You are viewing a plain text version of this content. The canonical link for it is here.
Posted to batik-dev@xmlgraphics.apache.org by vh...@apache.org on 2002/06/14 15:12:25 UTC
cvs commit: xml-batik/sources/org/apache/batik/swing/svg JSVGComponent.java
vhardy 2002/06/14 06:12:25
Modified: sources/org/apache/batik/apps/svgbrowser Application.java
JSVGViewerFrame.java Main.java
PreferenceDialog.java
sources/org/apache/batik/bridge
BaseScriptingEnvironment.java
DefaultExternalResourceSecurity.java
DefaultScriptSecurity.java
NoLoadExternalResourceSecurity.java
ScriptingEnvironment.java
test-resources/org/apache/batik/bridge unitTesting.xml
resources/org/apache/batik/apps/svgbrowser/resources
GUI.properties
resources/org/apache/batik/bridge/resources
Messages.properties
test-sources/org/apache/batik/bridge
ExternalResourcesTest.java ScriptSelfTest.java
test-sources/org/apache/batik/test/svg
SelfContainedSVGOnLoadTest.java
sources/org/apache/batik/swing/svg JSVGComponent.java
Added: sources/org/apache/batik/apps/svgbrowser ResourceOrigin.java
sources/org/apache/batik/bridge
EmbededExternalResourceSecurity.java
EmbededScriptSecurity.java
test-resources/org/apache/batik/bridge ecmaCheckNoEmbed.svg
embedData.svg
Log:
Additional security features:
- Strict control over ECMAScript. It is now possible to completely
disable ECMAScript. Previously, it was only possible to disable
linked ECMAScripts
- Additional strategy for controlling script and external resource
origin. It is now possible to constrain scripts or external
resources to be 'embeded' in the document. For scripts, that
means scripts in attribute, <script> element content or a
data url on the <script> element href attribute. For external
resources, this means that only the data protocol is allowed.
- Improved security settings in the PreferenceDialog.
- Additional tests checking that security exceptions are thrown
for embeded scripts or image href when this is disallowed by
security settings.
Test Infrastructure:
- New generic test: SVGOnLoadExceptionTest. This is used by the
new tests, but these is a generic test which could be used for
testing error processing.
Revision Changes Path
1.8 +9 -7 xml-batik/sources/org/apache/batik/apps/svgbrowser/Application.java
Index: Application.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/Application.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- Application.java 13 Jun 2002 11:19:37 -0000 1.7
+++ Application.java 14 Jun 2002 13:12:24 -0000 1.8
@@ -84,15 +84,17 @@
boolean canLoadScriptType(String scriptType);
/**
- * Returns true if the script origin should be constrained
- * to be the same as the corresponding document's origin.
+ * Returns the allowed origins for scripts.
+ * @see ResourceOrigin
*/
- boolean constrainScriptOrigin();
+ int getAllowedScriptOrigin();
/**
- * Returns true if resources origin should be constrained to
- * be the same as the corresponding document's origin
+ * Returns the allowed origins for external
+ * resources.
+ *
+ * @see ResourceOrigin.
*/
- boolean constrainExternalResourceOrigin();
+ int getAllowedExternalResourceOrigin();
}
1.80 +31 -14 xml-batik/sources/org/apache/batik/apps/svgbrowser/JSVGViewerFrame.java
Index: JSVGViewerFrame.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/JSVGViewerFrame.java,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- JSVGViewerFrame.java 13 Jun 2002 11:19:37 -0000 1.79
+++ JSVGViewerFrame.java 14 Jun 2002 13:12:24 -0000 1.80
@@ -46,6 +46,7 @@
import java.io.Reader;
import java.util.ArrayList;
+import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
@@ -58,6 +59,7 @@
import java.util.zip.GZIPInputStream;
import javax.swing.AbstractAction;
+import javax.swing.AbstractButton;
import javax.swing.Action;
import javax.swing.BorderFactory;
import javax.swing.ButtonGroup;
@@ -81,7 +83,10 @@
import org.apache.batik.bridge.DefaultScriptSecurity;
import org.apache.batik.bridge.DefaultExternalResourceSecurity;
+import org.apache.batik.bridge.EmbededScriptSecurity;
+import org.apache.batik.bridge.EmbededExternalResourceSecurity;
import org.apache.batik.bridge.NoLoadScriptSecurity;
+import org.apache.batik.bridge.NoLoadExternalResourceSecurity;
import org.apache.batik.bridge.RelaxedScriptSecurity;
import org.apache.batik.bridge.ExternalResourceSecurity;
import org.apache.batik.bridge.RelaxedExternalResourceSecurity;
@@ -2180,14 +2185,21 @@
if (!application.canLoadScriptType(scriptType)) {
return new NoLoadScriptSecurity(scriptType);
} else {
- if (application.constrainScriptOrigin()) {
- return new DefaultScriptSecurity(scriptType,
- scriptURL,
+ switch(application.getAllowedScriptOrigin()) {
+ case ResourceOrigin.ANY:
+ return new RelaxedScriptSecurity(scriptType,
+ scriptURL,
docURL);
- } else {
- return new RelaxedScriptSecurity(scriptType,
+ case ResourceOrigin.DOCUMENT:
+ return new DefaultScriptSecurity(scriptType,
+ scriptURL,
+ docURL);
+ case ResourceOrigin.EMBEDED:
+ return new EmbededScriptSecurity(scriptType,
scriptURL,
docURL);
+ default:
+ return new NoLoadScriptSecurity(scriptType);
}
}
}
@@ -2214,11 +2226,12 @@
ParsedURL scriptURL,
ParsedURL docURL) throws SecurityException {
ScriptSecurity s = getScriptSecurity(scriptType,
- scriptURL,
- docURL);
+ scriptURL,
+ docURL);
+
if (s != null) {
s.checkLoadScript();
- }
+ }
}
/**
@@ -2235,12 +2248,17 @@
public ExternalResourceSecurity
getExternalResourceSecurity(ParsedURL resourceURL,
ParsedURL docURL){
- if (application.constrainExternalResourceOrigin()) {
- return new DefaultExternalResourceSecurity(resourceURL,
- docURL);
- } else {
+ switch(application.getAllowedExternalResourceOrigin()) {
+ case ResourceOrigin.ANY:
return new RelaxedExternalResourceSecurity(resourceURL,
docURL);
+ case ResourceOrigin.DOCUMENT:
+ return new DefaultExternalResourceSecurity(resourceURL,
+ docURL);
+ case ResourceOrigin.EMBEDED:
+ return new EmbededExternalResourceSecurity(resourceURL);
+ default:
+ return new NoLoadExternalResourceSecurity();
}
}
@@ -2270,7 +2288,6 @@
s.checkLoadExternalResource();
}
}
-
}
/**
1.34 +21 -15 xml-batik/sources/org/apache/batik/apps/svgbrowser/Main.java
Index: Main.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/Main.java,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- Main.java 13 Jun 2002 11:19:37 -0000 1.33
+++ Main.java 14 Jun 2002 13:12:24 -0000 1.34
@@ -185,10 +185,10 @@
Boolean.TRUE);
defaults.put(PreferenceDialog.PREFERENCE_KEY_LOAD_ECMASCRIPT,
Boolean.TRUE);
- defaults.put(PreferenceDialog.PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN,
- Boolean.TRUE);
- defaults.put(PreferenceDialog.PREFERENCE_KEY_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN,
- Boolean.FALSE);
+ defaults.put(PreferenceDialog.PREFERENCE_KEY_ALLOWED_SCRIPT_ORIGIN,
+ new Integer(ResourceOrigin.DOCUMENT));
+ defaults.put(PreferenceDialog.PREFERENCE_KEY_ALLOWED_EXTERNAL_RESOURCE_ORIGIN,
+ new Integer(ResourceOrigin.ANY));
securityEnforcer
= new ApplicationSecurityEnforcer(this.getClass(),
@@ -582,20 +582,26 @@
}
/**
- * Returns true if the script origin should be constrained
- * to be the same as the corresponding document's origin.
+ * Returns the allowed origins for scripts.
+ * @see ResourceOrigin
*/
- public boolean constrainScriptOrigin(){
- return preferenceManager.getBoolean
- (PreferenceDialog.PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN);
+ public int getAllowedScriptOrigin() {
+ int ret = preferenceManager.getInteger
+ (PreferenceDialog.PREFERENCE_KEY_ALLOWED_SCRIPT_ORIGIN);
+
+ return ret;
}
/**
- * Returns true if the external resource's origin should be
- * constrained to be the same as the corresponding document's origin
+ * Returns the allowed origins for external
+ * resources.
+ * @see ResourceOrigin.
