You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by do...@apache.org on 2008/02/25 20:55:27 UTC
svn commit: r630971 - in /incubator/shindig/trunk/features: core/
opensocial-0.7/ opensocial-reference/ opensocial-samplecontainer/
Author: doll
Date: Mon Feb 25 11:55:25 2008
New Revision: 630971
URL: http://svn.apache.org/viewvc?rev=630971&view=rev
Log:
Rolled back my previous changes to escapeString.
Instead, made a new method, gadgets.util.escape that is container only. This method handles logic for escaping strings, arrays and objects.
Updated the samplecontainer, jsoncontainer, and the reference code to use these new methods. App data is now properly escaped.
Modified:
incubator/shindig/trunk/features/core/util.js
incubator/shindig/trunk/features/opensocial-0.7/jsoncontainer.js
incubator/shindig/trunk/features/opensocial-reference/activity.js
incubator/shindig/trunk/features/opensocial-reference/address.js
incubator/shindig/trunk/features/opensocial-reference/bodytype.js
incubator/shindig/trunk/features/opensocial-reference/email.js
incubator/shindig/trunk/features/opensocial-reference/enum.js
incubator/shindig/trunk/features/opensocial-reference/message.js
incubator/shindig/trunk/features/opensocial-reference/name.js
incubator/shindig/trunk/features/opensocial-reference/organization.js
incubator/shindig/trunk/features/opensocial-reference/person.js
incubator/shindig/trunk/features/opensocial-reference/phone.js
incubator/shindig/trunk/features/opensocial-reference/url.js
incubator/shindig/trunk/features/opensocial-samplecontainer/samplecontainer.js
Modified: incubator/shindig/trunk/features/core/util.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/util.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core/util.js (original)
+++ incubator/shindig/trunk/features/core/util.js Mon Feb 25 11:55:25 2008
@@ -183,6 +183,45 @@
/**
* Escapes the input using html entities to make it safer.
*
+ * If the input is a string, uses gadgets.util.escapeString.
+ * If it is an array, calls escape on each of the array elements
+ * if it is an object, will only escape all the mapped keys and values if
+ * the opt_escapeObjects flag is set. This operation involves creating an
+ * entirely new object so only set the flag when the input is a simple
+ * string to string map.
+ * Otherwise, does not attempt to modify the input.
+ *
+ * @param {Object} input The object to escape
+ * @param {Boolean} opt_escapeObjects Whether to escape objects.
+ * @return {Object} The escaped object
+ * @private Only to be used by the container, not gadgets.
+ */
+ escape : function(input, opt_escapeObjects) {
+
+ if (typeof input == "string") {
+ return gadgets.util.escapeString(input);
+
+ } else if (typeof input == "array") {
+ for (var i = 0; i < input.length; i++) {
+ input[i] = gadgets.util.escape(input[i]);
+ }
+
+ } else if (opt_escapeObjects) {
+ var newObject = {};
+ for (var field in input) if (input.hasOwnProperty(field)) {
+ newObject[gadgets.util.escapeString(field)]
+ = gadgets.util.escape(input[field], true);
+ }
+ return newObject;
+
+ } else {
+ return input;
+ }
+ },
+
+ /**
+ * Escapes the input using html entities to make it safer.
+ *
* Currently only escapes < > ' and " All known browsers handle
* & without issue.
