From deaa53f205ed6ca79faac42e0d33a7080909ad4b Mon Sep 17 00:00:00 2001
From: Mark Kevin Baldemor <kevzlou7979@gmail.com>
Date: Mon, 28 Dec 2020 10:00:35 +0800
Subject: [PATCH 1/4] Fixed XSS Vulnerability.

---
 .../design/client/base/AbstractButton.java    | 19 ++++-
 .../client/base/AbstractValueWidget.java      |  3 -
 .../client/base/DefaultHtmlSanitizer.java     | 35 +++++++++
 .../design/client/base/HasSafeText.java       | 32 ++++++++
 .../design/client/base/TextWidget.java        | 34 +++++++--
 .../client/base/mixin/AbstractMixin.java      |  6 +-
 .../design/client/base/mixin/HTMLMixin.java   |  3 +-
 .../design/client/base/mixin/TextMixin.java   | 51 ++++++++++++-
 .../design/client/ui/MaterialBadge.java       | 11 ---
 .../design/client/ui/MaterialCardTitle.java   | 22 +++++-
 .../design/client/ui/MaterialChip.java        | 23 +++++-
 .../design/client/ui/MaterialHelpBlock.java   | 20 ++++-
 .../design/client/ui/MaterialLabel.java       | 20 ++++-
 .../design/client/ui/MaterialValueBox.java    |  2 +-
 .../design/client/ui/html/Heading.java        | 20 ++++-
 .../material/design/client/ui/html/Label.java | 36 ++++++++-
 .../design/client/ui/html/Paragraph.java      | 22 +++++-
 .../material/design/client/ui/html/Span.java  | 20 ++++-
 .../design/client/MixinTestSuite.java         | 34 +++++++++
 .../client/mixin/AbstractMixinTest.java       | 41 ++++++++++
 .../design/client/mixin/TextMixinTest.java    | 75 +++++++++++++++++++
 .../client/ui/sanitizer/CustomSanitizer.java  | 43 +++++++++++
 22 files changed, 531 insertions(+), 41 deletions(-)
 create mode 100644 gwt-material/src/main/java/gwt/material/design/client/base/DefaultHtmlSanitizer.java
 create mode 100644 gwt-material/src/main/java/gwt/material/design/client/base/HasSafeText.java
 create mode 100644 gwt-material/src/test/java/gwt/material/design/client/MixinTestSuite.java
 create mode 100644 gwt-material/src/test/java/gwt/material/design/client/mixin/AbstractMixinTest.java
 create mode 100644 gwt-material/src/test/java/gwt/material/design/client/mixin/TextMixinTest.java
 create mode 100644 gwt-material/src/test/java/gwt/material/design/client/ui/sanitizer/CustomSanitizer.java

diff --git a/gwt-material/src/main/java/gwt/material/design/client/base/AbstractButton.java b/gwt-material/src/main/java/gwt/material/design/client/base/AbstractButton.java
index 43232cd9c..dcb05b45c 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/base/AbstractButton.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/base/AbstractButton.java
@@ -24,6 +24,8 @@
 import com.google.gwt.event.logical.shared.ValueChangeEvent;
 import com.google.gwt.event.logical.shared.ValueChangeHandler;
 import com.google.gwt.event.shared.HandlerRegistration;
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
 import com.google.gwt.user.client.History;
 import com.google.gwt.user.client.ui.HasValue;
 import gwt.material.design.client.base.mixin.ActivatesMixin;
@@ -36,7 +38,7 @@
  * @author Ben Dol
  */
 public abstract class AbstractButton extends MaterialWidget implements HasHref, HasGrid, HasActivates,
-        HasTargetHistoryToken, HasType<ButtonType>, HasValue<String> {
+    HasTargetHistoryToken, HasType<ButtonType>, HasValue<String>, HasSafeText {
 
     private String targetHistoryToken;
     private Span span = new Span();
@@ -169,6 +171,21 @@ public void setText(String text) {
         }
     }
 
+    @Override
+    public void setHtml(SafeHtml html) {
+        span.setHtml(html);
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        span.setSanitizer(sanitizer);
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return span.getSanitizer();
+    }
+
     /**
      * Set the target history token for the widget. Note, that you should use either
      * {@link #setTargetHistoryToken(String)} or {@link #setHref(String)}, but not both as
diff --git a/gwt-material/src/main/java/gwt/material/design/client/base/AbstractValueWidget.java b/gwt-material/src/main/java/gwt/material/design/client/base/AbstractValueWidget.java
index 3019f1984..674e1f3b7 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/base/AbstractValueWidget.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/base/AbstractValueWidget.java
@@ -86,9 +86,6 @@ public void setValue(V value, boolean fireEvents, boolean reload) {
         }
     }
 
