SafeHtml is a way of saying "Part of my string is safe, and part is unknown, so make it all safe". You can read more at https://developers.google.com/web-to...curitySafeHtml
In this case, you have a known-safe part, "<div style=\"text-align:center;\">" and "</div>", and something else which may or may not be safe img.toString(). Mixing and matching these, or appending multiple strings is best done in a SafeHtmlBuilder or SafeHtmlTemplates (see the above link) using GWT tools, or the GXT XTemplates tool.
Then, you are turning the SafeHtml into a String at the end by calling asString() - by doing this you are telling the ColumnConfig that it is no longer trusted, and should be escaped. This constructor already accepts SafeHtml, so there is no need to do this.
If we assume the img.toString() is safe, we can treat them all in the same way - but this isn't always a good assumption to make. Additionally, you should *not* toString() a widget to get HTML back - it is expensive, and might end up surprising you, like not supporting the event handlers you thought it would.
The proper way to turn an ImageResource into an html string is to use AbstractImagePrototype or ImageResourceRenderer, both in GWT itself. Using the former, we would change your code to look like this:
Code:
SafeHtmlBuilder sb = new SafeHtmlBuilder();
sb.appendHtmlConstant("<div style=\"text-align:center;\">");
sb.append(AbstractImagePrototype.create(ExampleImages.INSTANCE.checked()).getSafeHtml());
sb.appendHtmlConstant("</div>");
colConfig = new ColumnConfig<TransactionSummaryProxy, Double>(
props.de4TransactionAmount(), 100, sb.toSafeHtml());
Another, slightly easier to read approach could be an XTemplate:
Code:
interface MyImageTemplate extends XTemplates {
@XTemplate("<div style=\"text-align:center;\">{img}</div>")
SafeHtml render(SafeHtml img);
}
...
MyImageTemplate template = GWT.create(MyImageTemplate.class);
...
SafeHtml image = AbstractImagePrototype.create(ExampleImages.INSTANCE.checked()).getSafeHtml();
SafeHtml header = template.render(image);
colConfig = new ColumnConfig<TransactionSummaryProxy, Double>(
props.de4TransactionAmount(), 100, header);