You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by et...@apache.org on 2008/02/22 13:28:44 UTC
svn commit: r630172 - in /incubator/shindig/trunk/features: core/legacy.js
core/prefs.js core/util.js views/views.js
Author: etnu
Date: Fri Feb 22 04:28:42 2008
New Revision: 630172
URL: http://svn.apache.org/viewvc?rev=630172&view=rev
Log:
Commit for SHINDIG-89
Modified:
incubator/shindig/trunk/features/core/legacy.js
incubator/shindig/trunk/features/core/prefs.js
incubator/shindig/trunk/features/core/util.js
incubator/shindig/trunk/features/views/views.js
Modified: incubator/shindig/trunk/features/core/legacy.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/legacy.js?rev=630172&r1=630171&r2=630172&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core/legacy.js (original)
+++ incubator/shindig/trunk/features/core/legacy.js Fri Feb 22 04:28:42 2008
@@ -138,12 +138,7 @@
* @return The escaped string.
*/
function _hesc(str) {
- // '<' and '>'
- str = str.replace(/</g, "<").replace(/>/g, ">");
- // '"' and '
- str = str.replace(/"/g, """).replace(/'/g, "'");
-
- return str;
+ return gadgets.util.escapeString(str);
}
/**
Modified: incubator/shindig/trunk/features/core/prefs.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/prefs.js?rev=630172&r1=630171&r2=630172&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core/prefs.js (original)
+++ incubator/shindig/trunk/features/core/prefs.js Fri Feb 22 04:28:42 2008
@@ -240,12 +240,14 @@
/**
* Retrieves a preference as a string.
+ * Returned value will be html entity escaped.
+ *
* @param {String} key The preference to fetch
* @return {String} The preference; if not set, an empty string
*/
gadgets.Prefs.prototype.getString = function(key) {
var val = this.getPref_(key);
- return val === null ? "" : val;
+ return val === null ? "" : gadgets.util.escapeString(val);
};
/**
@@ -312,8 +314,9 @@
if (val !== null) {
var arr = val.split("|");
// Decode pipe characters.
+ var esc = gadgets.util.escapeString;
for (var i = 0, j = arr.length; i < j; ++i) {
- arr[i] = arr[i].replace(/%7C/g, "|");
+ arr[i] = esc(arr[i].replace(/%7C/g, "|"));
}
return arr;
}
Modified: incubator/shindig/trunk/features/core/util.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/util.js?rev=630172&r1=630171&r2=630172&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core/util.js (original)
+++ incubator/shindig/trunk/features/core/util.js Fri Feb 22 04:28:42 2008
@@ -157,7 +157,7 @@
* @member gadgets.util
*/
hasFeature : function (feature) {
- return typeof features[feature] === "undefined";
+ return typeof features[feature] !== "undefined";
},
/**
@@ -178,6 +178,40 @@
for (var i = 0, j = onLoadHandlers.length; i < j; ++i) {
onLoadHandlers[i]();
}
+ },
+
+ /**
+ * Escapes the input using html entities to make it safer.
+ *
+ * Currently only escapes < > ' and " All known browsers handle
+ * & without issue.
+ *
+ * Currently not in the spec -- future proposals may change
+ * how this is handled.
+ *
+ * TODO: Parsing the string would probably be more accurate and faster than
+ * a bunch of regular expressions.
+ *
+ * @param {String} str The string to escape
+ * @return {String} The escaped string
+ */
+ escapeString : function(str) {
+ return str.replace(/</g, "<")
+ .replace(/>/g, ">")
+ .replace(/"/g, """)
+ .replace(/'/g, "'");
+ },
+
+ /**
+ * Reverses escapeString
+ *
+ * @param {String} str The string to unescape.
+ */
+ unescapeString : function(str) {
+ return str.replace(/</g, "<")
+ .replace(/>/g, ">")
+ .replace(/"/g, '"')
+ .replace(/'/g, "'");
},
/**
Modified: incubator/shindig/trunk/features/views/views.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/views/views.js?rev=630172&r1=630171&r2=630172&view=diff
==============================================================================
--- incubator/shindig/trunk/features/views/views.js (original)
+++ incubator/shindig/trunk/features/views/views.js Fri Feb 22 04:28:42 2008
@@ -70,6 +70,9 @@
decodeURIComponent(urlParams["view-params"]));
if (tmpParams) {
params = tmpParams;
+ for (var p in params) if (params.hasOwnProperty(p)) {
+ params[p] = gadgets.util.escapeString(params[p]);
+ }
}
}
currentView = supportedViews[urlParams.view] || supportedViews["default"];
@@ -84,19 +87,47 @@
gadgets.config.register("views", requiredConfig, init);
return {
+ /**
+ * Attempts to navigate to this gadget in a different view. If the container
+ * supports parameters will pass the optional parameters along to the gadget
+ * in the new view.