-    //TODO:
-    //setSanitizer();
-
     @Override
     public void setErrorText(String errorText) {
         getStatusTextMixin().setErrorText(errorText);
diff --git a/gwt-material/src/main/java/gwt/material/design/client/base/DefaultHtmlSanitizer.java b/gwt-material/src/main/java/gwt/material/design/client/base/DefaultHtmlSanitizer.java
new file mode 100644
index 000000000..c550e9ad5
--- /dev/null
+++ b/gwt-material/src/main/java/gwt/material/design/client/base/DefaultHtmlSanitizer.java
@@ -0,0 +1,35 @@
+/*
+ * #%L
+ * GwtMaterial
+ * %%
+ * Copyright (C) 2015 - 2020 GwtMaterialDesign
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+package gwt.material.design.client.base;
+
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
+import com.google.gwt.safehtml.shared.SafeHtmlUtils;
+
+/**
+ * HTML-escapes its argument and returns the result wrapped as a SafeHtml.
+ */
+public class DefaultHtmlSanitizer implements HtmlSanitizer {
+
+    @Override
+    public SafeHtml sanitize(String html) {
+        return SafeHtmlUtils.fromString(html);
+    }
+}
diff --git a/gwt-material/src/main/java/gwt/material/design/client/base/HasSafeText.java b/gwt-material/src/main/java/gwt/material/design/client/base/HasSafeText.java
new file mode 100644
index 000000000..c47c6b2ff
--- /dev/null
+++ b/gwt-material/src/main/java/gwt/material/design/client/base/HasSafeText.java
@@ -0,0 +1,32 @@
+/*
+ * #%L
+ * GwtMaterial
+ * %%
+ * Copyright (C) 2015 - 2020 GwtMaterialDesign
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+package gwt.material.design.client.base;
+
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
+
+public interface HasSafeText {
+
+    void setHtml(SafeHtml html);
+
+    void setSanitizer(HtmlSanitizer sanitizer);
+
+    HtmlSanitizer getSanitizer();
+}
diff --git a/gwt-material/src/main/java/gwt/material/design/client/base/TextWidget.java b/gwt-material/src/main/java/gwt/material/design/client/base/TextWidget.java
index 5ca72853d..83d568eb4 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/base/TextWidget.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/base/TextWidget.java
@@ -20,13 +20,15 @@
 package gwt.material.design.client.base;
 
 import com.google.gwt.dom.client.Element;
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
 import com.google.gwt.user.client.DOM;
 import com.google.gwt.user.client.ui.HasText;
 import gwt.material.design.client.base.mixin.TextMixin;
 
-public class TextWidget extends MaterialWidget implements HasText {
+public class TextWidget extends MaterialWidget implements HasSafeText, HasText {
 
-    private final TextMixin<TextWidget> textMixin = new TextMixin<>(this);
+    private TextMixin<TextWidget> textMixin;
 
     public TextWidget() {
         super(DOM.createDiv());
@@ -42,11 +44,33 @@ public TextWidget(Element element, String... initialClass) {
 
     @Override
     public String getText() {
-        return textMixin.getText();
+        return getTextMixin().getText();
     }
 
     @Override
     public void setText(String text) {
-        textMixin.setText(text);
+        getTextMixin().setText(text);
     }
-}
\ No newline at end of file
+
+    @Override
+    public void setHtml(SafeHtml html) {
+        getTextMixin().setHtml(html);
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        getTextMixin().setSanitizer(sanitizer);
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return getTextMixin().getSanitizer();
+    }
+
+    public TextMixin<TextWidget> getTextMixin() {
+        if (textMixin == null) {
+            textMixin = new TextMixin<>(this);
+        }
+        return textMixin;
+    }
+}
diff --git a/gwt-material/src/main/java/gwt/material/design/client/base/mixin/AbstractMixin.java b/gwt-material/src/main/java/gwt/material/design/client/base/mixin/AbstractMixin.java
index 9d62d7fda..32a0bbcf5 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/base/mixin/AbstractMixin.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/base/mixin/AbstractMixin.java
@@ -26,7 +26,7 @@
 /**
  * @author Sven Jacobs
  */
-abstract class AbstractMixin<T extends UIObject> {
+public abstract class AbstractMixin<T extends UIObject> {
 
     T uiObject;
 
@@ -37,4 +37,8 @@ abstract class AbstractMixin<T extends UIObject> {
     public void setUiObject(T uiObject) {
         this.uiObject = uiObject;
     }
+
+    public T getUiObject() {
+        return uiObject;
+    }
 }
diff --git a/gwt-material/src/main/java/gwt/material/design/client/base/mixin/HTMLMixin.java b/gwt-material/src/main/java/gwt/material/design/client/base/mixin/HTMLMixin.java
index 1363cc936..b14ed8580 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/base/mixin/HTMLMixin.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/base/mixin/HTMLMixin.java
@@ -23,13 +23,14 @@
 import com.google.gwt.dom.client.Element;
 import com.google.gwt.user.client.ui.HasHTML;
 import com.google.gwt.user.client.ui.UIObject;
+import gwt.material.design.client.base.HasSafeText;
 
 import static gwt.material.design.jquery.client.api.JQuery.$;
 
