Author: doll
Date: Wed Jan 23 16:04:11 2008
New Revision: 614742
URL: http://svn.apache.org/viewvc?rev=614742&view=rev
Log:
- updated the caja javascript files (really need to pull these from maven
soon).
- modified samplecontainer code to now toggle caja permssiveness
- modified opensocial to include gadgets in outers and prefixes to css classes
in the html sanitizing code
- also commented out the cache toggle in samplecontainer as it no longer
applies (due to john removing caching from shindig right now)
- fixed comment in prefs.js file to escape html script tags
Added:
incubator/shindig/trunk/features/caja/log-to-console.js
Modified:
incubator/shindig/trunk/features/caja/caja.js
incubator/shindig/trunk/features/caja/feature.xml
incubator/shindig/trunk/features/caja/html-sanitizer.js
incubator/shindig/trunk/features/caja/permissive.js
incubator/shindig/trunk/features/core/prefs.js
incubator/shindig/trunk/features/opensocial-reference/container.js
incubator/shindig/trunk/features/opensocial-samplecontainer/feature.xml
incubator/shindig/trunk/javascript/samplecontainer/samplecontainer.html
Modified: incubator/shindig/trunk/features/caja/caja.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/caja/caja.js?rev=614742&r1=614741&r2=614742&view=diff
==============================================================================
--- incubator/shindig/trunk/features/caja/caja.js (original)
+++ incubator/shindig/trunk/features/caja/caja.js Wed Jan 23 16:04:11 2008
@@ -107,20 +107,32 @@
////////////////////////////////////////////////////////////////////////
/**
- * The initial default ___.log(str) does nothing.
+ * The initial default logging function does nothing.
* <p>
* Note: JavaScript has no macros, so even in the "does nothing"
* case, remember that the arguments are still evaluated.
*/
- var myLogFunc_ = function(str) {};
+ var myLogFunc_ = function(str, opt_stop) {};
/**
- * Gets the currently registered ___.log(str) function.
+ * Gets the currently registered logging function.
*/
function getLogFunc() { return myLogFunc_; }
/**
- * Register newLogFunc to be called by ___.log(str)
+ * Register newLogFunc as the current logging function, to be called
+ * by <tt>___.log(str)</tt> and <tt>___.fail(...)</tt>.
+ * <p>
+ * A logging function is assumed to have the signature
+ * <tt>(str, opt_stop)</tt>, where<ul>
+ * <li><tt>str</tt> is the diagnostic string to be logged, and
+ * <li><tt>opt_stop</tt>, if present and <tt>true</tt>, indicates
+ * that normal flow control is about to be terminated by a
+ * throw. This provides the logging function the opportunity to
+ * terminate normal control flow in its own way, such as by
+ * invoking an undefined method, in order to trigger a Firebug
+ * stacktrace.
+ * </ul>
*/
function setLogFunc(newLogFunc) { myLogFunc_ = newLogFunc; }
@@ -140,7 +152,7 @@
*/
function fail(var_args) {
var message = Array.prototype.slice.call(arguments, 0).join('');
- log(message);
+ myLogFunc_(message, true);
throw new Error(message);
}
@@ -653,7 +665,7 @@
if (isCtor(meth)) {
fail("constructors can't be methods: ", meth);
}
- if (isSimpleFunc(constr)) {
+ if (isSimpleFunc(meth)) {
fail("Simple functions can't be methods: ", meth);
}
meth.___METHOD_OF___ = asCtorOnly(constr);
@@ -715,27 +727,45 @@
fail("Untamed functions can't be called as methods: ", meth);
}
- /**
- * Only simple functions or primitive casts can be called
- * as simple functions.
- */
- function asSimpleFunc(fun) {
- if (isSimpleFunc(fun)) {
- return primFreeze(fun);
- }
-
- enforceType(fun, 'function');
- if (isCtor(fun)) {
- if (fun === String || fun === Number || fun === Boolean) {
- return fun;
- }
- fail("Constructors can't be called as simple functions: ", fun);
- }
- if (isMethod(fun)) {
- fail("Methods can't be called as simple functions: ", fun);
- }
- fail("Untamed functions can't be called as simple functions: ", fun);
- }
+ /** Only simple functions can be called as simple functions */
+ function asSimpleFunc(fun) {
+ if (isSimpleFunc(fun)) {
+ return primFreeze(fun);
+ }
+
+ enforceType(fun, 'function');
+ if (isCtor(fun)) {
+ if (fun === Number || fun === String || fun === Boolean) {
+ // TODO(erights): To avoid accidents, <tt>method</tt>,
+ // <tt>simpleFunc</tt>, and <tt>ctor</tt> each ensure that
+ // these classifications are exclusive. A function can be
+ // classified as in at most one of these categories. However,
+ // some primordial type conversion functions like
+ // <tt>String</tt> need to be invocable both ways, so we
+ // should probably relax this constraint.
