You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by dd...@apache.org on 2013/01/09 16:37:46 UTC
svn commit: r1430900 - in /shindig/trunk/features: ./
src/main/javascript/features/ src/main/javascript/features/core.config.base/
src/main/javascript/features/domnode/
src/main/javascript/features/dynamic-size.util/
src/main/javascript/features/gadget...
Author: ddumont
Date: Wed Jan 9 15:37:45 2013
New Revision: 1430900
URL: http://svn.apache.org/viewvc?rev=1430900&view=rev
Log:
SHINDIG-1883 - dynamic-size feature implemenation is weak and vulnerable
Added:
shindig/trunk/features/src/main/javascript/features/domnode/
shindig/trunk/features/src/main/javascript/features/domnode/constants.js (with props)
shindig/trunk/features/src/main/javascript/features/domnode/feature.xml (with props)
Modified:
shindig/trunk/features/pom.xml
shindig/trunk/features/src/main/javascript/features/core.config.base/config.js
shindig/trunk/features/src/main/javascript/features/core.config.base/feature.xml
shindig/trunk/features/src/main/javascript/features/dynamic-size.util/dynamic-size-util.js
shindig/trunk/features/src/main/javascript/features/dynamic-size.util/feature.xml
shindig/trunk/features/src/main/javascript/features/features.txt
shindig/trunk/features/src/main/javascript/features/gadgets.json.ext/feature.xml
shindig/trunk/features/src/main/javascript/features/gadgets.json.ext/json-xmltojson.js
shindig/trunk/features/src/main/javascript/features/jsondom/feature.xml
shindig/trunk/features/src/main/javascript/features/jsondom/jsondom.js
shindig/trunk/features/src/main/javascript/features/minimessage/feature.xml
shindig/trunk/features/src/main/javascript/features/minimessage/minimessage.js
shindig/trunk/features/src/main/javascript/features/opensocial-data/data.js
shindig/trunk/features/src/main/javascript/features/opensocial-data/feature.xml
shindig/trunk/features/src/main/javascript/features/views/feature.xml
shindig/trunk/features/src/main/javascript/features/views/views.js
shindig/trunk/features/src/test/javascript/features/alltests.js
Modified: shindig/trunk/features/pom.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/features/pom.xml?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/pom.xml (original)
+++ shindig/trunk/features/pom.xml Wed Jan 9 15:37:45 2013
@@ -123,6 +123,7 @@
<source>../../../../src/test/javascript/features/mocks/window.js</source>
<source>../../../../src/test/javascript/features/mocks/xhr.js</source>
<source>globals/globals.js</source>
+ <source>domnode/constants.js</source>
<source>cloo/cloo.js</source>
<source>core.config.base/config.js</source>
<source>core.config/validators.js</source>
Modified: shindig/trunk/features/src/main/javascript/features/core.config.base/config.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/core.config.base/config.js?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/core.config.base/config.js (original)
+++ shindig/trunk/features/src/main/javascript/features/core.config.base/config.js Wed Jan 9 15:37:45 2013
@@ -109,7 +109,7 @@ gadgets.config = function() {
function getInnerText(scriptNode) {
var scriptText = '';
- if (scriptNode.nodeType == 3 || scriptNode.nodeType == 4) {
+ if (scriptNode.nodeType == DOM_TEXT_NODE || scriptNode.nodeType == DOM_CDATA_SECTION_NODE) {
scriptText = scriptNode.nodeValue;
} else if (scriptNode.innerText) {
scriptText = scriptNode.innerText;
Modified: shindig/trunk/features/src/main/javascript/features/core.config.base/feature.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/core.config.base/feature.xml?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/core.config.base/feature.xml (original)
+++ shindig/trunk/features/src/main/javascript/features/core.config.base/feature.xml Wed Jan 9 15:37:45 2013
@@ -19,13 +19,14 @@
<feature>
<name>core.config.base</name>
<dependency>globals</dependency>
+ <dependency>domnode</dependency>
<all>
<script src="config.js"/>
<api>
<exports type="js">gadgets.config.register</exports>
<exports type="js">gadgets.config.get</exports>
<exports type="js">gadgets.config.init</exports>
- <exports type="js">gadgets.config.update</exports>
+ <exports type="js">gadgets.config.update</exports>
</api>
</all>
</feature>
Added: shindig/trunk/features/src/main/javascript/features/domnode/constants.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/domnode/constants.js?rev=1430900&view=auto
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/domnode/constants.js (added)
+++ shindig/trunk/features/src/main/javascript/features/domnode/constants.js Wed Jan 9 15:37:45 2013
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+// Based on <http://www.w3.org/TR/2000/ REC-DOM-Level-2-Core-20001113/
+// core.html#ID-1950641247>.
