You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by lr...@apache.org on 2009/02/25 07:46:55 UTC
svn commit: r747682 - in /incubator/shindig/trunk:
features/src/main/javascript/features/caja/
features/src/main/javascript/features/opensocial-reference/
java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/
java/server/src/test/java/org/apac...
Author: lryan
Date: Wed Feb 25 06:46:54 2009
New Revision: 747682
URL: http://svn.apache.org/viewvc?rev=747682&view=rev
Log:
Applied patch for SHINDIG-900 from Jasvir. Thanks
Added:
incubator/shindig/trunk/java/server/src/test/resources/endtoend/failCajaTest.xml
Modified:
incubator/shindig/trunk/features/src/main/javascript/features/caja/caja.js
incubator/shindig/trunk/features/src/main/javascript/features/opensocial-reference/container.js
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java
incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndTest.java
incubator/shindig/trunk/javascript/samplecontainer/samplecontainer.js
Modified: incubator/shindig/trunk/features/src/main/javascript/features/caja/caja.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/src/main/javascript/features/caja/caja.js?rev=747682&r1=747681&r2=747682&view=diff
==============================================================================
--- incubator/shindig/trunk/features/src/main/javascript/features/caja/caja.js (original)
+++ incubator/shindig/trunk/features/src/main/javascript/features/caja/caja.js Wed Feb 25 06:46:54 2009
@@ -18,8 +18,7 @@
/**
* @fileoverview Caja is a whitelisting javascript sanitizing
- * rewriter. This file sets up the container and allows a gadget to
- * access console logging functions.
+ * rewriter. This file sets up the container.
*/
var valijaMaker = undefined;
@@ -36,14 +35,3 @@
throw e;
};
})();
-
-(function () {
- ___.sharedImports.console = {};
- for (var k in { log: 0, warn: 0, info: 0, error: 0, trace: 0,
- group: 0, groupEnd: 0, time: 0, timeEnd: 0, dir: 0,
- assert: 0, dirxml: 0, profile: 0, profileEnd: 0 }) {
- ___.sharedImports.console[k] = (function (k, f) {
- return ___.func(function () { f.apply(console, arguments); });
- })(k, console[k]);
- }
-})();
Modified: incubator/shindig/trunk/features/src/main/javascript/features/opensocial-reference/container.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/features/src/main/javascript/features/opensocial-reference/container.js?rev=747682&r1=747681&r2=747682&view=diff
==============================================================================
--- incubator/shindig/trunk/features/src/main/javascript/features/opensocial-reference/container.js (original)
+++ incubator/shindig/trunk/features/src/main/javascript/features/opensocial-reference/container.js Wed Feb 25 06:46:54 2009
@@ -523,11 +523,11 @@
if (/^#/.test(uri)) {
return '#' + encodeURIComponent(decodeURIComponent(uri.substring(1)));
// and files on the same host
- } else if (/^\/(?:[^\/][^?#]*)?$/) {
+ } else if (/^\/(?:[^\/][^?#]*)?$/.test(uri)) {
return encodeURI(decodeURI(uri));
}
// This callback can be replaced with one that passes the URL through
- // a proxy that checks the mimetype.
+ // a proxy that checks the mimetype.
return null;
}
};
@@ -549,20 +549,20 @@
var imports = ___.copy(___.sharedImports);
imports.outers = imports;
- imports.console = console;
- imports.$v = ___.asFunc(valijaMaker)(imports);
- ___.getNewModuleHandler().setImports(imports);
-
var gadgetRoot = document.createElement('div');
gadgetRoot.className = 'g___';
attachDocumentStub('-g___', uriCallback, imports, gadgetRoot);
+
+ imports.$v = valijaMaker.CALL___(imports.outers);
imports.htmlEmitter___ = new HtmlEmitter(gadgetRoot);
document.body.appendChild(gadgetRoot);
+ ___.getNewModuleHandler().setImports(imports);
+
// Add the opensocial APIs and mark them callable and readable.
- imports.gadgets = gadgets;
- imports.opensocial = opensocial;
+ imports.outers.gadgets = gadgets;
+ imports.outers.opensocial = opensocial;
// The below described the opensocial reference APIs.
// A prefix of "c_" specifies a class, "m_" a method, "f_" a field,
// and "s_" a static member.