 /**
  * @author Grant Slender
  */
-public class HTMLMixin<T extends UIObject> extends TextMixin<T> implements HasHTML {
+public class HTMLMixin<T extends UIObject & HasSafeText> extends TextMixin<T> implements HasHTML {
 
     public HTMLMixin(final T uiObject) {
         super(uiObject);
diff --git a/gwt-material/src/main/java/gwt/material/design/client/base/mixin/TextMixin.java b/gwt-material/src/main/java/gwt/material/design/client/base/mixin/TextMixin.java
index 4cc68b9b9..ce18b3f7e 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/base/mixin/TextMixin.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/base/mixin/TextMixin.java
@@ -20,23 +20,68 @@
  * #L%
  */
 
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
 import com.google.gwt.safehtml.shared.SafeHtmlUtils;
 import com.google.gwt.user.client.ui.UIObject;
+import gwt.material.design.client.base.DefaultHtmlSanitizer;
+import gwt.material.design.client.base.HasSafeText;
 
 /**
+ * @author Mark Kevin
  * @author Ben Dol
  */
-public class TextMixin<T extends UIObject> extends AbstractMixin<T> {
+public class TextMixin<T extends UIObject & HasSafeText> extends AbstractMixin<T> implements HasSafeText {
+
+    protected static HtmlSanitizer DEFAULT_SANITIZER = new DefaultHtmlSanitizer();
+    protected HtmlSanitizer _sanitizer;
+    protected SafeHtml safeHtml;
 
     public TextMixin(final T uiObject) {
         super(uiObject);
     }
 
     public String getText() {
-        return uiObject.getElement().getInnerText();
+        return safeHtml != null ? uiObject.getElement().getInnerText() : null;
     }
 
     public void setText(final String text) {
-        uiObject.getElement().setInnerText(text);
+        setHtml(toSafeHtml(text));
+    }
+
+    protected SafeHtml toSafeHtml(String text) {
+        SafeHtml safeHtml = null;
+        if (text != null) {
+            if (_sanitizer == null) {
+                safeHtml = DEFAULT_SANITIZER.sanitize(text);
+            } else {
+                safeHtml = _sanitizer.sanitize(text);
+            }
+        }
+        return safeHtml;
+    }
+
+    @Override
+    public void setHtml(SafeHtml safeHtml) {
+        this.safeHtml = safeHtml;
+        uiObject.getElement().setInnerSafeHtml(safeHtml != null ? safeHtml : SafeHtmlUtils.fromString(""));
+    }
+
+    public static void setDefaultSanitizer(HtmlSanitizer defaultSanitizer) {
+        DEFAULT_SANITIZER = defaultSanitizer;
+    }
+
+    public static HtmlSanitizer getDefaultSanitizer() {
+        return DEFAULT_SANITIZER;
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        _sanitizer = sanitizer;
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return _sanitizer;
     }
 }
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialBadge.java b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialBadge.java
index 04e9b8662..29af757e3 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialBadge.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialBadge.java
@@ -20,7 +20,6 @@
 package gwt.material.design.client.ui;
 
 import com.google.gwt.dom.client.Document;
-import com.google.gwt.safehtml.shared.SafeHtmlUtils;
 import gwt.material.design.client.constants.Color;
 import gwt.material.design.client.constants.CssName;
 import gwt.material.design.client.ui.html.Span;
@@ -81,14 +80,4 @@ public MaterialBadge(String text, Color textColor, Color bgColor) {
         setTextColor(textColor);
         setBackgroundColor(bgColor);
     }
-
-    @Override
-    public String getText() {
-        return SafeHtmlUtils.fromString(getElement().getInnerText()).asString();
-    }
-
-    @Override
-    public void setText(String text) {
-        getElement().setInnerSafeHtml(SafeHtmlUtils.fromString(text));
-    }
 }
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialCardTitle.java b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialCardTitle.java
index 30947e07d..c57b08644 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialCardTitle.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialCardTitle.java
@@ -21,8 +21,11 @@
 
 import com.google.gwt.dom.client.Document;
 import com.google.gwt.dom.client.Style;
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
 import com.google.gwt.user.client.ui.HasText;
 import gwt.material.design.client.base.HasIcon;
+import gwt.material.design.client.base.HasSafeText;
 import gwt.material.design.client.base.MaterialWidget;
 import gwt.material.design.client.constants.*;
 import gwt.material.design.client.ui.html.Span;
@@ -38,7 +41,7 @@
  * @see <a href="https://material.io/guidelines/components/cards.html">Material Design Specification</a>
  */
 //@formatter:on
-public class MaterialCardTitle extends MaterialWidget implements HasIcon, HasText {
+public class MaterialCardTitle extends MaterialWidget implements HasIcon, HasSafeText, HasText {
 
     private MaterialIcon icon = new MaterialIcon();
     private Span titleLabel = new Span();
@@ -56,11 +59,26 @@ public String getText() {
     public void setText(String text) {
         titleLabel.setText(text);
 