*/
- public boolean constrainExternalResourceOrigin() {
- return preferenceManager.getBoolean
- (PreferenceDialog.PREFERENCE_KEY_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN);
+ public int getAllowedExternalResourceOrigin() {
+ int ret = preferenceManager.getInteger
+ (PreferenceDialog.PREFERENCE_KEY_ALLOWED_EXTERNAL_RESOURCE_ORIGIN);
+
+ return ret;
}
+
}
1.15 +129 -37 xml-batik/sources/org/apache/batik/apps/svgbrowser/PreferenceDialog.java
Index: PreferenceDialog.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/PreferenceDialog.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- PreferenceDialog.java 13 Jun 2002 11:19:37 -0000 1.14
+++ PreferenceDialog.java 14 Jun 2002 13:12:24 -0000 1.15
@@ -23,9 +23,12 @@
import java.util.Map;
import java.util.Hashtable;
+import java.util.Enumeration;
+import javax.swing.AbstractButton;
import javax.swing.border.Border;
import javax.swing.BorderFactory;
+import javax.swing.ButtonGroup;
import javax.swing.Icon;
import javax.swing.ImageIcon;
import javax.swing.JButton;
@@ -34,6 +37,7 @@
import javax.swing.JLabel;
import javax.swing.JList;
import javax.swing.JPanel;
+import javax.swing.JRadioButton;
import javax.swing.JScrollPane;
import javax.swing.JTabbedPane;
import javax.swing.JTextField;
@@ -134,12 +138,6 @@
public static final String LABEL_LOAD_ECMASCRIPT
= "PreferenceDialog.label.load.ecmascript";
- public static final String LABEL_CONSTRAIN_SCRIPT_ORIGIN
- = "PreferenceDialog.label.constrain.script.origin";
-
- public static final String LABEL_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN
- = "PreferenceDialog.label.constrain.external.resource.origin";
-
public static final String LABEL_HOST
= "PreferenceDialog.label.host";
@@ -149,6 +147,27 @@
public static final String LABEL_OK
= "PreferenceDialog.label.ok";
+ public static final String LABEL_LOAD_SCRIPTS
+ = "PreferenceDialog.label.load.scripts";
+
+ public static final String LABEL_ORIGIN_ANY
+ = "PreferenceDialog.label.origin.any";
+
+ public static final String LABEL_ORIGIN_DOCUMENT
+ = "PreferenceDialog.label.origin.document";
+
+ public static final String LABEL_ORIGIN_EMBED
+ = "PreferenceDialog.label.origin.embed";
+
+ public static final String LABEL_ORIGIN_NONE
+ = "PreferenceDialog.label.origin.none";
+
+ public static final String LABEL_SCRIPT_ORIGIN
+ = "PreferenceDialog.label.script.origin";
+
+ public static final String LABEL_RESOURCE_ORIGIN
+ = "PreferenceDialog.label.resource.origin";
+
public static final String LABEL_CANCEL
= "PreferenceDialog.label.cancel";
@@ -220,11 +239,11 @@
public static final String PREFERENCE_KEY_LOAD_JAVA
= "preference.key.load.java.script";
- public static final String PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN
- = "preference.key.constrain.script.origin";
+ public static final String PREFERENCE_KEY_ALLOWED_SCRIPT_ORIGIN
+ = "preference.key.allowed.script.origin";
- public static final String PREFERENCE_KEY_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN
- = "preference.key.constrain.external.resource.origin";
+ public static final String PREFERENCE_KEY_ALLOWED_EXTERNAL_RESOURCE_ORIGIN
+ = "preference.key.allowed.external.resource.origin";
/**
* <tt>PreferenceManager</tt> used to store and retrieve
@@ -265,9 +284,9 @@
protected JCheckBox loadEcmascript;
- protected JCheckBox constrainScriptOrigin;
+ protected ButtonGroup scriptOriginGroup;
- protected JCheckBox constrainExternalResourceOrigin;
+ protected ButtonGroup resourceOriginGroup;
protected JTextField host, port;
@@ -333,8 +352,34 @@
enforceSecureScripting.setSelected(model.getBoolean(PREFERENCE_KEY_ENFORCE_SECURE_SCRIPTING));
loadJava.setSelected(model.getBoolean(PREFERENCE_KEY_LOAD_JAVA));
loadEcmascript.setSelected(model.getBoolean(PREFERENCE_KEY_LOAD_ECMASCRIPT));
- constrainScriptOrigin.setSelected(model.getBoolean(PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN));
- constrainExternalResourceOrigin.setSelected(model.getBoolean(PREFERENCE_KEY_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN));
+
+ String allowedScriptOrigin = "" + model.getInteger(PREFERENCE_KEY_ALLOWED_SCRIPT_ORIGIN);
+ if (allowedScriptOrigin == null || "".equals(allowedScriptOrigin)) {
+ allowedScriptOrigin = "" + ResourceOrigin.NONE;
+ }
+
+ Enumeration e = scriptOriginGroup.getElements();
+ while (e.hasMoreElements()) {
+ AbstractButton ab = (AbstractButton)e.nextElement();
+ String ac = ab.getActionCommand();
+ if (allowedScriptOrigin.equals(ac)) {
+ ab.setSelected(true);
+ }
+ }
+
+ String allowedResourceOrigin = "" + model.getInteger(PREFERENCE_KEY_ALLOWED_EXTERNAL_RESOURCE_ORIGIN);
+ if (allowedResourceOrigin == null || "".equals(allowedResourceOrigin)) {
+ allowedResourceOrigin = "" + ResourceOrigin.NONE;
+ }
+
+ e = resourceOriginGroup.getElements();
+ while (e.hasMoreElements()) {
+ AbstractButton ab = (AbstractButton)e.nextElement();
+ String ac = ab.getActionCommand();
+ if (allowedResourceOrigin.equals(ac)) {
+ ab.setSelected(true);
+ }
+ }
showRendering.setEnabled
(!model.getBoolean(PREFERENCE_KEY_ENABLE_DOUBLE_BUFFERING));
@@ -381,11 +426,10 @@
loadJava.isSelected());
model.setBoolean(PREFERENCE_KEY_LOAD_ECMASCRIPT,
loadEcmascript.isSelected());
- model.setBoolean(PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN,
- constrainScriptOrigin.isSelected());
- model.setBoolean(PREFERENCE_KEY_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN,
- constrainExternalResourceOrigin.isSelected());
-
+ model.setInteger(PREFERENCE_KEY_ALLOWED_SCRIPT_ORIGIN,
+ (new Integer(scriptOriginGroup.getSelection().getActionCommand())).intValue());
+ model.setInteger(PREFERENCE_KEY_ALLOWED_EXTERNAL_RESOURCE_ORIGIN,
+ (new Integer(resourceOriginGroup.getSelection().getActionCommand())).intValue());
model.setString(PREFERENCE_KEY_PROXY_HOST,
host.getText());
model.setString(PREFERENCE_KEY_PROXY_PORT,
@@ -575,23 +619,71 @@
loadEcmascript
= new JCheckBox(Resources.getString(LABEL_LOAD_ECMASCRIPT));
- constrainScriptOrigin
- = new JCheckBox(Resources.getString(LABEL_CONSTRAIN_SCRIPT_ORIGIN));
-
- constrainExternalResourceOrigin
- = new JCheckBox(Resources.getString(LABEL_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN));
-
- p.add(showRendering, 0, 0, 1, 1, WEST, HORIZONTAL, 1, 0);
- p.add(autoAdjustWindow, 0, 1, 1, 1, WEST, HORIZONTAL, 1, 0);
- p.add(enableDoubleBuffering, 0, 2, 1, 1, WEST, HORIZONTAL, 1, 0);
- p.add(showDebugTrace, 0, 3, 1, 1, WEST, HORIZONTAL, 1, 0);
- p.add(selectionXorMode, 0, 4, 1, 1, WEST, HORIZONTAL, 1, 0);
- p.add(isXMLParserValidating, 0, 5, 1, 1, WEST, HORIZONTAL, 1, 0);
- p.add(enforceSecureScripting, 0, 6, 1, 1, WEST, HORIZONTAL, 1, 0);
- p.add(loadJava, 0, 7, 1, 1, WEST, HORIZONTAL, 1, 0);
- p.add(loadEcmascript, 0, 8, 1, 1, WEST, HORIZONTAL, 1, 0);
- p.add(constrainScriptOrigin, 0, 9, 1, 1, WEST, HORIZONTAL, 1, 0);
- p.add(constrainExternalResourceOrigin, 0, 10, 1, 1, WEST, HORIZONTAL, 1, 0);
+ JPanel loadScriptPanel = new JPanel();
+ loadScriptPanel.add(loadJava);
+ loadScriptPanel.add(loadEcmascript);
+
+ JPanel scriptOriginPanel = new JPanel();
+
+ scriptOriginGroup = new ButtonGroup();
+ JRadioButton rb = null;
+
+ rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_ANY));
+ rb.setActionCommand("" + ResourceOrigin.ANY);
+ scriptOriginGroup.add(rb);
+ scriptOriginPanel.add(rb);
+
+ rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_DOCUMENT));
+ rb.setActionCommand("" + ResourceOrigin.DOCUMENT);
+ scriptOriginGroup.add(rb);
+ scriptOriginPanel.add(rb);
+
+ rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_EMBED));
+ rb.setActionCommand("" + ResourceOrigin.EMBEDED);
+ scriptOriginGroup.add(rb);
+ scriptOriginPanel.add(rb);
+
+ rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_NONE));
+ rb.setActionCommand("" + ResourceOrigin.NONE);
+ scriptOriginGroup.add(rb);
+ scriptOriginPanel.add(rb);
+
+ JPanel resourceOriginPanel = new JPanel();
+ resourceOriginGroup = new ButtonGroup();
+
+ rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_ANY));
+ rb.setActionCommand("" + ResourceOrigin.ANY);
+ resourceOriginGroup.add(rb);
+ resourceOriginPanel.add(rb);
+
+ rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_DOCUMENT));
+ rb.setActionCommand("" + ResourceOrigin.DOCUMENT);
+ resourceOriginGroup.add(rb);
+ resourceOriginPanel.add(rb);
+
+ rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_EMBED));
+ rb.setActionCommand("" + ResourceOrigin.EMBEDED);
+ resourceOriginGroup.add(rb);
+ resourceOriginPanel.add(rb);
+
+ rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_NONE));
+ rb.setActionCommand("" + ResourceOrigin.NONE);
+ resourceOriginGroup.add(rb);
+ resourceOriginPanel.add(rb);
+
+ p.add(showRendering, 0, 0, 2, 1, WEST, HORIZONTAL, 1, 0);
+ p.add(autoAdjustWindow, 0, 1, 2, 1, WEST, HORIZONTAL, 1, 0);
+ p.add(enableDoubleBuffering, 0, 2, 2, 1, WEST, HORIZONTAL, 1, 0);
+ p.add(showDebugTrace, 0, 3, 2, 1, WEST, HORIZONTAL, 1, 0);
+ p.add(selectionXorMode, 0, 4, 2, 1, WEST, HORIZONTAL, 1, 0);
+ p.add(isXMLParserValidating, 0, 5, 2, 1, WEST, HORIZONTAL, 1, 0);
+ p.add(enforceSecureScripting, 0, 6, 2, 1, WEST, HORIZONTAL, 1, 0);
+ p.add(new JLabel(Resources.getString(LABEL_LOAD_SCRIPTS)), 0, 7, 1, 1, WEST, NONE, 0, 0);
+ p.add(loadScriptPanel, 1, 7, 1, 1, WEST, NONE, 1, 0);
+ p.add(new JLabel(Resources.getString(LABEL_SCRIPT_ORIGIN)), 0, 8, 1, 1, WEST, NONE, 0, 0);
+ p.add(scriptOriginPanel, 1, 8, 1, 1, WEST, NONE, 1, 0);
+ p.add(new JLabel(Resources.getString(LABEL_RESOURCE_ORIGIN)), 0, 10, 1, 1, WEST, NONE, 0, 0);
+ p.add(resourceOriginPanel, 1, 10, 1, 1, WEST, NONE, 1, 0);
p.setBorder(BorderFactory.createCompoundBorder
(BorderFactory.createTitledBorder
1.1 xml-batik/sources/org/apache/batik/apps/svgbrowser/ResourceOrigin.java
Index: ResourceOrigin.java
===================================================================
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights reserved. *
* ------------------------------------------------------------------------- *
* This software is published under the terms of the Apache Software License *
* version 1.1, a copy of which has been included with this distribution in *
* the LICENSE file. *
*****************************************************************************/
package org.apache.batik.apps.svgbrowser;
/**
* This interface defines constants for the possible resource
* origins.