+var DOM_ELEMENT_NODE = 1;
+var DOM_ATTRIBUTE_NODE = 2;
+var DOM_TEXT_NODE = 3;
+var DOM_CDATA_SECTION_NODE = 4;
+var DOM_ENTITY_REFERENCE_NODE = 5;
+var DOM_ENTITY_NODE = 6;
+var DOM_PROCESSING_INSTRUCTION_NODE = 7;
+var DOM_COMMENT_NODE = 8;
+var DOM_DOCUMENT_NODE = 9;
+var DOM_DOCUMENT_TYPE_NODE = 10;
+var DOM_DOCUMENT_FRAGMENT_NODE = 11;
+var DOM_NOTATION_NODE = 12;
\ No newline at end of file
Propchange: shindig/trunk/features/src/main/javascript/features/domnode/constants.js
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: shindig/trunk/features/src/main/javascript/features/domnode/constants.js
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: shindig/trunk/features/src/main/javascript/features/domnode/feature.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/domnode/feature.xml?rev=1430900&view=auto
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/domnode/feature.xml (added)
+++ shindig/trunk/features/src/main/javascript/features/domnode/feature.xml Wed Jan 9 15:37:45 2013
@@ -0,0 +1,38 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+-->
+<feature>
+ <name>domnode</name>
+ <all>
+ <script src="constants.js"/>
+ <api>
+ <exports type="js">DOM_ELEMENT_NODE</exports>
+ <exports type="js">DOM_ATTRIBUTE_NODE</exports>
+ <exports type="js">DOM_TEXT_NODE</exports>
+ <exports type="js">DOM_CDATA_SECTION_NODE</exports>
+ <exports type="js">DOM_ENTITY_REFERENCE_NODE</exports>
+ <exports type="js">DOM_ENTITY_NODE</exports>
+ <exports type="js">DOM_PROCESSING_INSTRUCTION_NODE</exports>
+ <exports type="js">DOM_COMMENT_NODE</exports>
+ <exports type="js">DOM_DOCUMENT_NODE</exports>
+ <exports type="js">DOM_DOCUMENT_TYPE_NODE</exports>
+ <exports type="js">DOM_DOCUMENT_FRAGMENT_NODE</exports>
+ <exports type="js">DOM_NOTATION_NODE</exports>
+ </api>
+ </all>
+</feature>
Propchange: shindig/trunk/features/src/main/javascript/features/domnode/feature.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: shindig/trunk/features/src/main/javascript/features/domnode/feature.xml
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: shindig/trunk/features/src/main/javascript/features/dynamic-size.util/dynamic-size-util.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/dynamic-size.util/dynamic-size-util.js?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/dynamic-size.util/dynamic-size-util.js (original)
+++ shindig/trunk/features/src/main/javascript/features/dynamic-size.util/dynamic-size-util.js Wed Jan 9 15:37:45 2013
@@ -31,11 +31,43 @@ gadgets.window = gadgets.window || {};
* @private
*/
function getElementComputedStyle(elem, attr) {
- if (window.getComputedStyle) {
- var style = window.getComputedStyle(elem, null);
+ var n = navigator;
+ var dua = n.userAgent,dav = n.appVersion;
+ var isWebKit = parseFloat(dua.split("WebKit/")[1]) || undefined;
+ var isIE = parseFloat(dav.split("MSIE ")[1]) || undefined;
+ var gcs;
+ if(isWebKit){
+ /**
+ * Get the computed style from the dom node, implementation of this function differs in browsers.