+ // <p>
+ // But before we do, we should reexamine other
+ // implications. For example, simple-functions, when called
+ // reflectively by <tt>call</tt> or <tt>apply</tt> (and
+ // therefore <tt>bind</tt>), ignore their first argument,
+ // whereas constructors can be called reflectively by
+ // <tt>call</tt> to do super-initialization on behalf of a
+ // derived constructor.
+ // <p>
+ // Curiously, ES3 also defines function behavior different
+ // from constructor behavior for <tt>Object</tt>,
+ // <tt>Date</tt>, <tt>RegExp</tt>, and <tt>Error</tt>. (Not
+ // sure about <tt>Array</tt>.) We should understand these as
+ // well before introducing a proper solution.
+ return fun;
+ }
+ fail("Constructors can't be called as simple functions: ", fun);
+ }
+ if (isMethod(fun)) {
+ fail("Methods can't be called as simple functions: ", fun);
+ }
+ fail("Untamed functions can't be called as simple functions: ", fun);
+ }
/**
* Sets constr.prototype[name] = member.
Modified: incubator/shindig/trunk/features/caja/feature.xml
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/caja/feature.xml?rev=614742&r1=614741&r2=614742&view=diff
==============================================================================
--- incubator/shindig/trunk/features/caja/feature.xml (original)
+++ incubator/shindig/trunk/features/caja/feature.xml Wed Jan 23 16:04:11 2008
@@ -24,8 +24,7 @@
<gadget>
<script src="caja.js"></script>
<script src="html-sanitizer.js"></script>
- <!--Be default permissive.js should not be included.
- Including this file turns off all caja security rules. -->
- <!--<script src="permissive.js"></script>-->
+ <script src="log-to-console.js"></script>
+ <script src="permissive.js"></script>
</gadget>
</feature>
Modified: incubator/shindig/trunk/features/caja/html-sanitizer.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/caja/html-sanitizer.js?rev=614742&r1=614741&r2=614742&view=diff
==============================================================================
--- incubator/shindig/trunk/features/caja/html-sanitizer.js (original)
+++ incubator/shindig/trunk/features/caja/html-sanitizer.js Wed Jan 23 16:04:11
2008
@@ -374,7 +374,7 @@
}
function escapeAttrib(s) {
- return s.replace(/&/g, '&').replace(/</g, '<').replace(/&/g, '>')
+ return s.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>')
.replace(/\"/g, '"');
}
@@ -404,7 +404,7 @@
value = opt_urlXform(value);
}
if ((flags & NMTOKEN_TYPE) && opt_nmTokenXform) {
- value = opt_nmTokenXForm(value);
+ value = opt_nmTokenXform(value);
}
if (null == value) { continue; }
tok = name + '="' + escapeAttrib(value) + '"';
Added: incubator/shindig/trunk/features/caja/log-to-console.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/caja/log-to-console.js?rev=614742&view=auto
==============================================================================
--- incubator/shindig/trunk/features/caja/log-to-console.js (added)
+++ incubator/shindig/trunk/features/caja/log-to-console.js Wed Jan 23 16:04:11
2008
@@ -0,0 +1,44 @@
+// Copyright (C) 2007 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
.............................................................................
+
+// If this module is loaded after caja.js is loaded, and in an
+// environment (such as produced by turning on Firebug) where
+// <tt>console.log</tt> is a function, then it will register
+// (a wrapper around) <tt>console.log</tt> with
+// <tt>___.setLogFunc()</tt> so caja.js will log its diagnostics
+// to the Firebug console.
+
+// If you load triv-logger.js and log-to-console.js into the same
+// system, the last one loaded wins.
+
+// This module is written in Javascript, not Caja, and would be
+// rejected by the Caja translator.