*
* @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
* @version $Id: ResourceOrigin.java,v 1.1 2002/06/14 13:12:24 vhardy Exp $
*/
public interface ResourceOrigin {
/**
* Any origin
*/
static final int ANY = 1;
/**
* Same as document
*/
static final int DOCUMENT = 2;
/**
* Embeded into the document
*/
static final int EMBEDED = 4;
/**
* No origin is ok
*/
static final int NONE = 8;
}
1.13 +28 -8 xml-batik/sources/org/apache/batik/bridge/BaseScriptingEnvironment.java
Index: BaseScriptingEnvironment.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/BaseScriptingEnvironment.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- BaseScriptingEnvironment.java 14 Jun 2002 08:43:11 -0000 1.12
+++ BaseScriptingEnvironment.java 14 Jun 2002 13:12:24 -0000 1.13
@@ -198,12 +198,18 @@
protected Document document;
/**
+ * The URL of the document ot manage
+ */
+ protected ParsedURL docPURL;
+
+ /**
* Creates a new BaseScriptingEnvironment.
* @param ctx the bridge context
*/
public BaseScriptingEnvironment(BridgeContext ctx) {
bridgeContext = ctx;
document = ctx.getDocument();
+ docPURL = new ParsedURL(((SVGDocument)document).getURL());
userAgent = bridgeContext.getUserAgent();
}
@@ -264,8 +270,6 @@
(XMLBaseSupport.getCascadedXMLBase(script), href);
checkCompatibleScriptURL(type, purl);
- ParsedURL docPURL
- = new ParsedURL(((SVGDocument)document).getURL());
DocumentJarClassLoader cll;
URL docURL = null;
@@ -371,9 +375,8 @@
* compatible. A SecurityException is thrown if loading
* the script is not allowed.
*/
- private void checkCompatibleScriptURL(String scriptType,
+ protected void checkCompatibleScriptURL(String scriptType,
ParsedURL scriptPURL){
- ParsedURL docPURL = new ParsedURL(((SVGDocument)document).getURL());
userAgent.checkLoadScript(scriptType, scriptPURL, docPURL);
}
@@ -392,18 +395,20 @@
}
return;
}
- dispatchSVGLoad(root, interp);
+
+ dispatchSVGLoad(root, interp, true, lang);
}
/**
* Auxiliary method for dispatchSVGLoad.
*/
- protected void dispatchSVGLoad(Element elt, final Interpreter interp) {
+ protected void dispatchSVGLoad(Element elt, final Interpreter interp,
+ boolean checkCanRun, String lang) {
for (Node n = elt.getFirstChild();
n != null;
n = n.getNextSibling()) {
if (n.getNodeType() == n.ELEMENT_NODE) {
- dispatchSVGLoad((Element)n, interp);
+ dispatchSVGLoad((Element)n, interp, checkCanRun, lang);
}
}
@@ -417,6 +422,12 @@
elt.getAttributeNS(null, SVGConstants.SVG_ONLOAD_ATTRIBUTE);
EventListener l = null;
if (s.length() > 0) {
+ if (checkCanRun) {
+ // Check that it is ok to run embeded scripts
+ checkCompatibleScriptURL(lang, docPURL);
+ checkCanRun = false; // we only check once for onload handlers
+ }
+
l = new EventListener() {
public void handleEvent(Event evt) {
try {
@@ -444,6 +455,15 @@
if (userAgent != null) {
Exception ex = ie.getException();
userAgent.displayError((ex == null) ? ie : ex);
+ }
+ }
+
+ /**
+ * Handles the given exception.
+ */
+ protected void handleSecurityException(SecurityException se) {
+ if (userAgent != null) {
+ userAgent.displayError(se);
}
}
1.2 +8 -2 xml-batik/sources/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
Index: DefaultExternalResourceSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/DefaultExternalResourceSecurity.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- DefaultExternalResourceSecurity.java 13 Jun 2002 11:19:37 -0000 1.1
+++ DefaultExternalResourceSecurity.java 14 Jun 2002 13:12:24 -0000 1.2
@@ -19,6 +19,7 @@
* @version $Id$
*/
public class DefaultExternalResourceSecurity implements ExternalResourceSecurity {
+ public static final String DATA_PROTOCOL = "data";
/**
* Message when trying to load a external resource file and the Document
* does not have a URL
@@ -73,12 +74,17 @@
if ((docHost != externalResourceHost) &&
((docHost == null) || (!docHost.equals(externalResourceHost)))){
+
+ if ( externalResourceURL == null
+ ||
+ !DATA_PROTOCOL.equals(externalResourceURL.getProtocol()) ) {
se = new SecurityException
(Messages.formatMessage(ERROR_EXTERNAL_RESOURCE_FROM_DIFFERENT_URL,
new Object[]{externalResourceURL}));
+ }
+
}
}
-
}
}
1.3 +13 -5 xml-batik/sources/org/apache/batik/bridge/DefaultScriptSecurity.java
Index: DefaultScriptSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/DefaultScriptSecurity.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- DefaultScriptSecurity.java 5 Jun 2002 21:14:47 -0000 1.2
+++ DefaultScriptSecurity.java 14 Jun 2002 13:12:24 -0000 1.3
@@ -19,6 +19,7 @@
* @version $Id$
*/
public class DefaultScriptSecurity implements ScriptSecurity {
+ public static final String DATA_PROTOCOL = "data";
/**
* Message when trying to load a script file and the Document
* does not have a URL
@@ -74,10 +75,17 @@
String scriptHost = scriptURL.getHost();
if ((docHost != scriptHost) &&
- ((docHost == null) || (!docHost.equals(scriptHost))))
- se = new SecurityException
- (Messages.formatMessage(ERROR_SCRIPT_FROM_DIFFERENT_URL,
- new Object[]{scriptURL}));
+ ((docHost == null) || (!docHost.equals(scriptHost)))) {
+ if ( !docURL.equals(scriptURL)
+ &&
+ (scriptURL == null
+ ||
+ !DATA_PROTOCOL.equals(scriptURL.getProtocol()) )) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_SCRIPT_FROM_DIFFERENT_URL,
+ new Object[]{scriptURL}));
+ }
+ }
}
}
1.2 +2 -9 xml-batik/sources/org/apache/batik/bridge/NoLoadExternalResourceSecurity.java
Index: NoLoadExternalResourceSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/NoLoadExternalResourceSecurity.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- NoLoadExternalResourceSecurity.java 13 Jun 2002 11:19:37 -0000 1.1
+++ NoLoadExternalResourceSecurity.java 14 Jun 2002 13:12:24 -0000 1.2
@@ -43,15 +43,8 @@
}
/**
- * @param externalResourceURL url for the externalResource, as defined in
- * the externalResource's xlink:href attribute. If that
- * attribute was empty, then this parameter should
- * be null
- * @param docURL url for the document into which the
- * externalResource was found.
*/
- public NoLoadExternalResourceSecurity(ParsedURL externalResourceURL,
- ParsedURL docURL){
+ public NoLoadExternalResourceSecurity(){
se = new SecurityException
(Messages.formatMessage(ERROR_NO_EXTERNAL_RESOURCE_ALLOWED,
null));
1.32 +4 -1 xml-batik/sources/org/apache/batik/bridge/ScriptingEnvironment.java
Index: ScriptingEnvironment.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/ScriptingEnvironment.java,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- ScriptingEnvironment.java 13 Jun 2002 11:19:37 -0000 1.31
+++ ScriptingEnvironment.java 14 Jun 2002 13:12:24 -0000 1.32
@@ -262,9 +262,12 @@
interpreter.bindObject(ALTERNATE_EVENT_NAME, evt);
try {
+ checkCompatibleScriptURL(lang, docPURL);
interpreter.evaluate(script);
} catch (InterpreterException ie) {
handleInterpreterException(ie);
+ } catch (SecurityException se) {
+ handleSecurityException(se);
}
}
1.1 xml-batik/sources/org/apache/batik/bridge/EmbededExternalResourceSecurity.java
Index: EmbededExternalResourceSecurity.java
===================================================================
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights reserved. *
* ------------------------------------------------------------------------- *
* This software is published under the terms of the Apache Software License *
* version 1.1, a copy of which has been included with this distribution in *
* the LICENSE file. *
*****************************************************************************/
package org.apache.batik.bridge;
import org.apache.batik.util.ParsedURL;
/**
* This implementation of the <tt>ExternalResourceSecurity</tt> interface only
* allows external resources embeded in the document, i.e., externalResources
* embeded with the data protocol.
*
* @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
* @version $Id: EmbededExternalResourceSecurity.java,v 1.1 2002/06/14 13:12:24 vhardy Exp $
*/
public class EmbededExternalResourceSecurity implements ExternalResourceSecurity {
public static final String DATA_PROTOCOL = "data";
/**
* Message when trying to load a external resource that is not embeded
* in the document.
*/
public static final String ERROR_EXTERNAL_RESOURCE_NOT_EMBEDED
= "EmbededExternalResourceSecurity.error.external.esource.not.embeded";
/**
* The exception is built in the constructor and thrown if
* not null and the checkLoadExternalResource method is called.
*/
protected SecurityException se;
/**
* Controls whether the externalResource should be loaded or not.
*
* @throws SecurityException if the externalResource should not be loaded.
*/
public void checkLoadExternalResource(){
if (se != null) {
throw se;
}
}
/**
* @param externalResourceURL url for the externalResource, as defined in
* the externalResource's xlink:href attribute. If that
* attribute was empty, then this parameter should
* be null
*/
public EmbededExternalResourceSecurity(ParsedURL externalResourceURL){
if ( externalResourceURL == null
||
!DATA_PROTOCOL.equals(externalResourceURL.getProtocol()) ) {
se = new SecurityException
(Messages.formatMessage(ERROR_EXTERNAL_RESOURCE_NOT_EMBEDED,
new Object[]{externalResourceURL}));
}
}
}
1.1 xml-batik/sources/org/apache/batik/bridge/EmbededScriptSecurity.java
Index: EmbededScriptSecurity.java
===================================================================
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights reserved. *
* ------------------------------------------------------------------------- *
* This software is published under the terms of the Apache Software License *
* version 1.1, a copy of which has been included with this distribution in *
* the LICENSE file. *
*****************************************************************************/
package org.apache.batik.bridge;
import org.apache.batik.util.ParsedURL;
/**
* This implementation of the <tt>ScriptSecurity</tt> interface only
* allows scripts embeded in the document, i.e., scripts whith either
* the same URL as the document (as for event attributes) or scripts
* embeded with the data protocol.
*
* @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
* @version $Id: EmbededScriptSecurity.java,v 1.1 2002/06/14 13:12:24 vhardy Exp $
*/
public class EmbededScriptSecurity implements ScriptSecurity {
public static final String DATA_PROTOCOL = "data";
/**
* Message when trying to load a script file and the Document
* does not have a URL
*/
public static final String ERROR_CANNOT_ACCESS_DOCUMENT_URL
= "DefaultScriptSecurity.error.cannot.access.document.url";
/**
* Message when trying to load a script that is not embeded
* in the document.