+ * @private
+ * @param {DomNode} node the dom node.
+ * @return {Object} the style object.
+ */
+ gcs = function(node){
+ var s;
+ if(node.nodeType == DOM_ELEMENT_NODE){
+ var dv = node.ownerDocument.defaultView;
+ s = dv.getComputedStyle(node, null);
+ if(!s && node.style){
+ node.style.display = "";
+ s = dv.getComputedStyle(node, null);
+ }
+ }
+ return s || {};
+ };
+ } else if (isIE) {
+ gcs = function(node){
+ // IE (as of 7) doesn't expose Element like sane browsers
+ return node.nodeType == DOM_ELEMENT_NODE ? node.currentStyle : {};
+ };
} else {
- var style = elem.currentStyle;
+ gcs = function(node){
+ return node.nodeType == DOM_ELEMENT_NODE ?
+ node.ownerDocument.defaultView.getComputedStyle(node, null) : {};
+ };
}
+
+ var style = gcs(elem);
return attr && style ? style[attr] : style;
}
Modified: shindig/trunk/features/src/main/javascript/features/dynamic-size.util/feature.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/dynamic-size.util/feature.xml?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/dynamic-size.util/feature.xml (original)
+++ shindig/trunk/features/src/main/javascript/features/dynamic-size.util/feature.xml Wed Jan 9 15:37:45 2013
@@ -21,6 +21,7 @@ specific language governing permissions
<feature>
<name>dynamic-size.util</name>
<dependency>globals</dependency>
+ <dependency>domnode</dependency>
<dependency>taming</dependency>
<all>
<script src="dynamic-size-util.js"/>
Modified: shindig/trunk/features/src/main/javascript/features/features.txt
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/features.txt?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/features.txt (original)
+++ shindig/trunk/features/src/main/javascript/features/features.txt Wed Jan 9 15:37:45 2013
@@ -51,6 +51,7 @@ features/core.util.urlparams/feature.xml
features/core/feature.xml
features/defer.test/feature.xml
features/deferjs/feature.xml
+features/domnode/feature.xml
features/dynamic-height.height/feature.xml
features/dynamic-height/feature.xml
features/dynamic-size.util/feature.xml
Modified: shindig/trunk/features/src/main/javascript/features/gadgets.json.ext/feature.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/gadgets.json.ext/feature.xml?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/gadgets.json.ext/feature.xml (original)
+++ shindig/trunk/features/src/main/javascript/features/gadgets.json.ext/feature.xml Wed Jan 9 15:37:45 2013
@@ -20,6 +20,7 @@
<name>gadgets.json.ext</name>
<dependency>globals</dependency>
<dependency>taming</dependency>
+ <dependency>domnode</dependency>
<all>
<script src="json-xmltojson.js"/>
<script src="taming.js" caja="1"/>
Modified: shindig/trunk/features/src/main/javascript/features/gadgets.json.ext/json-xmltojson.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/gadgets.json.ext/json-xmltojson.js?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/gadgets.json.ext/json-xmltojson.js (original)
+++ shindig/trunk/features/src/main/javascript/features/gadgets.json.ext/json-xmltojson.js Wed Jan 9 15:37:45 2013
@@ -29,9 +29,6 @@
*/
gadgets.json.xml = (function() {
- //Integer which represents a text node
- var TEXT_NODE = 3;
-
/**
* Parses all the child nodes of a specific DOM element and adds them to the JSON object
* passed in.