+ *
+ * @param {gadgets.views.View} view The view to navigate to
+ * @param {Map.<String, String>} opt_params Parameters to pass to the
+ * gadget after it has been navigated to on the surface
+ */
requestNavigateTo : function(view, opt_params) {
gadgets.rpc.call(
null, "requestNavigateTo", null, view.getName(), opt_params);
},
+ /**
+ * Returns the current view.
+ *
+ * @return {gadgets.views.View} The current view
+ */
getCurrentView : function() {
return currentView;
},
+ /**
+ * Returns a map of all the supported views. Keys each gadgets.view.View by
+ * its name.
+ *
+ * @return {Map<gadgets.views.ViewType | String, gadgets.views.View>}
+ * All supported views, keyed by their name attribute.
+ */
getSupportedViews : function() {
return supportedViews;
},
+ /**
+ * Returns the parameters passed into this gadget for this view. Does not
+ * include all url parameters, only the ones passed into
+ * gadgets.views.requestNavigateTo
+ *
+ * @return {Map.<String, String>} The parameter map
+ */
getParams : function() {
return params;
}
@@ -108,10 +139,16 @@
this.isOnlyVisible_ = !!opt_isOnlyVisible;
};
+/**
+ * @return {String} The view name.
+ */
gadgets.views.View.prototype.getName = function() {
return this.name_;
};
+/**
+ * @return {Boolean} True if this is the only visible gadget on the page.
+ */
gadgets.views.View.prototype.isOnlyVisibleGadget = function() {
return this.isOnlyVisible_;
};
Re: svn commit: r630172 - in /incubator/shindig/trunk/features: core/legacy.js core/prefs.js core/util.js views/views.js
Posted by Kevin Brown <et...@google.com>.
I think you have the branch logic backwards, but assuming you meant this the
the other way around this would be a safe change. Things get a little hairy
with objects implementing toString though, so it's not going to guard
against everything.
On Fri, Feb 22, 2008 at 11:32 AM, Cassie <do...@apache.org> wrote:
> How would you feel about the escape method only escaping if the str was a
> string object, so like:
>
> if (typeof str == "string") {
> return str;
> } else {
> return .... <current method contents>
> }
>
> This will save me from having to create another utility that does exactly
> that..
>
> - Cassie
>
>
> On Fri, Feb 22, 2008 at 4:28 AM, <et...@apache.org> wrote:
>
> > Author: etnu
> > Date: Fri Feb 22 04:28:42 2008
> > New Revision: 630172
> >
> > URL: http://svn.apache.org/viewvc?rev=630172&view=rev
> > Log:
> > Commit for SHINDIG-89
> >
> >
> > Modified:
> > incubator/shindig/trunk/features/core/legacy.js
> > incubator/shindig/trunk/features/core/prefs.js
> > incubator/shindig/trunk/features/core/util.js
> > incubator/shindig/trunk/features/views/views.js
> >
> > Modified: incubator/shindig/trunk/features/core/legacy.js
> > URL:
> >
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/legacy.js?rev=630172&r1=630171&r2=630172&view=diff
> >
> >
> ==============================================================================
> > --- incubator/shindig/trunk/features/core/legacy.js (original)
> > +++ incubator/shindig/trunk/features/core/legacy.js Fri Feb 22 04:28:42
> > 2008
> > @@ -138,12 +138,7 @@
> > * @return The escaped string.
> > */
> > function _hesc(str) {
> > - // '<' and '>'
> > - str = str.replace(/</g, "<").replace(/>/g, ">");
> > - // '"' and '
> > - str = str.replace(/"/g, """).replace(/'/g, "'");
> > -
> > - return str;
> > + return gadgets.util.escapeString(str);
> > }
> >
> > /**
> >
> > Modified: incubator/shindig/trunk/features/core/prefs.js
> > URL:
> >
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/prefs.js?rev=630172&r1=630171&r2=630172&view=diff
> >
> >
> ==============================================================================
> > --- incubator/shindig/trunk/features/core/prefs.js (original)
> > +++ incubator/shindig/trunk/features/core/prefs.js Fri Feb 22 04:28:42
> > 2008
> > @@ -240,12 +240,14 @@
> >
> > /**
> > * Retrieves a preference as a string.