*/
public static final String ERROR_SCRIPT_NOT_EMBEDED
= "EmbededScriptSecurity.error.script.not.embeded";
/**
* The exception is built in the constructor and thrown if
* not null and the checkLoadScript method is called.
*/
protected SecurityException se;
/**
* Controls whether the script should be loaded or not.
*
* @throws SecurityException if the script should not be loaded.
*/
public void checkLoadScript(){
if (se != null) {
throw se;
}
}
/**
* @param scriptType type of script, as found in the
* type attribute of the <script> element.
* @param scriptURL url for the script, as defined in
* the script's xlink:href attribute. If that
* attribute was empty, then this parameter should
* be null
* @param docURL url for the document into which the
* script was found.
*/
public EmbededScriptSecurity(String scriptType,
ParsedURL scriptURL,
ParsedURL docURL){
// Make sure that the archives comes from the same host
// as the document itself
if (docURL == null) {
se = new SecurityException
(Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
new Object[]{scriptURL}));
} else {
if ( !docURL.equals(scriptURL)
&&
(scriptURL == null
||
!DATA_PROTOCOL.equals(scriptURL.getProtocol()) )) {
se = new SecurityException
(Messages.formatMessage(ERROR_SCRIPT_NOT_EMBEDED,
new Object[]{scriptURL}));
}
}
}
}
1.4 +23 -1 xml-batik/test-resources/org/apache/batik/bridge/unitTesting.xml
Index: unitTesting.xml
===================================================================
RCS file: /home/cvs/xml-batik/test-resources/org/apache/batik/bridge/unitTesting.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- unitTesting.xml 13 Jun 2002 11:19:38 -0000 1.3
+++ unitTesting.xml 14 Jun 2002 13:12:25 -0000 1.4
@@ -85,4 +85,26 @@
</testGroup>
+ <testGroup id="SecurityExceptions" name="Security Exceptions" class="org.apache.batik.test.svg.SVGOnLoadExceptionTest">
+ <test id="bridge/ecmaCheckNoEmbed" >
+ <property name="Scripts" class="java.lang.String"
+ value="application/java-archive" />
+ <property name="ScriptOrigin" class="java.lang.String"
+ value="NONE" />
+ <property name="ExpectedExceptionClass" class="java.lang.String"
+ value="java.lang.SecurityException" />
+ </test>
+
+ <test id="bridge/embedData" >
+ <property name="Scripts" class="java.lang.String"
+ value="application/java-archive" />
+ <property name="ResourceOrigin" class="java.lang.String"
+ value="NONE" />
+ <property name="ExpectedExceptionClass" class="java.lang.String"
+ value="org.apache.batik.bridge.BridgeException" />
+ <property name="ExpectedErrorCode" class="java.lang.String"
+ value="uri.unsecure" />
+ </test>
+
+ </testGroup>
</testSuite>
1.1 xml-batik/test-resources/org/apache/batik/bridge/ecmaCheckNoEmbed.svg
Index: ecmaCheckNoEmbed.svg
===================================================================
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
<!-- ========================================================================= -->
<!-- Copyright (C) The Apache Software Foundation. All rights reserved. -->
<!-- -->
<!-- This software is published under the terms of the Apache Software License -->
<!-- version 1.1, a copy of which has been included with this distribution in -->
<!-- the LICENSE file. -->
<!-- ========================================================================= -->
<!-- ========================================================================= -->
<!-- Checks that embeded ecmaScript code is not executed if that feature is -->
<!-- disabled. -->
<!-- -->
<!-- @author vincent.hardy@sun.com -->
<!-- @version $Id: ecmaCheckNoEmbed.svg,v 1.1 2002/06/14 13:12:25 vhardy Exp $ -->
<!-- ========================================================================= -->
<svg xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:test="http://xml.apache.org/batik/test"
width="450" height="500" viewBox="0 0 450 500"
onload="document.getElementById('testResult').setAttributeNS(null, 'result', 'failed'); document.getElementById('testResult').setAttributeNS(null, 'errorCode', 'onload attribute should not have been run');" >
<script>
</script>
<test:testResult id="testResult" result="passed"/>
<circle cx="50%" cy="50%" r="200" fill="crimson" />
</svg>
1.1 xml-batik/test-resources/org/apache/batik/bridge/embedData.svg
Index: embedData.svg
===================================================================
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
<!-- ========================================================================= -->
<!-- Copyright (C) The Apache Software Foundation. All rights reserved. -->
<!-- -->
<!-- This software is published under the terms of the Apache Software License -->
<!-- version 1.1, a copy of which has been included with this distribution in -->
<!-- the LICENSE file. -->
<!-- ========================================================================= -->
<!-- ========================================================================= -->
<!-- Used to validate security settings restricting use of *any* type of -->
<!-- external resources. -->
<!-- -->
<!-- @author vincent.hardy@eng.sun.com -->
<!-- @version $Id: embedData.svg,v 1.1 2002/06/14 13:12:25 vhardy Exp $ -->
<!-- ========================================================================= -->
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="body" width="450" height="500" viewBox="0 0 450 500">
<title>Data Protocol</title>
<!-- ============================================================= -->
<!-- Test content -->
<!-- ============================================================= -->
<g id="testContent" class="legend" style="text-anchor:middle">
<text x="225" y="40" class="title">
dataProtocol test
</text>
<!-- ==================================== -->
<!-- Initially, was an encoded JPEG imag -->
<!-- ==================================== -->
<text x="210" y="100">Initial JPEG, encoded as PNG, data protocol</text>
<rect x="148" y="108" width="131" height="134" fill="rgb(200, 100, 0)" />
<image x="150" y="110" width="127" height="130" xlink:href="data:image/png;base64,/9j/4AAQSkZJRgABAgEASABIAAD//gAmRmlsZSB3cml0dGVuIGJ5IEFkb2JlIFBo
b3Rvc2hvcKggNS4y/+4ADkFkb2JlAGRAAAAAAf/bAIQAAQEBAQEBAQEBAQEBAQEB
AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQICAgICAgICAgICAwMDAwMDAwMD
AwEBAQEBAQEBAQEBAgIBAgIDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