-        if(!titleLabel.isAttached()) {
+        if (!titleLabel.isAttached()) {
             add(titleLabel);
         }
     }
 
+    @Override
+    public void setHtml(SafeHtml html) {
+        titleLabel.setHtml(html);
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        titleLabel.setSanitizer(sanitizer);
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return titleLabel.getSanitizer();
+    }
+
     @Override
     public MaterialIcon getIcon() {
         return icon;
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialChip.java b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialChip.java
index bdec35e6f..9006fa944 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialChip.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialChip.java
@@ -26,7 +26,9 @@
 import com.google.gwt.event.logical.shared.HasCloseHandlers;
 import com.google.gwt.event.shared.HandlerRegistration;
 import com.google.gwt.resources.client.ImageResource;
-import com.google.gwt.safehtml.shared.SafeHtmlUtils;
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
+import com.google.gwt.user.client.ui.HasText;
 import com.google.gwt.user.client.ui.HasValue;
 import gwt.material.design.client.base.*;
 import gwt.material.design.client.base.mixin.ActiveMixin;
@@ -62,7 +64,7 @@
  */
 //@formatter:on
 public class MaterialChip extends AbstractValueWidget<String> implements HasImage, HasIcon, HasLetter,
-        HasValue<String>, HasCloseHandlers, HasType<ChipType>, HasActive {
+    HasValue<String>, HasCloseHandlers, HasType<ChipType>, HasActive, HasSafeText, HasText {
 
     private MaterialIcon icon = new MaterialIcon(IconType.CLOSE);
     private Span chipLabel = new Span();
@@ -126,6 +128,21 @@ public String getText() {
         return getValue();
     }
 
+    @Override
+    public void setHtml(SafeHtml html) {
+        chipLabel.setHtml(html);
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        chipLabel.setSanitizer(sanitizer);
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return chipLabel.getSanitizer();
+    }
+
     @Override
     public void setValue(String value, boolean fireEvents) {
         chipLabel.setText(value);
@@ -134,7 +151,7 @@ public void setValue(String value, boolean fireEvents) {
 
     @Override
     public String getValue() {
-        return SafeHtmlUtils.fromString(chipLabel.getElement().getInnerText()).asString();
+        return chipLabel.getText();
     }
 
     @Override
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialHelpBlock.java b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialHelpBlock.java
index fe5b3f5cd..93e305bbc 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialHelpBlock.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialHelpBlock.java
@@ -20,8 +20,11 @@
 package gwt.material.design.client.ui;
 
 import com.google.gwt.dom.client.Style.Unit;
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
 import com.google.gwt.user.client.ui.HasText;
 import gwt.material.design.client.base.HasIcon;
+import gwt.material.design.client.base.HasSafeText;
 import gwt.material.design.client.base.mixin.TextMixin;
 import gwt.material.design.client.constants.Color;
 import gwt.material.design.client.constants.IconPosition;
@@ -29,7 +32,7 @@
 import gwt.material.design.client.constants.IconType;
 import gwt.material.design.client.ui.html.Div;
 
-public class MaterialHelpBlock extends Div implements HasText, HasIcon {
+public class MaterialHelpBlock extends Div implements HasSafeText, HasText, HasIcon {
 
     private MaterialIcon icon = new MaterialIcon();
     private TextMixin<MaterialHelpBlock> textMixin;
@@ -48,6 +51,21 @@ public void setText(String text) {
         getTextMixin().setText(text);
     }
 
+    @Override
+    public void setHtml(SafeHtml html) {
+        getTextMixin().setHtml(html);
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        getTextMixin().setSanitizer(sanitizer);
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return getTextMixin().getSanitizer();
+    }
+
     @Override
     public MaterialIcon getIcon() {
         return icon;
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialLabel.java b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialLabel.java
index 893dd452d..549cb50d6 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialLabel.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialLabel.java
@@ -20,8 +20,11 @@
 package gwt.material.design.client.ui;
 
 import com.google.gwt.dom.client.Document;
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
 import com.google.gwt.user.client.ui.HasText;
 import gwt.material.design.client.base.AbstractValueWidget;
+import gwt.material.design.client.base.HasSafeText;
 import gwt.material.design.client.base.mixin.TextMixin;
 import gwt.material.design.client.base.mixin.ToggleStyleMixin;
 import gwt.material.design.client.constants.Color;
@@ -42,7 +45,7 @@
  * @see <a href="https://material.io/guidelines/style/typography.html">Material Design Specification</a>
  */
 //@formatter:on
-public class MaterialLabel extends AbstractValueWidget<String> implements HasText {
+public class MaterialLabel extends AbstractValueWidget<String> implements HasSafeText, HasText {
 
     private boolean secondary;
     private TextMixin<MaterialLabel> textMixin;
@@ -79,6 +82,21 @@ public void setText(String text) {
         setValue(text, true);
     }
 