@@ -43,7 +40,7 @@ gadgets.json.xml = (function() {
function parseChildNodes(childNodes, json) {
for (var index = 0; index < childNodes.length; index++) {
var node = childNodes[index];
- if (node.nodeType == TEXT_NODE) {
+ if (node.nodeType == DOM_TEXT_NODE) {
setTextNodeValue(json, node.nodeName, node);
}
else {
@@ -65,7 +62,7 @@ gadgets.json.xml = (function() {
}
}
else {
- if (node.childNodes.length == 1 && node.firstChild.nodeType == TEXT_NODE && (node.attributes == null || node.attributes.length == 0)) {
+ if (node.childNodes.length == 1 && node.firstChild.nodeType == DOM_TEXT_NODE && (node.attributes == null || node.attributes.length == 0)) {
/*
* There is only one child node and it is a text node AND we have no attributes so
* just extract the text value from the text node and set it in the JSON object.
Modified: shindig/trunk/features/src/main/javascript/features/jsondom/feature.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/jsondom/feature.xml?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/jsondom/feature.xml (original)
+++ shindig/trunk/features/src/main/javascript/features/jsondom/feature.xml Wed Jan 9 15:37:45 2013
@@ -29,6 +29,7 @@ specific language governing permissions
-->
<name>jsondom</name>
<dependency>globals</dependency>
+ <dependency>domnode</dependency>
<dependency>xmlutil</dependency>
<gadget>
<script src="jsondom.js"/>
Modified: shindig/trunk/features/src/main/javascript/features/jsondom/jsondom.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/jsondom/jsondom.js?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/jsondom/jsondom.js (original)
+++ shindig/trunk/features/src/main/javascript/features/jsondom/jsondom.js Wed Jan 9 15:37:45 2013
@@ -16,21 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-// Based on <http://www.w3.org/TR/2000/ REC-DOM-Level-2-Core-20001113/
-// core.html#ID-1950641247>.
-var DOM_ELEMENT_NODE = 1;
-var DOM_ATTRIBUTE_NODE = 2;
-var DOM_TEXT_NODE = 3;
-var DOM_CDATA_SECTION_NODE = 4;
-var DOM_ENTITY_REFERENCE_NODE = 5;
-var DOM_ENTITY_NODE = 6;
-var DOM_PROCESSING_INSTRUCTION_NODE = 7;
-var DOM_COMMENT_NODE = 8;
-var DOM_DOCUMENT_NODE = 9;
-var DOM_DOCUMENT_TYPE_NODE = 10;
-var DOM_DOCUMENT_FRAGMENT_NODE = 11;
-var DOM_NOTATION_NODE = 12;
-
gadgets.jsondom = (function() {
var domCache = {};
Modified: shindig/trunk/features/src/main/javascript/features/minimessage/feature.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/minimessage/feature.xml?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/minimessage/feature.xml (original)
+++ shindig/trunk/features/src/main/javascript/features/minimessage/feature.xml Wed Jan 9 15:37:45 2013
@@ -21,6 +21,7 @@ specific language governing permissions
<dependency>globals</dependency>
<dependency>taming</dependency>
<dependency>core.config</dependency>
+ <dependency>domnode</dependency>
<gadget>
<script src="minimessage.js"/>
<script src="taming.js" caja="1"/>
Modified: shindig/trunk/features/src/main/javascript/features/minimessage/minimessage.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/minimessage/minimessage.js?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/minimessage/minimessage.js (original)
+++ shindig/trunk/features/src/main/javascript/features/minimessage/minimessage.js Wed Jan 9 15:37:45 2013
@@ -181,10 +181,9 @@ gadgets.MiniMessage.prototype.createStat
// If the message already exists in DOM, preserve its location.
// Otherwise, insert it at the top.