+
+
+(function(global) {
+
+ if (global.___ &&
+ global.console &&
+ typeof global.console.log === 'function') {
+
+ ___.setLogFunc(function(str, opt_stop) {
+ global.console.log(str);
+ if (opt_stop) {
+ ({}).noSuchMethod(str);
+ }
+ });
+ }
+
+})(this);
Modified: incubator/shindig/trunk/features/caja/permissive.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/caja/permissive.js?rev=614742&r1=614741&r2=614742&view=diff
==============================================================================
--- incubator/shindig/trunk/features/caja/permissive.js (original)
+++ incubator/shindig/trunk/features/caja/permissive.js Wed Jan 23 16:04:11 2008
@@ -29,9 +29,8 @@
(function() {
-
- ___.log('BEWARE: By loading permissive.js, ' +
- 'all Caja security is hereby waived');
+
+ ___.log('BEWARE: permissive.js loaded');
/**
*
@@ -52,6 +51,8 @@
}
var oldKeeper = ___.getKeeper();
+
+ var enabled = false;
___.setKeeper({
@@ -61,10 +62,41 @@
toString: function() { return '<Permissive Keeper>'; },
/**
+ *
+ */
+ isEnabled: function() { return enabled; },
+
+ /**
+ * After loading permissive, one can
+ * <tt>___.getKeeper().setEnabled(false)</tt>
+ * to disable the permissive behavior of the permissive keeper.
+ * <p>
+ * Note that this only causes it to stop allowing newly faulted
+ * things, but does not reverse the allowances it has already made
+ * in reaction to faults when it was enabled. In other words,
+ * disabling this keeper is a <i>desist</i>, not an
+ * <i>undo</i>. To get the effect of an undo, you must reload the
+ * page. (Or, in a non-browser environment, you must still somehow
+ * rebuild your live JavaScript environment.)
+ */
+ setEnabled: function(newEnabled) {
+ if (newEnabled) {
+ ___.log('BEWARE: By enabling permissive.js, ' +
+ 'all Caja security is hereby waived.');
+ } else {
+ ___.log('BEWARE: Disabling permissive.js only stops it ' +
+ 'from allowing further operations in response to new ' +
+ 'faults. It does not disallow those operations ' +
+ 'already allowed. Consider reloading the page.');
+ }
+ enabled = newEnabled;
+ },
+
+ /**
*
*/
handleRead: function(obj, name) {
- if (name in obj) {
+ if (enabled && name in obj) {
var proto = find(obj, name);
if (proto === obj) {
___.log('Allowing read of (' + obj + ').' + name);
@@ -82,7 +114,7 @@
*
*/
handleCall: function(obj, name, args) {
- if (typeof obj[name] === 'function') {
+ if (enabled && typeof obj[name] === 'function') {
var proto = find(obj, name);
if (proto === obj) {
___.log('Allowing call of (' + obj + ').' + name + '()');
@@ -100,11 +132,13 @@
*
*/
handleSet: function(obj, name, val) {
- ___.log('Allowing (' + obj + ').' + name + ' = ...');
- ___.allowSet(obj, name);
- obj[name] = val;
- if (obj[name] === val) {
- return val;
+ if (enabled) {
+ ___.log('Allowing (' + obj + ').' + name + ' = ...');
+ ___.allowSet(obj, name);
+ obj[name] = val;
+ if (obj[name] === val) {
+ return val;
+ }
}
return oldKeeper.handleSet(obj, name, val);
},
@@ -113,7 +147,7 @@
*
*/
handleDelete: function(obj, name) {
- if (___.hasOwnProp(obj, name)) {
+ if (enabled && ___.hasOwnProp(obj, name)) {
___.log('Allowing delete (' + obj + ').' + name);
___.allowDelete(obj, name);
if (delete obj[name]) {
Modified: incubator/shindig/trunk/features/core/prefs.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/prefs.js?rev=614742&r1=614741&r2=614742&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core/prefs.js (original)
+++ incubator/shindig/trunk/features/core/prefs.js Wed Jan 23 16:04:11 2008
@@ -27,12 +27,12 @@
* Modules with type=url can also use this library to parse arguments passed
* by URL, but this is not the common case:
*
- * <script src="http://apache.org/shindig/prefs.js";></script>
- * <script>
+ * <script src="http://apache.org/shindig/prefs.js"></script>
+ * <script>
* gadgets.Prefs.parseUrl();
* var prefs = new gadgets.Prefs();
* var name = prefs.getString("name");
- * </script>
+ * </script≶
*/
var gadgets = gadgets || {};
Modified: incubator/shindig/trunk/features/opensocial-reference/container.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/container.js?rev=614742&r1=614741&r2=614742&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/container.js
(original)
+++ incubator/shindig/trunk/features/opensocial-reference/container.js Wed Jan
23 16:04:11 2008
@@ -450,7 +450,14 @@
var element = document.getElementById("DOM-PREFIX-" + id);
if (element !== null) {
___.useSetHandler(element, 'innerHTML', function(html) {
- var temp = html_sanitize(html);
+ var temp = html_sanitize(html, null,
+ function (nmtokens) {
+ var tokens = nmtokens.split(/\s+/g);
+ for (var i = 0; i < tokens.length; ++i) {
+ if (tokens[i]) { tokens[i] = 'DOM-PREFIX-' + tokens[i]; }
+ }
+ return tokens.join(' ');
+ });
return this.innerHTML = temp;
});
}
@@ -459,6 +466,10 @@
___.allowCall(outers.document, 'getElementById');
+ // Temporarily adding some gadgets calls to the opensocial code.