+    @Override
+    public void setHtml(SafeHtml html) {
+        getTextMixin().setHtml(html);
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        getTextMixin().setSanitizer(sanitizer);
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return getTextMixin().getSanitizer();
+    }
+
     @Override
     public void setValue(String value, boolean fireEvents) {
         getTextMixin().setText(value);
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialValueBox.java b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialValueBox.java
index b6affda9b..cba44d13b 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialValueBox.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialValueBox.java
@@ -235,7 +235,7 @@ public String getPlaceholder() {
     public void setPlaceholder(String placeholder) {
         valueBoxBase.getElement().setAttribute("placeholder", placeholder);
 
-        if (!label.getText().isEmpty()) {
+        if (label.getText() != null && !label.getText().isEmpty()) {
             label.setStyleName(CssName.ACTIVE);
         }
     }
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/html/Heading.java b/gwt-material/src/main/java/gwt/material/design/client/ui/html/Heading.java
index bbdb06f38..d7317545d 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/html/Heading.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/html/Heading.java
@@ -20,13 +20,16 @@
 package gwt.material.design.client.ui.html;
 
 import com.google.gwt.dom.client.Document;
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
 import com.google.gwt.uibinder.client.UiConstructor;
 import com.google.gwt.user.client.ui.HasText;
+import gwt.material.design.client.base.HasSafeText;
 import gwt.material.design.client.base.MaterialWidget;
 import gwt.material.design.client.base.mixin.TextMixin;
 import gwt.material.design.client.constants.HeadingSize;
 
-public class Heading extends MaterialWidget implements HasText {
+public class Heading extends MaterialWidget implements HasSafeText, HasText {
 
     private TextMixin<Heading> textMixin;
 
@@ -49,6 +52,21 @@ public void setText(String text) {
         getTextMixin().setText(text);
     }
 
+    @Override
+    public void setHtml(SafeHtml html) {
+        getTextMixin().setHtml(html);
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        getTextMixin().setSanitizer(sanitizer);
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return getTextMixin().getSanitizer();
+    }
+
     public TextMixin<Heading> getTextMixin() {
         if (textMixin == null) {
             textMixin = new TextMixin<>(this);
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/html/Label.java b/gwt-material/src/main/java/gwt/material/design/client/ui/html/Label.java
index 4609bbae2..7bcf77ba7 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/html/Label.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/html/Label.java
@@ -19,10 +19,16 @@
  */
 package gwt.material.design.client.ui.html;
 
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
 import com.google.gwt.user.client.DOM;
+import gwt.material.design.client.base.HasSafeText;
 import gwt.material.design.client.base.MaterialWidget;
+import gwt.material.design.client.base.mixin.TextMixin;
 
-public class Label extends MaterialWidget {
+public class Label extends MaterialWidget implements HasSafeText {
+
+    private TextMixin<Label> textMixin;
 
     public Label() {
         super(DOM.createLabel());
@@ -34,10 +40,32 @@ public Label(String text) {
     }
 
     public String getText() {
-        return getElement().getInnerText();
+        return getTextMixin().getText();
     }
 
     public void setText(String text) {
-        getElement().setInnerText(text);
+        getTextMixin().setText(text);
+    }
+
+    @Override
+    public void setHtml(SafeHtml html) {
+        getTextMixin().setHtml(html);
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        getTextMixin().setSanitizer(sanitizer);
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return getTextMixin().getSanitizer();
+    }
+
+    protected TextMixin<Label> getTextMixin() {
+        if (textMixin == null) {
+            textMixin = new TextMixin<>(this);
+        }
+        return textMixin;
     }
-}
\ No newline at end of file
+}
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/html/Paragraph.java b/gwt-material/src/main/java/gwt/material/design/client/ui/html/Paragraph.java
index bcc936825..ae88b420c 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/html/Paragraph.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/html/Paragraph.java
@@ -20,12 +20,15 @@
 package gwt.material.design.client.ui.html;
 
 import com.google.gwt.dom.client.Document;
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
 import com.google.gwt.user.client.ui.HasText;
 import com.google.gwt.user.client.ui.Widget;
+import gwt.material.design.client.base.HasSafeText;
 import gwt.material.design.client.base.MaterialWidget;
 import gwt.material.design.client.base.mixin.TextMixin;
 
-public class Paragraph extends MaterialWidget implements HasText {
+public class Paragraph extends MaterialWidget implements HasSafeText, HasText {
 
     private TextMixin<Paragraph> textMixin;
 
@@ -53,10 +56,25 @@ public void setText(String text) {
         getTextMixin().setText(text);
     }
 
