How do I set a GWT UiBinder element's inner HTML using SafeHTML instead of a String?

I have the following element created by UiBinder:

@UiField UListElement phones;

With the following markup:

<ul ui:field="phones" class="contact section"></ul>

I had previously been using the method setInnerHtml(String) to s开发者_开发知识库et the value. For example:

phones.setInnerHtml("<li><span class='title'>" + title + 
    "</span><div class='phone'><a href='tel:" + number + "'>" + 
    number + "</a></div></li>");

I would now like to use SafeHtmlTemplates to reduce the possibility of having XSS (cross-site scripting) problems. Using a SafeHtmlTemplate, I now get back SafeHtml which I would like to stick into my phones element variable. How do I do this? I don't see a method that would take a SafeHtml type variable.

To use SafeHtml you have to stick to GWTs widgets. More specific:

With the introduction of the com.google.gwt.safehtml package, all of the core GWT library's widgets that take String arguments that are interpreted as HTML have been augmented with corresponding methods that take a SafeHtml-typed value. In particular, all widgets that implement the HasHTML (or HasDirectionalHtml) interface also implement the HasSafeHtml (or HasDirectionalSafeHtml, respectively) interface.

If Ui:Binder should generate safe html you have to set the following property in your module xml:

<set-configuration-property name="UiBinder.useSafeHtmlTemplates" value="true" />