- var ELEMENT_NODE = 1;
if (typeof message === 'object' &&
message.parentNode &&
- message.parentNode.nodeType === ELEMENT_NODE) {
+ message.parentNode.nodeType === DOM_ELEMENT_NODE) {
var messageClone = message.cloneNode(true);
message.style.display = 'none';
messageClone.id = '';
Modified: shindig/trunk/features/src/main/javascript/features/opensocial-data/data.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/opensocial-data/data.js?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/opensocial-data/data.js (original)
+++ shindig/trunk/features/src/main/javascript/features/opensocial-data/data.js Wed Jan 9 15:37:45 2013
@@ -471,7 +471,7 @@ opensocial.data.loadRequestsFromMarkup_
// Find the <root> node (skip DOCTYPE).
var node = doc.firstChild;
- while (node.nodeType != 1) {
+ while (node.nodeType != DOM_ELEMENT_NODE) {
node = node.nextSibling;
}
@@ -486,7 +486,7 @@ opensocial.data.loadRequestsFromMarkup_
*/
opensocial.data.processDataNode_ = function(node) {
for (var child = node.firstChild; child; child = child.nextSibling) {
- if (child.nodeType == 1) {
+ if (child.nodeType == DOM_ELEMENT_NODE) {
var requestDescriptor = new opensocial.data.RequestDescriptor(child);
}
}
Modified: shindig/trunk/features/src/main/javascript/features/opensocial-data/feature.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/opensocial-data/feature.xml?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/opensocial-data/feature.xml (original)
+++ shindig/trunk/features/src/main/javascript/features/opensocial-data/feature.xml Wed Jan 9 15:37:45 2013
@@ -24,7 +24,8 @@
<dependency>opensocial-data-context</dependency>
<dependency>opensocial</dependency>
<dependency>xmlutil</dependency>
- <gadget>
+ <dependency>domnode</dependency>
+ <gadget>
<script src="data.js"></script>
</gadget>
</feature>
Modified: shindig/trunk/features/src/main/javascript/features/views/feature.xml
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/views/feature.xml?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/views/feature.xml (original)
+++ shindig/trunk/features/src/main/javascript/features/views/feature.xml Wed Jan 9 15:37:45 2013
@@ -30,6 +30,7 @@ A map of view names to view attributes.
<dependency>core.json</dependency>
<dependency>core.util</dependency>
<dependency>rpc</dependency>
+ <dependency>domnode</dependency>
<gadget>
<script src="views.js"/>
<script src="taming.js" caja="1"/>
Modified: shindig/trunk/features/src/main/javascript/features/views/views.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/views/views.js?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/views/views.js (original)
+++ shindig/trunk/features/src/main/javascript/features/views/views.js Wed Jan 9 15:37:45 2013
@@ -62,7 +62,7 @@ gadgets.views = function() {
target = e.srcElement;
}
- if (target.nodeType === 3) {
+ if (target.nodeType === DOM_TEXT_NODE) {
target = target.parentNode;
}
Modified: shindig/trunk/features/src/test/javascript/features/alltests.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/test/javascript/features/alltests.js?rev=1430900&r1=1430899&r2=1430900&view=diff
==============================================================================
--- shindig/trunk/features/src/test/javascript/features/alltests.js (original)
+++ shindig/trunk/features/src/test/javascript/features/alltests.js Wed Jan 9 15:37:45 2013
@@ -38,6 +38,7 @@ if (!this.JsUtil) {
eval(JsUtil.prototype.include(testSrcDir + '/mocks/xhr.js'));
eval(JsUtil.prototype.include(srcDir + '/globals/globals.js'));
eval(JsUtil.prototype.include(srcDir + '/cloo/cloo.js'));
+ eval(JsUtil.prototype.include(srcDir + '/domnode/constants.js'));
eval(JsUtil.prototype.include(srcDir + '/core.config.base/config.js'));
eval(JsUtil.prototype.include(srcDir + '/core.config/validators.js'));
eval(JsUtil.prototype.include(srcDir + '/core.json/json-native.js'));