+    @Override
+    public void setHtml(SafeHtml html) {
+        getTextMixin().setHtml(html);
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        getTextMixin().setSanitizer(sanitizer);
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return getTextMixin().getSanitizer();
+    }
+
     protected TextMixin<Paragraph> getTextMixin() {
         if (textMixin == null) {
             textMixin = new TextMixin<>(this);
         }
         return textMixin;
     }
-}
\ No newline at end of file
+}
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/html/Span.java b/gwt-material/src/main/java/gwt/material/design/client/ui/html/Span.java
index bdf8d72ae..e93a7851a 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/html/Span.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/html/Span.java
@@ -21,11 +21,14 @@
 
 import com.google.gwt.dom.client.Document;
 import com.google.gwt.dom.client.Element;
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
 import com.google.gwt.user.client.ui.HasText;
+import gwt.material.design.client.base.HasSafeText;
 import gwt.material.design.client.base.MaterialWidget;
 import gwt.material.design.client.base.mixin.TextMixin;
 
-public class Span extends MaterialWidget implements HasText {
+public class Span extends MaterialWidget implements HasSafeText, HasText {
 
     private TextMixin<Span> textMixin;
 
@@ -52,6 +55,21 @@ public void setText(String text) {
         getTextMixin().setText(text);
     }
 
+    @Override
+    public void setHtml(SafeHtml html) {
+        getTextMixin().setHtml(html);
+    }
+
+    @Override
+    public void setSanitizer(HtmlSanitizer sanitizer) {
+        getTextMixin().setSanitizer(sanitizer);
+    }
+
+    @Override
+    public HtmlSanitizer getSanitizer() {
+        return getTextMixin().getSanitizer();
+    }
+
     public TextMixin<Span> getTextMixin() {
         if (textMixin == null) {
             textMixin = new TextMixin<>(this);
diff --git a/gwt-material/src/test/java/gwt/material/design/client/MixinTestSuite.java b/gwt-material/src/test/java/gwt/material/design/client/MixinTestSuite.java
new file mode 100644
index 000000000..83fa45f33
--- /dev/null
+++ b/gwt-material/src/test/java/gwt/material/design/client/MixinTestSuite.java
@@ -0,0 +1,34 @@
+/*
+ * #%L
+ * GwtMaterial
+ * %%
+ * Copyright (C) 2015 - 2020 GwtMaterialDesign
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+package gwt.material.design.client;
+
+import com.google.gwt.junit.tools.GWTTestSuite;
+import gwt.material.design.client.mixin.TextMixinTest;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+public class MixinTestSuite extends GWTTestSuite {
+
+    public static Test suite() {
+        TestSuite suite = new TestSuite("Test Suite for GMD Mixins");
+        suite.addTestSuite(TextMixinTest.class);
+        return suite;
+    }
+}
diff --git a/gwt-material/src/test/java/gwt/material/design/client/mixin/AbstractMixinTest.java b/gwt-material/src/test/java/gwt/material/design/client/mixin/AbstractMixinTest.java
new file mode 100644
index 000000000..e307f35ad
--- /dev/null
+++ b/gwt-material/src/test/java/gwt/material/design/client/mixin/AbstractMixinTest.java
@@ -0,0 +1,41 @@
+/*
+ * #%L
+ * GwtMaterial
+ * %%
+ * Copyright (C) 2015 - 2020 GwtMaterialDesign
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+package gwt.material.design.client.mixin;
+
+import gwt.material.design.client.base.mixin.AbstractMixin;
+import gwt.material.design.client.ui.base.BaseTestCase;
+
+public abstract class AbstractMixinTest<M extends AbstractMixin> extends BaseTestCase {
+
+    protected M mixin;
+
+    public void testMixin() {
+        mixin = setupMixin();
+        runTest(mixin);
+    }
+
+    protected abstract void runTest(M mixin);
+
+    protected abstract M setupMixin();
+
+    public M getMixin() {
+        return mixin;
+    }
+}
diff --git a/gwt-material/src/test/java/gwt/material/design/client/mixin/TextMixinTest.java b/gwt-material/src/test/java/gwt/material/design/client/mixin/TextMixinTest.java
new file mode 100644
index 000000000..5ee768f55
--- /dev/null
+++ b/gwt-material/src/test/java/gwt/material/design/client/mixin/TextMixinTest.java
@@ -0,0 +1,75 @@
+/*
+ * #%L
+ * GwtMaterial
+ * %%
+ * Copyright (C) 2015 - 2020 GwtMaterialDesign
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+package gwt.material.design.client.mixin;
+
+import com.google.gwt.safehtml.shared.SafeHtml;
+import com.google.gwt.safehtml.shared.SafeHtmlBuilder;
+import com.google.gwt.safehtml.shared.SafeHtmlUtils;
+import com.google.gwt.safehtml.shared.SimpleHtmlSanitizer;
+import gwt.material.design.client.base.DefaultHtmlSanitizer;
+import gwt.material.design.client.base.mixin.TextMixin;
+import gwt.material.design.client.ui.MaterialLabel;
+import gwt.material.design.client.ui.sanitizer.CustomSanitizer;
+
+public class TextMixinTest extends AbstractMixinTest<TextMixin<MaterialLabel>> {
+
+    @Override
+    protected void runTest(TextMixin<MaterialLabel> mixin) {
+        // Test Defaults
+        assertEquals(DefaultHtmlSanitizer.class, TextMixin.getDefaultSanitizer().getClass());
+        assertNull(mixin.getSanitizer());
+
+        // Updating DefaultSanitizer
+        SimpleHtmlSanitizer simpleHtmlSanitizer = SimpleHtmlSanitizer.getInstance();
+        TextMixin.setDefaultSanitizer(simpleHtmlSanitizer);
+        assertEquals(simpleHtmlSanitizer, TextMixin.getDefaultSanitizer());
+
+        // Updating CustomSanitizer
+        CustomSanitizer customSanitizer = CustomSanitizer.getInstance();
+        mixin.setSanitizer(customSanitizer);
+        assertEquals(customSanitizer, mixin.getSanitizer());
+
+        // Test setText(String)
+        mixin.setText("<b>Test</b>");
+        assertEquals("<b>Test</b>", mixin.getText());
+
+        // Test setText(SafeHtml)
+        String anchorTag = "<a>test</a>";
+        SafeHtmlBuilder builder = new SafeHtmlBuilder();
+        builder.appendEscaped(anchorTag);
+        SafeHtml safeHtml = builder.toSafeHtml();
+        mixin.setHtml(safeHtml);
+        assertEquals(safeHtml, SafeHtmlUtils.fromString(mixin.getText()));
+        assertEquals(anchorTag, mixin.getText());
+
+        // Check Null safety when having a null text
+        mixin.setText(null);
+        assertNull(mixin.getText());
+
+        // Check if we provided an empty text
+        mixin.setText("");
+        assertEquals("", mixin.getText());
+    }
+
+    @Override
+    protected TextMixin<MaterialLabel> setupMixin() {
+        return new TextMixin<>(new MaterialLabel());
+    }
+}
diff --git a/gwt-material/src/test/java/gwt/material/design/client/ui/sanitizer/CustomSanitizer.java b/gwt-material/src/test/java/gwt/material/design/client/ui/sanitizer/CustomSanitizer.java
new file mode 100644
index 000000000..6702747e8
--- /dev/null
+++ b/gwt-material/src/test/java/gwt/material/design/client/ui/sanitizer/CustomSanitizer.java
@@ -0,0 +1,43 @@
+/*
+ * #%L
+ * GwtMaterial
+ * %%
+ * Copyright (C) 2015 - 2020 GwtMaterialDesign
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+package gwt.material.design.client.ui.sanitizer;
+
+import com.google.gwt.safehtml.shared.HtmlSanitizer;
+import com.google.gwt.safehtml.shared.SafeHtml;
+import com.google.gwt.safehtml.shared.SafeHtmlUtils;
+
+public class CustomSanitizer implements HtmlSanitizer {
+
+    protected static CustomSanitizer instance;
+
+    private CustomSanitizer() {}
+
+    @Override
+    public SafeHtml sanitize(String html) {
+        return SafeHtmlUtils.fromString(html);
+    }
+
+    public static CustomSanitizer getInstance() {
+        if (instance == null) {
+            instance = new CustomSanitizer();
+        }
+        return instance;
+    }
+}