> > + * Returned value will be html entity escaped.
> > + *
> > * @param {String} key The preference to fetch
> > * @return {String} The preference; if not set, an empty string
> > */
> > gadgets.Prefs.prototype.getString = function(key) {
> > var val = this.getPref_(key);
> > - return val === null ? "" : val;
> > + return val === null ? "" : gadgets.util.escapeString(val);
> > };
> >
> > /**
> > @@ -312,8 +314,9 @@
> > if (val !== null) {
> > var arr = val.split("|");
> > // Decode pipe characters.
> > + var esc = gadgets.util.escapeString;
> > for (var i = 0, j = arr.length; i < j; ++i) {
> > - arr[i] = arr[i].replace(/%7C/g, "|");
> > + arr[i] = esc(arr[i].replace(/%7C/g, "|"));
> > }
> > return arr;
> > }
> >
> > Modified: incubator/shindig/trunk/features/core/util.js
> > URL:
> >
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/util.js?rev=630172&r1=630171&r2=630172&view=diff
> >
> >
> ==============================================================================
> > --- incubator/shindig/trunk/features/core/util.js (original)
> > +++ incubator/shindig/trunk/features/core/util.js Fri Feb 22 04:28:42
> 2008
> > @@ -157,7 +157,7 @@
> > * @member gadgets.util
> > */
> > hasFeature : function (feature) {
> > - return typeof features[feature] === "undefined";
> > + return typeof features[feature] !== "undefined";
> > },
> >
> > /**
> > @@ -178,6 +178,40 @@
> > for (var i = 0, j = onLoadHandlers.length; i < j; ++i) {
> > onLoadHandlers[i]();
> > }
> > + },
> > +
> > + /**
> > + * Escapes the input using html entities to make it safer.
> > + *
> > + * Currently only escapes < > ' and " All known browsers
> > handle
> > + * & without issue.
> > + *
> > + * Currently not in the spec -- future proposals may change
> > + * how this is handled.
> > + *
> > + * TODO: Parsing the string would probably be more accurate and
> > faster than
> > + * a bunch of regular expressions.
> > + *
> > + * @param {String} str The string to escape
> > + * @return {String} The escaped string
> > + */
> > + escapeString : function(str) {
> > + return str.replace(/</g, "<")
> > + .replace(/>/g, ">")
> > + .replace(/"/g, """)
> > + .replace(/'/g, "'");
> > + },
> > +
> > + /**
> > + * Reverses escapeString
> > + *
> > + * @param {String} str The string to unescape.
> > + */
> > + unescapeString : function(str) {
> > + return str.replace(/</g, "<")
> > + .replace(/>/g, ">")
> > + .replace(/"/g, '"')
> > + .replace(/'/g, "'");
> > },
> >
> > /**
> >
> > Modified: incubator/shindig/trunk/features/views/views.js
> > URL:
> >
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/views/views.js?rev=630172&r1=630171&r2=630172&view=diff
> >
> >
> ==============================================================================
> > --- incubator/shindig/trunk/features/views/views.js (original)
> > +++ incubator/shindig/trunk/features/views/views.js Fri Feb 22 04:28:42
> > 2008
> > @@ -70,6 +70,9 @@
> > decodeURIComponent(urlParams["view-params"]));
> > if (tmpParams) {
> > params = tmpParams;
> > + for (var p in params) if (params.hasOwnProperty(p)) {
> > + params[p] = gadgets.util.escapeString(params[p]);
> > + }
> > }
> > }
> > currentView = supportedViews[urlParams.view] ||
> > supportedViews["default"];
> > @@ -84,19 +87,47 @@
> > gadgets.config.register("views", requiredConfig, init);
> >
> > return {
> > + /**
> > + * Attempts to navigate to this gadget in a different view. If the
> > container
> > + * supports parameters will pass the optional parameters along to
> the
> > gadget
> > + * in the new view.
> > + *
> > + * @param {gadgets.views.View} view The view to navigate to
> > + * @param {Map.<String, String>} opt_params Parameters to
> pass
> > to the
> > + * gadget after it has been navigated to on the surface
> > + */
> > requestNavigateTo : function(view, opt_params) {
> > gadgets.rpc.call(
> > null, "requestNavigateTo", null, view.getName(), opt_params);
> > },
> >
> > + /**
> > + * Returns the current view.