AwMDAwMDAwMDAwMDAwMDAwMD/8AAEQgAggB/AwERAAIRAQMRAf/dAAQAEP/EAaIA
AAAGAgMBAAAAAAAAAAAAAAcIBgUECQMKAgEACwEAAAYDAQEBAAAAAAAAAAAABgUE
AwcCCAEJAAoLEAACAQMEAQMDAgMDAwIGCXUBAgMEEQUSBiEHEyIACDEUQTIjFQlR
QhZhJDMXUnGBGGKRJUOhsfAmNHIKGcHRNSfhUzaC8ZKiRFRzRUY3R2MoVVZXGrLC
0uLyZIN0k4Rlo7PD0+MpOGbzdSo5OkhJSlhZWmdoaWp2d3h5eoWGh4iJipSVlpeY
mZqkpaanqKmqtLW2t7i5usTFxsfIycrU1dbX2Nna5OXm5+jp6vT19vf4+foRAAIB
AwIEBAMFBAQEBgYFbQECAxEEIRIFMQYAIhNBUQcyYRRxCEKBI5EVUqFiFjMJsSTB
0UNy8BfhgjQlklMYY0TxorImNRlUNkVkJwpzg5NGdMLS4vJVZXVWN4SFo7PD0+Pz
KRqUpLTE1OT0laW1xdXl9ShHV2Y4doaWprbG1ub2Z3eHl6e3x9fn90hYaHiImKi4
yNjo+DlJWWl5iZmpucnZ6fkqOkpaanqKmqq6ytrq+v/aAAwDAQACEQMRAD8A3+Pf
uvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r
3Xvfuvde9+691737r3Xvfuvdf//Q3+Pfuvde9+691737r3XvfuvdMe4Ny4LauPly
u4cpS4qhhSR2mqZLFhEhkkEUShpp2SNSxCKxCgk8An3G/uf7v+2nsxy8eafc/nKy
2fZixVDMxMk8gFfCtoEDz3M1M+FbxySUzpoCejHbNo3LebkWu2WjyzedMBR6sxoq
j5sQOqcO9f5z/T+3t65Lpj407T3n8o+8qdKiKPrro7aGb7Y3BSVaWWM7hi2gsuF2
hjJSSVyNfXfaxaSZlQK3vDYfen9/veW5+l+7h7GNZcsOQF3rmPXCroSVMtttcDLM
4X40aa5UkEeJbrQqZKtOSeVtlijuucN/Z5K5gtSoIxUappAagntISPB4P59ApUVv
89v5HSVFRgOo+pviptLKUkb4yXvPv16HfmI1glqn+7/xm29vinmkZX1R0uQrqecG
yzGJhwcQewH3qOc1gu/cn70W52c4kJaDZoodtg8PyRXt0S5rnjI7N6tgUO4ef/bb
YTGuye2ljP2dzXeu5Yv6jxmZABj4UUHOOg1qv5T3813d4/iO8f5j3TuKyrtpajw/
S/ZW6qeOEIhRf45le1ttV9UUcsoD0q2RVN+SqjC0+55s8Q8S89zOa57s01O+6XTE
0FBxb+XWpffG+PZByns0cAOFWzhFP2L0jc5/Ji/meRxDI4D+ZB17kM3T+QUtMvX3
bvW0TiSnmSQNuPbfau6MlSiZiqNopHsjM3JUKx1bfdej2usuz+5fMMV1TDPezvT9
rdIZfd9ryiX3Ke1vD6C3jX/AOgwzfRf/AApD+LFRW5bYPaafIbBUr/cvTbb7dwPd
zVOPhCNIldt75T7c2jvMSyxxgtBgqqorA+pIXkvqc7g5S99OU1Rtt51G8QLXUlxR
nYeVGkBav2GtfPovk3r273osLvl/6GQ0oYqhQfsWgp+XWXqb/hR7290nvSPqv+Y/
8Rdz7KytC0EeZ3f1ntjdOyd74GidkpqXNbo+Pvak0WbqsbVWaeavxWaKuisaSglD
IgP9m94Z7a6j2nnrYpNu3HA1UIQk+mqo+ddX2Dotv+Ro5oWveXdxS6tc4qCwH5fs
4faetlX40/LL45fMPr+Ls/41du7Q7a2f5YqXI1W3K2RMvtvJTQioTC7x2tkoaDdG
y899uRIaHK0dHV+Mh/HpIYzTY7hZblAtzY3KSwnzU/4RxH59AG4tp7WQxXETJIPI
/wCrPRh/azpjr3v3Xuve/de697917r//0d/j37r3Xvfuvde9+690Tv5lfNrpL4Td
X5Psjt3dNDiYYNNJicXq+6yuazNSAMfhcPiKdxX5jMVzsBFSwDWwILFFIY4a/eI+
9RP7e77bez3s1y9HzR94K/h1x2eomy2uFqBb3eZY2VooyDrhtVZZ7gD4oI3SYi7l
vlj97ut3uNx9Nsyt3SHi1OIjB4082yAcUJx1V/tP4nfMH+ZnlR2b839wb7+LfxQy
NXHkNlfEXY+aq9rd79nbebxtSzfIjf2Ienr+tNv5SmTUdr4Nocyq1B89XjKiJopQ
b7Qfc18fmGH3h+8lzFLzj7yToC0l0AbSyzqEG32lBBaQJwCxxqWNXIVyWJvuXOEd
hA+0csRrDZKWGpRlwfxGtSzED4iSR8x1dH0d8fukfjTsOg6x6C6s2T1JsTHN5otu
7IwNFhaWrrnjSOoy+Ynp4xXZ/P1wjBqchXS1FdVP65pXYk+887WztbGFLezt0igU
YVQAP5dR/NPNcSNLPKzyHzJr0MPtT011737r3Xvfuvde9+690CPfXxt6H+UOypuv
fkB1XtDtPajmeSlotzY0S1+Eq6iIQy5Pa24KR6TcW0c0YRoFdi6ujrFS4WUAkeyz
dtl2rfbVrLd7CK4tj5OK0+anip+akH59K7K/vdumFxY3LxTDzU0r8iOBHyII61Pf
l1/JO+Un8vzsKp+aP8pbtTsOGs2ulVk891xSSx5nf9LgonesqcBV7fWjbA9/9eBL
q+JyFDNmYBHE6JkagGohhbceTOY+QZn3nkm4lutnWpe1J1SovE+F/vxR/vsjVgUD
HIH1rv21cyotjzBEkN8cLMBRGPlr/gP9IGnHhw6te/lH/wA6zrn+YXRP012ziMR0
r8yNp4b7/cPXcdU8WzO0sbRl4shvPparytbVZOso6cIs2QwdVJNksUst1lraeOWq
WR+T+dtt5ts0kgkVbsDuX5+dAcgjzU5HkSM9BXfeX7vZZ2SRSYa4P+Cv+Q/4Or0v
Y16IOve/de697917r//S3+Pfuvde9+690V35cfKfrj4j9Nbx7b7Gz+PweJ2vg6zM
TzVs8MeiKBGWFYYpWH3NdX1VqejgAZp6hrBSqSFcNvvcfeQ3X2g2zl3269rrJNx9
/ua3MG1W2nxFtIq6Zt1u04C3tsiJX7Z5xpo0UVxpGXKHLCb7dNc7hMIdlhP6jsdI
ZqVEan1Iy1PhX0LLWsL4C/Djsn5Gdn4P+Zj8+cLXHs6vM+a+Inxt3JDIcH8YthZY
/c4ff258FWAiq+QO7qGVap5KqMT7dhlVNKZDUKI7+7B923ZvZLly53XdZn3L3M3m
ZrzddyuO+5vLyYmSWWVzmmtmKJwQZpqOKcz7+L6drKxOnbo+xQMDSuAAPJaD8/s4
3v8AvK7oIde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691q7/wA6T+TRk+wc
g3z0+C0Vd178nurstT9o7g27sJHxmY3NndrVCZ2HszreLGoHpu0sZU0QqKzHwrp3
FoMkS/xPUmRhnnXku7269l515PjK7gnfc26YE4XJkjA4TilSB/acQPExIPdg3+G7
t05f3xgbY9sUrf6GTjQ5PGM8AT8Pn2/CdL+Sr/Ndov5i/TmX2V2qcTtn5g9GU1Dj
e5dqUcUWMpN74WRlosN3Ls3FAhUwO4ZwIMpSwALiMveMpFTVNAZRvybzXa81bXFd
ROPqAo1D1+dPtww8j8iOg9vuzTbPePC6nwq4P+T/ACj1HzB6u29i/oj697917r//
09/j37r3TXm8xQbexGTzmUm8GOxNDU5CsltqZYKWJpXEaXBlmcLpRB6nchRyR7Df
OPNuxchcp8x868zXgt+X9qsprq4kP4YoEaR9IqNTkLpRBl3KotSQOl22bdd7vuNl
tdjHrvLiVY0HlqYgCp8gK1YnAAJOB1ruYXa2V/mjfzH66k3rRvX/ABE+AW5MDu3f
mCqkiqNvdpfLOphgzPXXXFbHLGI81tfpnBGLMZSnIMM1caFZ0eGumRuc33J+Td79
4ebudvvje5tn/wAiPmWcrtkLMXWx2mIlLW2iqAKaFBd1CmRgzuuqViZX59vLTlvb
rPk3Z5P04lpI1AC7V7nP4lZzU6STpBAU0UdbDmY3JgtvxiTMZSkodS6kilk1VMqi
4JhpIhJVTAEf2Eb3m/7qe/3sv7JWkd37re5e07IXTUkU86/UyrUjVDaR67qZQQQT
FC4BwTXqLdu2Xdd3cpt1hJLQ0JAoo+1zRV/MjoK8n8g+u8XIyyyZ+ojW/wC/Tbfy
BiYA/UfcJTy/7dR7xEuf71L7ncd3LbWXN+6XcSmgli225VHzxUTrDKAePdGpocgG
oA9sfaHnG/RWRLRHP4WuI6/8ZLD+fSUT5f8AQUVWlFm96Has0sqwxSbmxGVxdCzM
QNUmVNLNi6OJb8tPNEoHJNgfclch/wB4B91v3AuksbDn97G7dqKL61uLdD8zOUa3
QZ4ySp68OjS99hPc+0s2v4NhW7tVFWNvLFIw/wCbeoSMf9IjdGHwubw25MVQ53bu
XxmewmTgWqxuYwtfSZTFZCmYkLUUOQoZZ6SrgYqQHjdlJH195h7fuFhu1lbbltd9
Dc7dMgaOWJ1kjkU8GR0JVlPkVJB6iK5tbmyuJbS8t5IrqNqMjqVdSOIZWAIPyIr0
5+1nTHXvfuvde9+691737r3Xvfuvde9+691pe/zevjvvr+VL84en/wCbN8RsLLS7
Mzm9J4e5Ou8U/wDDcBlcjmRNW9jbCrxTUskNLtnt/bEFXW0QeKpGMzlJPVRBPFRR
xwDzDav7c85We/7eunl3dJtMi8EiuTUkeipcKCwH4ZFYinYBJW2TLzTsU+23LV3S
zjqp83hGAfm0RoPmpHzPW3x0123sXvzqbrfuzrHMJn+ve1tlbc39s/LKFSSqwO6M
VTZbHisp1kkNFkqeGpEVVTOfLS1KPFIA6MBPFvPHcwRXELVidQwPyIr/AMX1HEkb
xSPE4o6kg/l0JXt7qnX/1N/j37r3Vd38xz5DYXojprK5HK5Olx1Li9sbu7Jzc1WX
+2GI6+x8NXiqSrEZ1LHlN41+OVb8OsEg98zv7yzmndtx5J9tfYPlwyHdOdt9hiuF
j+I2VrJG7ocimuZ4pFOQfp3HU8+yWyoBzbzncBAm3WoiiLmi+Pc6lJ1U8oVlQ+YM
qnoLPgB1xkPif8OOquuK+iNL312bQVPyA+RFdVBp6/Gdu91PHvLdGOy7zPKKrLbV
pqyl27RhraMZhadnXldcUffS++Rbfc89uOVvu++ybQH3afa4Q8+lHj2i2KKqSvGQ
Y3vp1FYInBWOOlzMjK8CzEG2cvvzRf3nNG86/wB1NMyxKSdU2k0oG4+GnBmHFqoD
UNpErfvZm0dh082W3hnI0qpdUz/cT+evqXtcu5kcyEn+pPv5732/nP3N5h3HmHmD
cr3d+Zb2UyXF1cyyTSyyNxaSWQszH7SaDAxTqaeXOUt55g022zWISzTFaaI0H8h+
Q6Jjun+YF1bjWqI6ejFVAjGFZah0bXJ9dOkem5Xn6/T3KG1/d45iuhGzdjkVoB5d
Shae0S26pJf8yokoOQgJ/n0WzfvyX6w7GpK2nnoI8cZIJCzKA4XyXAUrwdZv7kTY
varmTl2aGWGYyUYfLh1LPK+1xcvjQd7M0NKEMPLh1WjVfM75AfAHsCLsro7cb5LY
tXkY6zdvU24KmpqNgb6xQZWqqepx4d2wOfanFqbLUQjq6dwAxlgMsEvU77p3u5zR
yddxWEF85tGI8a3YkxSHhUrwV6cJFo44ElaqYV96OSdn32B7mW3UTgHw5QAHXzpX
zX1U1X7DQ9bbfwN+c3TH8wf4+be786armghnqZdub/2NkamCbc3V/YeMpqWbP7H3
KkAjVqmiWsinpKpUSLI4+ogqo1VZQq9oNk3m137bbbcbQ9jqCV81NKlTw4eRpkUP
WBW4WE223ctpOO5SaH1Hr/q4dHO9m3SLr3v3Xuve/de697917r3v3Xuiy/Mn45YH
5Z/GPuPoDPw0jjsDZuQosBVVoP2+J3ljwmX2XmZWVHlWmxu6KClknVLNLTCSK4Dn
2F+dOXE5s5X3nYiwWaaE+Ex/BMnfC/2LIqk04rUefRxsG6Ns272O4gVjjcax/FG3
bIv5oSB6Gh8uqGv+Ey3ee4afp75IfBHfrVtNuP4ldpNn9i4/KI1PU0vVfcNdn8pJ