From 7b61bdc00847321776078261497fe6c8a242fea8 Mon Sep 17 00:00:00 2001
From: Mark Kevin Baldemor <kevzlou7979@gmail.com>
Date: Mon, 28 Dec 2020 10:20:39 +0800
Subject: [PATCH 2/4] Preparation for 2.4.2 release (Path for XSS
 Vulnerability)

---
 .travis.yml          | 2 +-
 .utility/deploy.sh   | 2 +-
 README.md            | 4 ++--
 gwt-material/pom.xml | 2 +-
 pom.xml              | 4 ++--
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 7c1e31bd5..66252d383 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,7 +8,7 @@ cache:
   - $HOME/.m2
 before_install:
 # install the gwt-material-jquery because it will depends on built in jquery
-- git clone -b release_2.4.1 https://github.com/GwtMaterialDesign/gwt-material-jquery.git
+- git clone -b release_2.4.2 https://github.com/GwtMaterialDesign/gwt-material-jquery.git
 - cd gwt-material-jquery
 - mvn install -DskipTests=true -DdryRun=true
 - cd ..
diff --git a/.utility/deploy.sh b/.utility/deploy.sh
index 99bc32d1a..c45c40d91 100644
--- a/.utility/deploy.sh
+++ b/.utility/deploy.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 set -ev
-if [ "$TRAVIS_JDK_VERSION" == "oraclejdk8" ] && [ "$TRAVIS_PULL_REQUEST" == "false" ] && [ "$TRAVIS_BRANCH" == "release_2.4.1" ]; then
+if [ "$TRAVIS_JDK_VERSION" == "oraclejdk8" ] && [ "$TRAVIS_PULL_REQUEST" == "false" ] && [ "$TRAVIS_BRANCH" == "release_2.4.2" ]; then
   echo "<settings><servers><server><id>ossrh</id><username>\${env.OSSRH_USER}</username><password>\${env.OSSRH_PASS}</password></server></servers></settings>" > ~/settings.xml
   mvn deploy -DskipTests --settings ~/settings.xml
 fi
\ No newline at end of file
diff --git a/README.md b/README.md
index f89d06da2..c3e1ccf60 100644
--- a/README.md
+++ b/README.md
@@ -20,12 +20,12 @@ We created <a href="http://gwtmaterialdesign.github.io/gwt-material-demo/apidocs
 