> > + *
> > + * @return {gadgets.views.View} The current view
> > + */
> > getCurrentView : function() {
> > return currentView;
> > },
> >
> > + /**
> > + * Returns a map of all the supported views. Keys each
> > gadgets.view.View by
> > + * its name.
> > + *
> > + * @return {Map<gadgets.views.ViewType | String,
> > gadgets.views.View>}
> > + * All supported views, keyed by their name attribute.
> > + */
> > getSupportedViews : function() {
> > return supportedViews;
> > },
> >
> > + /**
> > + * Returns the parameters passed into this gadget for this view.
> Does
> > not
> > + * include all url parameters, only the ones passed into
> > + * gadgets.views.requestNavigateTo
> > + *
> > + * @return {Map.<String, String>} The parameter map
> > + */
> > getParams : function() {
> > return params;
> > }
> > @@ -108,10 +139,16 @@
> > this.isOnlyVisible_ = !!opt_isOnlyVisible;
> > };
> >
> > +/**
> > + * @return {String} The view name.
> > + */
> > gadgets.views.View.prototype.getName = function() {
> > return this.name_;
> > };
> >
> > +/**
> > + * @return {Boolean} True if this is the only visible gadget on the
> page.
> > + */
> > gadgets.views.View.prototype.isOnlyVisibleGadget = function() {
> > return this.isOnlyVisible_;
> > };
> >
> >
> >
>
--
~Kevin
If you received this email by mistake, please delete it, cancel your mail
account, destroy your hard drive, silence any witnesses, and burn down the
building that you're in.
Re: svn commit: r630172 - in /incubator/shindig/trunk/features: core/legacy.js core/prefs.js core/util.js views/views.js
Posted by Cassie <do...@apache.org>.
How would you feel about the escape method only escaping if the str was a
string object, so like:
if (typeof str == "string") {
return str;
} else {
return .... <current method contents>
}
This will save me from having to create another utility that does exactly
that..
- Cassie
On Fri, Feb 22, 2008 at 4:28 AM, <et...@apache.org> wrote:
> Author: etnu
> Date: Fri Feb 22 04:28:42 2008
> New Revision: 630172
>
> URL: http://svn.apache.org/viewvc?rev=630172&view=rev
> Log:
> Commit for SHINDIG-89
>
>
> Modified:
> incubator/shindig/trunk/features/core/legacy.js
> incubator/shindig/trunk/features/core/prefs.js
> incubator/shindig/trunk/features/core/util.js
> incubator/shindig/trunk/features/views/views.js
>
> Modified: incubator/shindig/trunk/features/core/legacy.js
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/legacy.js?rev=630172&r1=630171&r2=630172&view=diff
>
> ==============================================================================
> --- incubator/shindig/trunk/features/core/legacy.js (original)
> +++ incubator/shindig/trunk/features/core/legacy.js Fri Feb 22 04:28:42
> 2008
> @@ -138,12 +138,7 @@
> * @return The escaped string.
> */
> function _hesc(str) {
> - // '<' and '>'
> - str = str.replace(/</g, "<").replace(/>/g, ">");
> - // '"' and '
> - str = str.replace(/"/g, """).replace(/'/g, "'");
> -
> - return str;
> + return gadgets.util.escapeString(str);
> }
>
> /**
>
> Modified: incubator/shindig/trunk/features/core/prefs.js
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/prefs.js?rev=630172&r1=630171&r2=630172&view=diff
>
> ==============================================================================
> --- incubator/shindig/trunk/features/core/prefs.js (original)
> +++ incubator/shindig/trunk/features/core/prefs.js Fri Feb 22 04:28:42
> 2008
> @@ -240,12 +240,14 @@
>
> /**
> * Retrieves a preference as a string.
> + * Returned value will be html entity escaped.
> + *
> * @param {String} key The preference to fetch
> * @return {String} The preference; if not set, an empty string
> */
> gadgets.Prefs.prototype.getString = function(key) {
> var val = this.getPref_(key);
> - return val === null ? "" : val;
> + return val === null ? "" : gadgets.util.escapeString(val);
> };
>
> /**
> @@ -312,8 +314,9 @@
> if (val !== null) {
> var arr = val.split("|");
> // Decode pipe characters.