g6amklkcptjsvBZySewURDLQJb8kGezfMr8wcqQLcYvYDokU8VcEq6H+krg6vQt0
e89bSNs3qQx5gkGpT5MpyrD5FSKfZ1s/+5b6BXX/1d/j37r3WvD/ADIavIdx/JiL
qlzj6zrvbG8/jXs3uPFV48tJXdYDK1feXZeEl8STPSz7v2hDFjVkKNpaaIlXACnk
R95nnDlu2++xyfuvN3jPs/KPLst2I42oxeCB76QoM1l8KckAAs2hQAcdZb8g7Xcf
6yI22wiVtx3zdmVCV1AU0wqTkYVk+waiejbdg9003Xm0K7c2frqet3luE1GcyAjl
WWNK3IXmSOPn00lHCUihjHEcaKo4AHvhVzPuHNnv17r82c/8yytJum77jLcTMQQB
rc6YowSSsUS0jiStEjVEGFHQ92DkJd93aOxtIWh5VsFEKEihKR4JPq7tVnP4mJPE
9ap38xT+YrkNqSZGeTIPWZGskngx9ACshkdg6nSHLeJUDfUWK/UH30p+7b92yHfT
boIAlsgBd+FB/lr/AD6GfO/O23ck7Ym27TEqRqNKqAKsfU/P59a82R+YXyX7CzlT
Pt2sy1U0eqrOLweKrMtJT0wkVFkmSmjmlWIM6rqIC6iB9T76Y7P93/292+0W1/dB
mlC5bz+2g6xmvvczme5nM31oRK4H/F9Gw+LPzU31uDdEWzd8SStVFjEZbywFnjfx
sk8DWKTwyXBUjg39wl7v+w2xbRtcu87HHpReKkAkfYfTqQOR/cfcb67Sw3B6seBH
n1Zh2/BJvDYtbHVa5y9CxpEIbhvESDqYE/Q3494rcmSLs2/27xUWkncflXqZN+U3
+2yh8krjoDf5Bnza3H8L/wCaHhum87nKik6W+WW48f0vvvBzzt/DaffmVnqYOl94
wU10iTMUO96+PDNM7KkeMztYzBmSLT2F9qN9pZbMwk/xW5jVD6avwn7a4+wnrBrn
Tbv8YvwV/WiYkfZ5j9mfyHX0xPeQfUZde9+691inngpYZaipmip6eBGlmnnkSKGG
NBqeSWWQqkaKBckkAD2xdXVrY2813e3McNpGpZ3dgiKo4lmYgKB5kkAdXiilnkSG
GNnlY0CqCSSeAAGST6Dppw+5dubiNWNv7gwmdNA8cdcMPlaDJmjkmV2hSr+ynn+3
eVY2Kh7Fgpt9PaTbd52jeYnn2fdba7hU0LQypKoJ4AlGYA/b0/d2N9YOsd9ZywyE
YEiMhP2BgD09+zLpL1737r3Wpj0LS0/xZ/4Uz9mdfYtaimw/yx6o7fp6qH1RYqrz
Vbh9t/JnFmihciI1OGo8BlqdBHfxxyTKoC3Ax19uWk2X3X90eWS6i1+v8eJRjF5C
l45A9A7svoCCB1KPNQXcOTeT93Cky/TeG5+cDtAo+0qoP5g9bZ3vIrqLuv/W3+Pf
uvdanvcnyAx+xP5lnzCxmfjrskKzdG0sXTR1Ne8dDTxUnWOyKaI1tC6yJXRR0aeO
mJI8UTekDi3B77/3J26b57p8yblt03hz9qM9GMuhraKJljcMNIaOsbKQymNqUBCk
Z7exsVpf8lcv2VzcmNYmd10hfiMjmucgg91RnVx6L/3539W7vrKunjqiYFD+FYHt
GIxc2UHUoAXgC3HvEvkD2+h2iGGR4u/FajNep3u7u02+2+g29aRAZPmx8yT69ann
zii3JvDvnEYSSXQuWq6PEYt6wyx0EVZlK+GkilmMUczpGHmBcqjMEBsCePfYn7t9
pYwcmCO1C/UtINXr6Cvy6wv91Z7iTfdUtfCCmnX1Qfg38HuifgF0FtDojo3aeIxF
NiMRil3tvOPF0NLu3tPeFNSePKb33xlqeFKvMZfI1csrQpK7xUFM60tMsdPGka5+
7dt1ttltHbWyAAAVNMsfMk+Z/wAHAY6xrurqW7laWVqk8B5Aeg6qk/nOfywum+5q
7rf5b7C2ZhNqd+7a3tjNr79zuBoKTE/6Utk7igqYkn3nHRUYOc3ZtXKUVN9hkZWW
oFBNUU8zzIlItPiT99febLkz2dv+b5CsZS6ihc0+MShwvDiwcLk/hLVqQvU0ewlp
JvPO8O0M1YzA8gqcL4ZUnj5FSceoHz6p2+TXUr9YbexNHVRzRA41IxEW0iR/F63+
ga5t74x+1vNo5pv7qeNgT4hNfQVx1nRzFa2kFhFJay64aaag4qOPWp33Jns1118j
P76bdkbH57ae6cDu/AVJaS9LmMDkqfL4yp1QSwzAwV1GjXV0fjgg8++zHtRdFuTd
llR6yIOPzBFOsHOdIdO/X6Mva3+Xr7LOEy1Ln8NiM7QiUUWaxlBlqMTosc4pclSR
VlOJo1eRUlEMw1AMwB4ufeZCsGVWHAivUFEUJB4jpz97611Xx8g+2Nh5DfW6uvN/
bnx+C2/s+jxvnx+Sr46Gjq6vI4ajzkmUrFkZPN4KbIpHEHuiaCyW1kn5yv70b3a9
2+cffm49ndjlvI/b/l+Oz020IYJdXlxbQ3bXM6gAysi3CQQh9SRrG0kQUzSM+V/t
ZyjvWy8pbNzpsNj4u5XzynxQAWjjjmeHw1JPaGaNmcihOoBvhAHz6vmX/Mh3z0H/
ADDW7Z+GfZFVh/8ARBu5UpMliq6sG198Y2lr6afMbM3VjqKqpYdy7Iz60ggrqORt
EqWZCkqRyJnv9ynkfmL2/wDbXYt932F7fmG6iVijVDBDQhXHmGxVT/hp0n95OY4+
aN0FhIVdYkUSEZHi6Rq0n1BrkdfTp643lB2L15sPsGloZcZTb72ZtfeVPjZ5kqJ8
fBufB0ObhoZqiNI455aSOuEbOqqGK3AANvfTqKQSxRSgUDKD+0V6xaddDuleBI/Z
0s/bnVetX35f0Axv/Cgj+XzuCgBoq6v3lm8XVVtIzU9RU01T8XezqKrp55oSkksV
Vj2MEisSJIToa68e8U9uuWH3sebbRTRf3FZOQPMkOtT6mgp9mOHUy3UQPsvskxFT
+8bhfyGk0/bn7etoL3lZ1DXX/9ff49+691oKfzN96VHXn83L5VYGpk/dqM51dn6V
tEkUdTQbj6W65yULReQDyinlqJKd2W6+WFwPp75kfes5MkvebN/vXSsUnhsD/wA2
Y+H2cPtHWW/s1vyQbJtturd6agR/t26Cer3SK+oklZiPKoLJq5Gocj/AEH3hRDtH
gRqoHDz6n573xXJPn0EO5fiThPkHkY5UEH8T8mtfHOy1kJVlMUtPMNMqTI4BUqbg
jj2NNo95dz9s4axs4gXzpivz6Ib7kSz5sko6qXPl59bxvw/+XeW3f1LtHC974vNY
7tfbuCxeI3NuKjxUtfhd8VdBSQ0j7rp/4bEXxeRzTRGorKRoUghnkbwuUIVMpeTP
70H2Ci2dIPdK+vNp36EBWeO2luoLimNafTq8kbmlXjeMIDTRI9aLjhz793zmDly7
Nxs97a3G2SE0VpVjliPHSwchWUcFZWJP4lU5Is9qbloOw4qGgkgem2nhqxczM2QU
QS5Kup4Zo4JZoWJ8FDSRzuyq/qdyGIUqB75i/f4+/wBwfeZG1+2PtLt93be11ldC
4lurhDFcbhdKrxx6YQxMVrCsjlFkPiSyMJHSLw0U05D2S65PkurpJQ+/3MZhAj7h
GjEFgD+J3KgEjAAIBOo9asv8yntrbu7+yJcDtyWN6DDs9KGhZGid4zpkcEC2m4sP
x7K/u18obhs/Lq31+pE0ormtaeXWVumfbOXNp2u9k1X2nXJ8i2aH5gdahvzF23UY
/sNsz45DDkEYSysllEnkJjubAC6fT32P9kd0jueWvodQ1xHAr5Uz1i57hWbxbr9T
pOlx19Xr+XX3bjvkb8EfiN3TjshT5KTfPQHWdVn5qaeSpjpt64nbFBt/f+JaeZ5J
pZ8FvfE5CilLsXMtO2o3v7zk2q4F3ttjcA11RLX7QKMPyII6x5vIjDdXERHBz+yu
P5dHN9mHSbrWl/np/wAqn5a/LQR9z/B7duMn37W4Wk292f01ndy0ezZN8UmLpxRY
bcWxt15aaj27R7khoFjoqyiy1XQUU9LBHLFUxzRtFU4988fd/wCUOZ+eG9xhtMUv
MMiRrKHC0kaFRHHJUj4xGqRmpppRKUINZN5e9y982jl4crfWum2KzlCpNVDksy0H
4SxZhTNWP5a8vwf/AOEuPzu7P7w23L82do4n48dD4XL0mY39OvZ3XO/uwd94immW
oqdq7Hpert172oMXkc6w+2myWUqqNMfBJJURR1cscdNKLNs5L3B5okvYlhs1pUBl
JIH4VCkgelTSgznh0S3e/WwR2t3Mk5+RAr6moFf8vX0ZMTisbgcVjMHhqGmxmHw2
PosVisbRxLBR4/G46mjo6GhpIUASGmpKWFI41HCqoA9yuqhVCqKKBQdA0kkkk5PT
h731rrVM753xP2p/wos+DOx8HJT1GM2zujundVTWxIZpMdD1d8b9+bYy9NW+Ekwx
Ve56Orp4Xay+SZBz7wr9styh5z+9F71czWc2uy26a22lCPhra21bjPAlbkSofTAP
U9c2W77H7Rch7PPHpuLlJb1q8aTS/pfkYSh/b1tZ+81OoF6//9Df49+691oW/wDC
n/YeS6c+fPQvfFHEaXbXfXSEe3qiskVgtRv3pzc1XRZsRVCqqBE2dvTbq+M3ZWVm
uQ4C43e+fKke6+HeeGSXg0/mhNf5MvUre3e9NZa7fUBpkr/vXD+YPVbuxuwRncRR
VTVEcjtDHcq7PI1lFyzH8f0984t+5cO33s8IjIAY+VB1lPt26fUwRvrBNOh62T2f
kto5SmyePqXjenlSX0EXOgghbn+yT7j/AH3lW23i1ltriIEMKZ6Eu3bxLYzJLG9K
Hq2jpv8AmqNsnEQ0GfwsVZIkYV5Up7u5UBVBdbH/AFz7xK5w+6kN5vXuLC60qTgE
4HSneoeVuaGWfdRPFcjiYzgn/SnHSa72/mu7x3/hqrb20KP+AUNYjwzzQgxzyRMC
CrNwQDf+v09nPI33Vdr2O7hvt4n8eRDUKeAPRft1lyry9IbjabN5b0fDJLkr81Xg
D8+qjdxbtyG4cjU5TJ1T1FVUu8jO7lramLEAkk2595bbbs1tt1tFa2sQWJRTHSe6
vpbqV5pnJcnonvyG63o9/wCBmVYmesQ+SJ1JLB1HBBP00ge5n9tuZ5+W9yRi4EBw
R8ugHzXtEe7WrCn6nV/v/CYP+YPH1XNm/wCWx3tnDjMfndx5benxY3FmJhDihnsx
IavfXTBqpplgoKvP5ENncDDoCVmQqMpCZTU1FDBN0H9tee9s3ONdpe5VZXNYgTxJ
4oPmTlR5mo4kDrGTmvly7tGN6sRKKKPQeQ4Mfs4H5U8q9bt3uZugH1737r3Xvfuv
de9+690AHyN7rx3SfXuQy6VNId25anrKDZuOqWQpJkkpy9Rmq6NjZMFtunb7uskf
TGVVYtQkmjBxx+8/7/bN93/22v8AfpJkk5xvQ1vtdr8Tz3TCgcpxMNvqEkpNFPZF
UPLGDJftZ7fXXuBzJFaurJsFtSW8l4BIgfgDf78mIKRjiO56aUYjUy/kgVUvzD/n
JfLr5WU9RV5rrv419LP1RtHMyGSQ1e7Oxd1QY3HZqqqpPIs9RmsFs3dMknIeZpEk
1WUhgL9zrkDceTvb/b5d+Z35kvVe9vHclnNzeN4h1sckha1rmpPQh96eY4N75gnW
yCrt8JEMKqKKI4RpAVeAFaYGMY63TPeZHUJ9f//R3+PfuvdUGf8ACjn4T5H5efy6
937p2RiHynbXxZyrd97OhpEdsnlNq4PGVdH2vtujVBJJOanZE0uVip40aarrsLSw
x+p7EL83bZ+8dol0pWWLvA9RTuH7M/MgdG+yXf0t6lWoj4/PyP7cfn189v469usB
HhcjVkTJpWNXf6/gFAfwfeDHubyYKtf20P6Z406yI5S34kC3lk7h0fyg3IssaOso
IIFiDce8d7jbGRmUp1KEV2GAIbHT7Hm9Q/WP9v7L2sqfh6VLc/PrKcvf+0P9v/xv
3X6QD8PWzOPXqNJlL/2vx/W//G/bi21Pw9Uab59NVRXRyf5yzLzccG4PBHIJtb2q
jgZfh49MtKDx4dNlJsPFZ6vp67FSS4/N0k8FZQ1dBK9LVUddTSrPTVtJWQvHPS1V
NNGrpIjK6OoIII9mCc0brseiRZmCKag1IIpwp0mO0We46kKDURw62yfgB/OV3Ng9
tYLqv5sUGazEmGo6PF4bv/BY+bLZLI0dNGIo37P2/Rq1fX5Kngj/AHMtjY56isOk