 
 ## Maven
-### Current Version 2.4.1
+### Current Version 2.4.2
 ```xml
 <dependency>
     <groupId>com.github.gwtmaterialdesign</groupId>
     <artifactId>gwt-material</artifactId>
-    <version>2.4.1</version>
+    <version>2.4.2</version>
 </dependency>
 ```
 ### Snapshot Version 2.5.0-SNAPSHOT
diff --git a/gwt-material/pom.xml b/gwt-material/pom.xml
index fda2074ef..9f84cb1bb 100644
--- a/gwt-material/pom.xml
+++ b/gwt-material/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>gwt-material-parent</artifactId>
         <groupId>com.github.gwtmaterialdesign</groupId>
-        <version>2.4.1</version>
+        <version>2.4.2</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/pom.xml b/pom.xml
index 01cc3ba6f..f1d60e421 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 
     <groupId>com.github.gwtmaterialdesign</groupId>
     <artifactId>gwt-material-parent</artifactId>
-    <version>2.4.1</version>
+    <version>2.4.2</version>
     <packaging>pom</packaging>
     <modules>
         <module>gwt-material</module>
@@ -69,7 +69,7 @@
         <connection>scm:git:git@github.com:GwtMaterialDesign/gwt-material.git</connection>
         <developerConnection>scm:git:git@github.com:GwtMaterialDesign/gwt-material.git</developerConnection>
         <url>http://github.com/GwtMaterialDesign/gwt-material</url>
-        <tag>v2.4.1</tag>
+        <tag>v2.4.2</tag>
     </scm>
 
     <licenses>

From 33188d983679266f8dbfabcb6878956cb078d2e4 Mon Sep 17 00:00:00 2001
From: Mark Kevin Baldemor <kevzlou7979@gmail.com>
Date: Mon, 28 Dec 2020 12:23:27 +0800
Subject: [PATCH 3/4] MaterialTitle replace with TextMixin#setText

---
 .../gwt/material/design/client/ui/MaterialCollection.java     | 2 +-
 .../java/gwt/material/design/client/ui/MaterialTitle.java     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialCollection.java b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialCollection.java
index 6e3f57900..89be87918 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialCollection.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialCollection.java
@@ -145,7 +145,7 @@ public void clearActive() {
      * Sets the header of the collection component.
      */
     public void setHeader(String header) {
-        headerLabel.getElement().setInnerSafeHtml(SafeHtmlUtils.fromString(header));
+        headerLabel.setText(header);
         addStyleName(CssName.WITH_HEADER);
         ListItem item = new ListItem(headerLabel);
         UiHelper.addMousePressedHandlers(item);
diff --git a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialTitle.java b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialTitle.java
index ff0315bfb..48e211004 100644
--- a/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialTitle.java
+++ b/gwt-material/src/main/java/gwt/material/design/client/ui/MaterialTitle.java
@@ -106,12 +106,12 @@ public Paragraph getParagraph() {
 
     @Override
     public void setValue(String value, boolean fireEvents) {
-        header.getElement().setInnerSafeHtml(SafeHtmlUtils.fromString(value));
+        header.setText(value);
         super.setValue(value, fireEvents);
     }
 
     @Override
     public String getValue() {
-        return SafeHtmlUtils.fromString(header.getElement().getInnerHTML()).asString();
+        return header.getText();
     }
 }

From 230b8b073e1e2b3255307421762b4dabe5fd4d88 Mon Sep 17 00:00:00 2001
From: Mark Kevin Baldemor <kevzlou7979@gmail.com>
Date: Mon, 28 Dec 2020 12:56:01 +0800
Subject: [PATCH 4/4] Bump junit from 4.12 to 4.13.1

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f1d60e421..80b0d87aa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <surefire.version>2.6</surefire.version>
         <gwt.version>2.9.0</gwt.version>
         <tbroyer.version>1.0.0</tbroyer.version>
-        <junit.version>4.12</junit.version>
+        <junit.version>4.13.1</junit.version>
         <htmlunit.version>2.23</htmlunit.version>
         <gwt.style>OBF</gwt.style>