Error('Bad secret'); } }