zUjTGWpkyY9u/vkbFbrDtHuMXCiireRKXIH/AC8RLV2p/vyFXdsViJq5ibmj2J3G
UyX3Kukk5MDnSK/8Kc9o/wBK5UDycCijYE2H390l2fQwZDYHa2wt0w1EayLDjNzY
psjErx+VVrMRNUxZWgl8R1aJ4Y3C8ke8t+XvdL235rhWbl3nrarsH8KXMXiLQVIe
IsJEIGSHVSBxHUJ7nyfzVszmPdOXbyE+rRPpPzVwCrD5qSOlxX7z2fiqZ6zKbr21
jaSM2eqr87i6OmQ6Wazz1FVHEp0oTyfoD7N9x505O2e1a93fmzbLWyXjJNdQRIME
5d3VRgE8eAPSK12Hfb6YW9lst3NOeCpDI7H8lUnzHl59Fw378vOvcNHUYzrot2du
dg8dMmCZxtWklNgtTkt0GM0NRSLctpoPu3YrpJjDaxhJ76f3insb7Wbfe2fJ26Jz
RzgFKxxWjf4mj+TTXtPDdPMC18dmI0kxBvEEzcpfd+5t3V4r7m0DZdiwWM1PqXHm
sdtXWrHhWbwgK1GsjSdQj+eb/M0rOvNu7j6b29vKl3H8iO0MS2H3dkMNKBjuqNhV
CsJNv4aFJZVxlXkI5GVU1GUh3llZpHZjg57D8r+5P3sfdZvvB+9Ujvy7ZSD6OAqU
gYxkmKG3iJIS2hJLHJMkhZ5GeRndpl5u3vZPb7lWHkzk62+nSQE0JrM2oUa4uGoK
yOMIKAKtAqqgVRdt/wAJxPhJkPiB/Lp2fufeuHfF9sfKTKr33vCGrV1yeL2rnMZS
UfVG3KwSCOSFqbZEMWVlp5EWakr81VQyepLDt5ynt37v2mNnSk03eR6CnaP95zTy
JI6w03q6+pvXCtVE7R9vmf24/Lq/X2J+inr/0t/j37r3XCWKKeKSGaNJoZkeKWKV
FkilikUpJHJG4KujqSCCCCD79xwevdfLY/nl/wAszcn8s35gZHdPXGEqaX4vd55j
M706Oy1FE38L2jVzTrX7r6ZrZEUCiq9jVlb/ALilkLGqwMtK4klnirBFB/OPLUUE
s0DxV26epT0Hqv8AtfL1WnnXqQdi3V5ESRXpdR0DfP5/n5/P8uia9TdxQZ2hhpqu
o01kaqkkcjrquOLj6H3ibzjyTJt1xJLDHWAmoI6mnYt/W6iVHf8AUHRkqTPh1Vlk
BBAsQeD/AMU9xhNtxUkFc9C5LqorXp1TM3H6/wDbH/kXtG1jTy6fFx8+uZyosfV/
vI/4r70LP5db8evUaTJX/tf7z/X26tr8uqGb59YqfcFTj5RNTTMjqQeGI/Sbg8Ee
7SbbFcpolSo60l28R1I1D0ajqr5SU+1mhp90Ui5amEh1+ZEASIAAqpsdTG3HuKOb
fah92DybXJ4UlMUPE9DPZecxZFVu01pXz9OrI+tPmD8YquPzZuhGIqRDEWZkjJYi
wVeGBAUE+8ZuZ/ZH3JjfRZTeNFU4z1KVhz9y5JGCNMUtOJFeh8/2er4b7RpmyH3a
Vk8QDlYoIzyvJDMWPHsCL93v3b3aVbc25VDjJ6Z3DnbbgjmPmBEQjOlTXqs75pfz
6v4PtrL9ffF/b1NhcxkoJqB93VIR5sbFIrRyVFJCgCrUWPpJ+h95VeyH3A0utys+
YPc29MtjGwbwFwHIyAxPl69QPzj7nbbZh49pMl3uZwJJTVU+YXzPpXolP8kj+XFv
v+ap80z2P3RFldx/HrqDcGL7E+Qm69wNUVMG/wDLmsOQ2z07TVUyyffVu+qykJyi
K0Yo9vwVTeWKololm7A8h8n7dbRWW1bXYR2+wWaKAiKFQAfCgA/i8/lU1qR1jBzF
vdzI093dXDSbhMT3E1Pzb7B5fOnl19RWKKKCKOGGNIYYUSKKKJFjiiijUJHHHGgC
oiKAAAAAB7nfhgdR31z9+691/9Pf49+691737r3RVPml8Nukvnn8et6/G/vrAtld
nbsiirMXmaBaWLdOwt4Y6OoG3t+7JydVTVa4jdOAlqZBHJoeKopZp6SoSakqaiGR
FuFhb7layWlytY24HzU+TD0I/wA4OCR0/bXMtpMs0R7h+wj0Py6+V3/MH/l7fI7+
Vx8hKzq7tjGz1O3snVZjJdQds42keLZ/bmycfkmpafN4xo6itjxO4KWCSD+L4Sad
6zEzzoGMtPNTVNRBvMXLjW7SWG4RaoWrpamGHqPQ+o4j7KEyHte6iQLc2r0cUqPQ
+h+XofPoNeve7KeuSGiykop6qyqRI1lY/S6Ne3P+PuAuZOQ5bdnntE1Q/L/L1JW0
8xpKFjmaj9GModx09XGskE6SoQCCrA2/1/z7jSfbJImKyRkN0LI7tXAKuCOndctc
fq/3n2iNlTy6fE/z67bJgj9X+8j/AIr78LSnl1vxuosmRuL6v959ura08uqGb59N
01fe/q9qkt/l0y0vSfyWcpqCJ5qqqSnjVSxLSaSQAfoLg/j/AFv8fZja2Etw6pFE
WY/LpLNcpEpZ3oOitdhdxSVSyY3BSm3rR6gM1hc2uGv6m/1uPctct8kLEUutxTPE
L0Ct25hLhobVvtPQ7/y6P5cnyF/mad+UPU3T2LqKXbuLqsRlO4u3cpSvNtPqfZmQ
yS0tTnctJJUUUeY3DVwR1BxGEhnSsy08DhDFTw1NTTzHs+zT7nOlraR6YVpqanai
+vzPoOJ+ypAEvr+O0jaadqua0HmT/q4ny6+qn8Lfht0l8DPj1sr439C4FsVs7acU
tZlMzXrSy7p37vDIx043Dv3e2TpaakXL7pz8tNGJJNCRU9LDBSU6Q0lNTwxzVt9h
b7bax2lstI14nzY+bH1J/wAwGAB0Abm5lu5mmlPcf2Aeg+XRq/a3pjr3v3Xuv//U
3+Pfuvde9+691737r3Raflj8Qvj583Onc90Z8kevcZv7YubH3FKZi9FuHamciRlo
N1bL3HS6MptncuNZj46incCWMvBOk1NLNDIkvbG13GBra7iDRn9oPqD5H/ijjp+3
uJrWQSwvRx/P5EeY6+d9/M0/4Tj/AC8+EmS3B2P0HjM/8qPjZDVVldR7i2Vh5q7t
/r7EKGqo4Oy+vMPDLW19PjaYOsuewcVTjXjp2qauHFCWOn9xXvHKd7Ya5LdTPZ+o
FWA/pL5/aKjzOnh0MLHere40rIfDn+fA/Yf8h/n1QdguxNzbecRpUvKkRKGGcsHQ
qbMpJ9QZbWsfp7jPceV9r3HUXh0yHzH+boW2m8XlrQLJVfn0MOK7/VUC5GilDcAs
vr/1zdSCST/X2Cbz25Ykm1uBT546EEHNQAAljNelhD3xtl0Bf7iNrC4Jt/r29Psl
k9vt2U9ukjpevM9kRmoPWKp7521EhMSVMzWNlXkD62v6eR/h7tF7e7q5o5RR1p+Z
7IDFSekPme/Z5VaPFULJdbLJIdNmve/JZx/sPZ/Ze3SKQ15cA54DotuOaSQRBF5d
AznN5bh3JKRWVczLK9lpoS1mLkAJYXZyT9B+fY627Ytu2xVFvANY8zx6Dt1uV3dk
mWQ6fTrYE/lj/wDCcb5c/NjJbf7F78xO4Piv8aZaimrKrP7xxEmO7f7AxLJ9yYes
+vczTLWUFLkITGI87nIqXHLFULUUkWT8ckHuQtn5UvtwKy3KmG09SO5h/RU/4Tjz
FeHQXvt5t7YMkREk/wAuA+0/5B/Lr6IHxO+IXx8+EfTuB6M+N3XuM2DsXCD7iqMJ
et3DuvOSoq1+6t6bjqteU3NuXJMo8lRUORFGEggSGmihhjlOysbXboFtrSILGP2k
+pPmf+KGOghcXE11IZZnq5/l8gPIdGW9q+mOve/de697917r/9Xf49+691737r3X
vfuvde9+691737r3VVnzJ/ks/wAub5yVeW3J3B8fsHt/szMeeWr7g6jnbrHsepyF
QHD5jOV+3okwO+MsA1lm3FjsuQqqttKqAS3/AC/tW4lnntQJj+Je1vtNME/6YHpf
bbleWoCxzEoPI5H+x+VOte3uz/hHVtepq6mu+OXzUz+GoPIRR7W7s6vx25qsREOV
ep39sXP7ShMkZCqVXbYD6i2pdIVgvcchoSTabgQPR1r/AMaBH/HejeLmNqUmtgT6
qafyNf8AD0Q/Jf8ACQr+YlFWSJh++fhbXUAEfiqclvjvLE1jsUUyiShpfj9mYYgk
lwpFQ+pQCQpNgWnkbda9tzbkfa4/58PSscw2dMxS1+xf+guvY3/hIV/MSlrI0zHf
PwtoaAiTy1ON3x3llqxGCMYhHQ1Xx+w0MoeSwYmoTSpJAYix8ORt1r3XNuB9rn/n
wdePMNnTEUtfsX/oLo+HSf8Awjq2vTVdNXfI35qZ/M0HkArNrdJ9X47bNWYgELPT
b+31n92wiSQllCttshNIbU2oqplb8hoCDd7gSPRFp/xok/8AHekkvMbUpDbAH1Y1
/kKf4ethL4bfyWf5c3wbq8TuTp/4/YPcHZmH8EtJ3B25O3Z3Y9NkKcIEzGDr9wxP
gdj5YhbNNt3HYglWZbaWYEUWHL+1bcVeC1BmH4m7m+0VwD/pQOii53K8ugVkmIQ+
QwP9n869Wp+zrpB1737r3Xvfuvde9+691737r3X/1t/j37r3Xvfuvde9+691737r
3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691
737r3X//19/j37r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+69173
7r3Xvfuvde9+691737r3Xvfuvde9+691737r3X//2e69
"/>
</g>
</svg>
1.51 +10 -4 xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/GUI.properties
Index: GUI.properties
===================================================================
RCS file: /home/cvs/xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/GUI.properties,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- GUI.properties 13 Jun 2002 11:19:36 -0000 1.50
+++ GUI.properties 14 Jun 2002 13:12:25 -0000 1.51
@@ -404,15 +404,21 @@
PreferenceDialog.label.selection.xor.mode = Display selection overlay using XOR mode
PreferenceDialog.label.is.xml.parser.validating = Use a validating XML parser
PreferenceDialog.label.enforce.secure.scripting = Enforce secure scripting
-PreferenceDialog.label.load.java = Enable Java jar files
-PreferenceDialog.label.load.ecmascript = Enable linked Ecmascript
+PreferenceDialog.label.load.java = Java jar files
+PreferenceDialog.label.load.ecmascript = Ecmascript/Javascript
PreferenceDialog.label.constrain.script.origin = Scripts constrained to same origin as document
PreferenceDialog.label.constrain.external.resource.origin = External resources (images, stylesheets, etc..) constrained to same origin as document
PreferenceDialog.label.host = Proxy Host
PreferenceDialog.label.port = Proxy Port
PreferenceDialog.label.ok = OK
PreferenceDialog.label.cancel = Cancel
-
+PreferenceDialog.label.load.scripts = Load Scripts:
+PreferenceDialog.label.origin.any = Any
+PreferenceDialog.label.origin.document = Same as document
+PreferenceDialog.label.origin.embed = Embeded