> + var esc = gadgets.util.escapeString;
> for (var i = 0, j = arr.length; i < j; ++i) {
> - arr[i] = arr[i].replace(/%7C/g, "|");
> + arr[i] = esc(arr[i].replace(/%7C/g, "|"));
> }
> return arr;
> }
>
> Modified: incubator/shindig/trunk/features/core/util.js
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/util.js?rev=630172&r1=630171&r2=630172&view=diff
>
> ==============================================================================
> --- incubator/shindig/trunk/features/core/util.js (original)
> +++ incubator/shindig/trunk/features/core/util.js Fri Feb 22 04:28:42 2008
> @@ -157,7 +157,7 @@
> * @member gadgets.util
> */
> hasFeature : function (feature) {
> - return typeof features[feature] === "undefined";
> + return typeof features[feature] !== "undefined";
> },
>
> /**
> @@ -178,6 +178,40 @@
> for (var i = 0, j = onLoadHandlers.length; i < j; ++i) {
> onLoadHandlers[i]();
> }
> + },
> +
> + /**
> + * Escapes the input using html entities to make it safer.
> + *
> + * Currently only escapes < > ' and " All known browsers
> handle
> + * & without issue.
> + *
> + * Currently not in the spec -- future proposals may change
> + * how this is handled.
> + *
> + * TODO: Parsing the string would probably be more accurate and
> faster than
> + * a bunch of regular expressions.
> + *
> + * @param {String} str The string to escape
> + * @return {String} The escaped string
> + */
> + escapeString : function(str) {
> + return str.replace(/</g, "<")
> + .replace(/>/g, ">")
> + .replace(/"/g, """)
> + .replace(/'/g, "'");
> + },
> +
> + /**
> + * Reverses escapeString
> + *
> + * @param {String} str The string to unescape.
> + */
> + unescapeString : function(str) {
> + return str.replace(/</g, "<")
> + .replace(/>/g, ">")
> + .replace(/"/g, '"')
> + .replace(/'/g, "'");
> },
>
> /**
>
> Modified: incubator/shindig/trunk/features/views/views.js
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/features/views/views.js?rev=630172&r1=630171&r2=630172&view=diff
>
> ==============================================================================
> --- incubator/shindig/trunk/features/views/views.js (original)
> +++ incubator/shindig/trunk/features/views/views.js Fri Feb 22 04:28:42
> 2008
> @@ -70,6 +70,9 @@
> decodeURIComponent(urlParams["view-params"]));
> if (tmpParams) {
> params = tmpParams;
> + for (var p in params) if (params.hasOwnProperty(p)) {
> + params[p] = gadgets.util.escapeString(params[p]);
> + }
> }
> }
> currentView = supportedViews[urlParams.view] ||
> supportedViews["default"];
> @@ -84,19 +87,47 @@
> gadgets.config.register("views", requiredConfig, init);
>
> return {
> + /**
> + * Attempts to navigate to this gadget in a different view. If the
> container
> + * supports parameters will pass the optional parameters along to the
> gadget
> + * in the new view.
> + *
> + * @param {gadgets.views.View} view The view to navigate to
> + * @param {Map.<String, String>} opt_params Parameters to pass
> to the
> + * gadget after it has been navigated to on the surface
> + */
> requestNavigateTo : function(view, opt_params) {
> gadgets.rpc.call(
> null, "requestNavigateTo", null, view.getName(), opt_params);
> },
>
> + /**
> + * Returns the current view.
> + *
> + * @return {gadgets.views.View} The current view
> + */
> getCurrentView : function() {
> return currentView;
> },
>
> + /**
> + * Returns a map of all the supported views. Keys each
> gadgets.view.View by
> + * its name.
> + *
> + * @return {Map<gadgets.views.ViewType | String,
> gadgets.views.View>}
> + * All supported views, keyed by their name attribute.
> + */
> getSupportedViews : function() {
> return supportedViews;
> },
>
> + /**
> + * Returns the parameters passed into this gadget for this view. Does
> not
> + * include all url parameters, only the ones passed into
> + * gadgets.views.requestNavigateTo
> + *
> + * @return {Map.<String, String>} The parameter map
> + */
> getParams : function() {
> return params;
> }
> @@ -108,10 +139,16 @@
> this.isOnlyVisible_ = !!opt_isOnlyVisible;
> };
>
> +/**
> + * @return {String} The view name.
> + */
> gadgets.views.View.prototype.getName = function() {
> return this.name_;
> };
>
> +/**
> + * @return {Boolean} True if this is the only visible gadget on the page.
> + */
> gadgets.views.View.prototype.isOnlyVisibleGadget = function() {
> return this.isOnlyVisible_;
> };
>
>
>