*
@@ -196,14 +235,10 @@
* @return {String} The escaped string
*/
escapeString : function(str) {
- if (typeof str == "string") {
- return str.replace(/</g, "<")
- .replace(/>/g, ">")
- .replace(/"/g, """)
- .replace(/'/g, "'");
- } else {
- return str;
- }
+ return str.replace(/</g, "<")
+ .replace(/>/g, ">")
+ .replace(/"/g, """)
+ .replace(/'/g, "'");
},
/**
Modified: incubator/shindig/trunk/features/opensocial-0.7/jsoncontainer.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-0.7/jsoncontainer.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-0.7/jsoncontainer.js (original)
+++ incubator/shindig/trunk/features/opensocial-0.7/jsoncontainer.js Mon Feb 25 11:55:25 2008
@@ -128,7 +128,11 @@
JsonContainer.prototype.newFetchPersonAppDataRequest = function(
idSpec, keys) {
return new RequestItem({'type' : 'FETCH_PERSON_APP_DATA', 'idSpec' : idSpec,
- 'keys' : keys});
+ 'keys' : keys},
+ function (appData) {
+ return new opensocial.ResponseItem(null,
+ gadgets.util.escape(appData, true)); // TODO: Original request
+ });
};
JsonContainer.prototype.newUpdatePersonAppDataRequest = function(
Modified: incubator/shindig/trunk/features/opensocial-reference/activity.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/activity.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/activity.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/activity.js Mon Feb 25 11:55:25 2008
@@ -354,7 +354,7 @@
* @member opensocial.Activity
*/
opensocial.Activity.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
@@ -467,7 +467,7 @@
* @return {String} The data
*/
opensocial.Activity.MediaItem.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/address.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/address.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/address.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/address.js Mon Feb 25 11:55:25 2008
@@ -142,5 +142,5 @@
* @return {String} The data
*/
opensocial.Address.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/bodytype.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/bodytype.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/bodytype.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/bodytype.js Mon Feb 25 11:55:25 2008
@@ -97,5 +97,5 @@
* @return {String} The data
*/
opensocial.BodyType.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/email.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/email.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/email.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/email.js Mon Feb 25 11:55:25 2008
@@ -76,5 +76,5 @@
* @return {String} The data
*/
opensocial.Email.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/enum.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/enum.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/enum.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/enum.js Mon Feb 25 11:55:25 2008
@@ -80,7 +80,7 @@
* below.
*/
opensocial.Enum.prototype.getKey = function() {
- return gadgets.util.escapeString(this.key);
+ return gadgets.util.escape(this.key);
};
@@ -91,7 +91,7 @@
* @return {String} The enum's value.
*/
opensocial.Enum.prototype.getDisplayValue = function() {
- return gadgets.util.escapeString(this.displayValue);
+ return gadgets.util.escape(this.displayValue);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/message.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/message.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/message.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/message.js Mon Feb 25 11:55:25 2008
@@ -135,7 +135,7 @@
* @member opensocial.Message
*/
opensocial.Message.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/name.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/name.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/name.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/name.js Mon Feb 25 11:55:25 2008
@@ -103,5 +103,5 @@
* @return {String} The data
*/
opensocial.Name.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/organization.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/organization.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/organization.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/organization.js Mon Feb 25 11:55:25 2008
@@ -140,5 +140,5 @@
* @return {String} The data
*/
opensocial.Organization.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/person.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/person.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/person.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/person.js Mon Feb 25 11:55:25 2008
@@ -527,7 +527,7 @@
* @return {String} The data
*/
opensocial.Person.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/phone.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/phone.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/phone.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/phone.js Mon Feb 25 11:55:25 2008
@@ -76,5 +76,5 @@
* @return {String} The data
*/
opensocial.Phone.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/url.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/url.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/url.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/url.js Mon Feb 25 11:55:25 2008
@@ -83,5 +83,5 @@
* @return {String} The data
*/
opensocial.Url.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-samplecontainer/samplecontainer.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-samplecontainer/samplecontainer.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-samplecontainer/samplecontainer.js (original)
+++ incubator/shindig/trunk/features/opensocial-samplecontainer/samplecontainer.js Mon Feb 25 11:55:25 2008
@@ -273,7 +273,7 @@
}
}
}
- requestedValue = values;
+ requestedValue = gadgets.util.escape(values, true);
break;
case 'UPDATE_PERSON_APP_DATA' :
@@ -290,7 +290,7 @@
|| userId == this.viewer.getId()) {
userId = this.viewer.getId();
this.personAppData[userId] = this.personAppData[userId] || {};
- this.personAppData[userId][request.key] = request.value;
+ this.personAppData[userId][request.key] = String(request.value);
} else {
errorCode = opensocial.ResponseItem.Error.FORBIDDEN;
errorMessage = 'gadgets can only edit viewer app data';