+PreferenceDialog.label.origin.none = Not allowed
+PreferenceDialog.label.script.origin = Script Origin:
+PreferenceDialog.label.resource.origin = External Resources Origin:
PreferenceDialog.title.behavior = Optional Browser Behaviors
PreferenceDialog.title.network = Network Options
PreferenceDialog.title.dialog = Preferences
1.11 +8 -2 xml-batik/resources/org/apache/batik/bridge/resources/Messages.properties
Index: Messages.properties
===================================================================
RCS file: /home/cvs/xml-batik/resources/org/apache/batik/bridge/resources/Messages.properties,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- Messages.properties 13 Jun 2002 11:19:36 -0000 1.10
+++ Messages.properties 14 Jun 2002 13:12:25 -0000 1.11
@@ -68,10 +68,16 @@
Could not access the current document URL when trying to load script file {0}. Script will not be loaded as it is not possible to verify it comes from the same location as the document.
DefaultScriptSecurity.error.script.from.different.url = \
-The document references a script file ({0}) which comes from different location than the document itself. This is not allowed for security reasons and that script will not be loaded.
+The document references a script file ({0}) which comes from different location than the document itself. This is not allowed with the current security settings and that script will not be loaded.
+
+EmbededScriptSecurity.error.script.not.embeded = \
+The document references a script file ({0}) which is not embeded in the document. This is not allowed with the current security settings and that script will not be loaded.
+
+EmbededExternalResourceSecurity.error.external.resource.not.embeded = \
+The document references a resource ({0}) which is not embeded in the document. This is not allowed with the current security settings and that resource cannot be loaded.
NoLoadScriptSecurity.error.no.script.of.type.allowed = \
-Scripts of type ({0}) cannot be loaded for security reasons.
+Scripts of type ({0}) cannot be loaded and executed with the current security settings.
DefaultExternalResourceSecurity.error.cannot.access.document.url = \
Could not access the current document URL when trying to load an external resource {0}. The external resource will not be loaded as it is not possible to verify it comes from the same location as the document.
1.2 +2 -3 xml-batik/test-sources/org/apache/batik/bridge/ExternalResourcesTest.java
Index: ExternalResourcesTest.java
===================================================================
RCS file: /home/cvs/xml-batik/test-sources/org/apache/batik/bridge/ExternalResourcesTest.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ExternalResourcesTest.java 13 Jun 2002 11:19:39 -0000 1.1
+++ ExternalResourcesTest.java 14 Jun 2002 13:12:25 -0000 1.2
@@ -391,8 +391,7 @@
public ExternalResourceSecurity
getExternalResourceSecurity(ParsedURL resourcePURL,
ParsedURL docPURL){
- return new NoLoadExternalResourceSecurity(resourcePURL,
- docPURL);
+ return new NoLoadExternalResourceSecurity();
}
1.3 +31 -4 xml-batik/test-sources/org/apache/batik/bridge/ScriptSelfTest.java
Index: ScriptSelfTest.java
===================================================================
RCS file: /home/cvs/xml-batik/test-sources/org/apache/batik/bridge/ScriptSelfTest.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ScriptSelfTest.java 5 Jun 2002 21:14:49 -0000 1.2
+++ ScriptSelfTest.java 14 Jun 2002 13:12:25 -0000 1.3
@@ -24,6 +24,9 @@
public class ScriptSelfTest extends SelfContainedSVGOnLoadTest {
boolean secure = true;
boolean constrain = true;
+ boolean document = true;
+ boolean embed = false;
+
String scripts = "text/ecmascript, application/java-archive";
TestUserAgent userAgent = new TestUserAgent();
@@ -48,6 +51,23 @@
return new Boolean(this.constrain);
}
+ public void setEmbed(Boolean embed){
+ this.embed = embed.booleanValue();
+ }
+
+ public Boolean getEmbed(){
+ return new Boolean(this.embed);
+ }
+
+ public void setDocument(Boolean document){
+ this.document = document.booleanValue();
+ }
+
+ public Boolean getDocument(){
+ return new Boolean(this.document);
+ }
+
+
public void setScripts(String scripts){
this.scripts = scripts;
}
@@ -84,9 +104,16 @@
if (scripts.indexOf(scriptType) == -1){
return new NoLoadScriptSecurity(scriptType);
} else {
- if (constrain){
- return new DefaultScriptSecurity
- (scriptType, scriptPURL, docPURL);
+ if (constrain) {
+ if (document) {
+ return new DefaultScriptSecurity
+ (scriptType, scriptPURL, docPURL);
+ } else if (embed){
+ return new EmbededScriptSecurity
+ (scriptType, scriptPURL, docPURL);
+ } else {
+ return new NoLoadScriptSecurity(scriptType);
+ }
} else {
return new RelaxedScriptSecurity
(scriptType, scriptPURL, docPURL);
1.3 +3 -1 xml-batik/test-sources/org/apache/batik/test/svg/SelfContainedSVGOnLoadTest.java
Index: SelfContainedSVGOnLoadTest.java
===================================================================
RCS file: /home/cvs/xml-batik/test-sources/org/apache/batik/test/svg/SelfContainedSVGOnLoadTest.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SelfContainedSVGOnLoadTest.java 3 May 2002 12:28:53 -0000 1.2
+++ SelfContainedSVGOnLoadTest.java 14 Jun 2002 13:12:25 -0000 1.3
@@ -245,12 +245,14 @@
scriptEnvironment.loadScripts();
scriptEnvironment.dispatchSVGLoadEvent();
} catch (BridgeException e){
+ e.printStackTrace();
report.setErrorCode(ERROR_WHILE_PROCESSING_SVG_DOCUMENT);
report.addDescriptionEntry(ENTRY_KEY_ERROR_DESCRIPTION,
e.getMessage());
report.setPassed(false);
return report;
} catch(Exception e){
+ e.printStackTrace();
report.setErrorCode(ERROR_WHILE_PROCESSING_SVG_DOCUMENT);
report.addDescriptionEntry(ENTRY_KEY_ERROR_DESCRIPTION,
e.getMessage());
1.55 +2 -1 xml-batik/sources/org/apache/batik/swing/svg/JSVGComponent.java
Index: JSVGComponent.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/swing/svg/JSVGComponent.java,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- JSVGComponent.java 13 Jun 2002 11:19:38 -0000 1.54
+++ JSVGComponent.java 14 Jun 2002 13:12:25 -0000 1.55
@@ -2074,6 +2074,7 @@
Query q = new Query();
invokeAndWait(q);
if (q.se != null) {
+ q.se.fillInStackTrace();
throw q.se;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: batik-dev-help@xml.apache.org