+ // This should move into the gadgets js code very soon.
+ outers.gadgets = gadgets;
+
// Adding all of the available opensocial calls as defined in the spec
outers.opensocial = opensocial;
___.allowCall(outers.opensocial, 'requestCreateActivity');
@@ -540,4 +551,4 @@
function plugin_dispatchEvent___(thisNode, event, pluginId, handlerName) {
return ___.getOuters(pluginId)[handlerName](plugin_tamed(thisNode),
plugin_tamed(event));
-}
\ No newline at end of file
+}
Modified:
incubator/shindig/trunk/features/opensocial-samplecontainer/feature.xml
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-samplecontainer/feature.xml?rev=614742&r1=614741&r2=614742&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-samplecontainer/feature.xml
(original)
+++ incubator/shindig/trunk/features/opensocial-samplecontainer/feature.xml Wed
Jan 23 16:04:11 2008
@@ -61,6 +61,14 @@
}
}
+ function initSampleContainer() {
+ var usePermissive = gadgets.util.getUrlParameters()["usepermissive"];
+ if (usePermissive) {
+ ___.getKeeper().setEnabled(true);
+ }
+ changeStateUrl();
+ }
+
function changeStateUrl() {
stateUrl = document.getElementById("stateUrl").value;
StateFileParser.refreshState(stateUrl, messageDiv,
@@ -90,7 +98,7 @@
document.write(stateHtml);
document.getElementById("stateUrl").value = stateUrl;
- changeStateUrl();
+ initSampleContainer();
</script>
</gadget>
Modified:
incubator/shindig/trunk/javascript/samplecontainer/samplecontainer.html
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/javascript/samplecontainer/samplecontainer.html?rev=614742&r1=614741&r2=614742&view=diff
==============================================================================
--- incubator/shindig/trunk/javascript/samplecontainer/samplecontainer.html
(original)
+++ incubator/shindig/trunk/javascript/samplecontainer/samplecontainer.html Wed
Jan 23 16:04:11 2008
@@ -36,6 +36,7 @@
var specUrl =
'http://localhost:8080/gadgets/samplecontainer/examples/SocialHelloWorld.xml';
var useCaja = false;
var useCache = true;
+var usePermissive = false;
var gadget;
function initGadget() {
@@ -57,6 +58,7 @@
function changeGadgetUrl() {
useCaja = document.getElementById("useCajaCheckbox").checked;
useCache = document.getElementById("useCacheCheckbox").checked;
+ usePermissive = document.getElementById("usePermissiveCheckbox").checked;
specUrl = document.getElementById("gadgetUrl").value;
gadget.specUrl = specUrl;
@@ -81,7 +83,10 @@
url += "&caja=1";
}
if (!useCache) {
- url += "&bpc=1";
+ url += "&nocache=1";
+ }
+ if (usePermissive) {
+ url += "&usepermissive=1";
}
return url;
};
@@ -96,7 +101,8 @@
Displaying gadget:
<input type="text" size="75" id="gadgetUrl"/>
<input type="checkbox" id="useCajaCheckbox"/>use caja
- <input type="checkbox" id="useCacheCheckbox" checked="true"/>use cache
+ <input type="checkbox" id="usePermissiveCheckbox"/>use permissive
+ <div style="display:none"><input type="checkbox" id="useCacheCheckbox"
checked="true"/>use cache</div>
<input type="button" value="reset" onclick="changeGadgetUrl();"/>
</div>
<div style="clear:both; height: 1px;"> </div>