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java?rev=747682&r1=747681&r2=747682&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java Wed Feb 25 06:46:54 2009
@@ -18,13 +18,7 @@
*/
package org.apache.shindig.gadgets.servlet;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.io.StringReader;
-import java.net.URI;
-import java.util.logging.Logger;
-
+import org.apache.commons.lang.StringUtils;
import org.apache.shindig.gadgets.Gadget;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
@@ -36,6 +30,7 @@
import com.google.caja.lexer.ExternalReference;
import com.google.caja.lexer.FilePosition;
import com.google.caja.lexer.InputSource;
+import com.google.caja.lexer.escaping.Escaping;
import com.google.caja.opensocial.DefaultGadgetRewriter;
import com.google.caja.opensocial.GadgetRewriteException;
import com.google.caja.opensocial.UriCallback;
@@ -43,8 +38,19 @@
import com.google.caja.opensocial.UriCallbackOption;
import com.google.caja.reporting.Message;
import com.google.caja.reporting.MessageContext;
+import com.google.caja.reporting.MessageLevel;
import com.google.caja.reporting.MessageQueue;
import com.google.caja.reporting.SimpleMessageQueue;
+import com.google.caja.reporting.SnippetProducer;
+import com.google.common.collect.Maps;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.io.StringReader;
+import java.net.URI;
+import java.util.Map;
+import java.util.logging.Logger;
public class CajaContentRewriter implements ContentRewriter {
private final Logger logger = Logger.getLogger(CajaContentRewriter.class.getName());
@@ -89,17 +95,24 @@
MessageQueue mq = new SimpleMessageQueue();
DefaultGadgetRewriter rw = new DefaultGadgetRewriter(mq);
+ InputSource is = new InputSource(retrievedUri);
+ String origContent = content.getContent();
CharProducer input = CharProducer.Factory.create(
- new StringReader(content.getContent()),
- FilePosition.instance(new InputSource(retrievedUri), 2, 1, 1));
+ new StringReader(origContent),
+ FilePosition.instance(is, 2, 1, 1));
StringBuilder output = new StringBuilder();
+ // Secure default to remove content in case there
+ // are problems cajoling a gadget
+ content.setContent("");
try {
rw.rewriteContent(retrievedUri, input, cb, output);
} catch (GadgetRewriteException e) {
+ content.setContent(messagesToHtml(is, origContent, mq));
throwCajolingException(e, mq);
return RewriterResults.notCacheable();
} catch (IOException e) {
+ content.setContent(messagesToHtml(is, origContent, mq));
throwCajolingException(e, mq);
return RewriterResults.notCacheable();
}
@@ -108,13 +121,46 @@
return null;
}
+ private String messagesToHtml(InputSource is, CharSequence orig, MessageQueue mq) {
+ MessageContext mc = new MessageContext();
+ Map<InputSource, CharSequence> originalSrc = Maps.newHashMap();
+ originalSrc.put(is, orig);
+
+ mc.inputSources = originalSrc.keySet();
+ SnippetProducer sp = new SnippetProducer(originalSrc, mc);
+
+ StringBuilder messageText = new StringBuilder();
+ messageText.append("<pre>");
+ for (Message msg : mq.getMessages()) {
+ // Ignore LINT messages
+ if (MessageLevel.LINT.compareTo(msg.getMessageLevel()) <= 0) {
+ String snippet = sp.getSnippet(msg);
+
+ messageText.append(msg.getMessageLevel().name())
+ .append(" ")
+ .append(html(msg.format(mc)));
+ if (!StringUtils.isEmpty(snippet)) {
+ messageText.append("\n").append(snippet);
+ }
+ }
+ }
+ messageText.append("</pre>");
+ return messageText.toString();
+ }
+
+ private static String html(CharSequence s) {
+ StringBuilder sb = new StringBuilder();
+ Escaping.escapeXml(s, false, sb);
+ return sb.toString();
+ }
+
private String tameCajaClientApi() {
return "<script>" +
"opensocial.Container.get().enableCaja();" +
"</script>";
}
- private void throwCajolingException(Exception cause, MessageQueue mq) {
+ private void throwCajolingException(Exception cause, MessageQueue mq) {
StringBuilder errbuilder = new StringBuilder();
MessageContext mc = new MessageContext();
@@ -125,7 +171,7 @@
for (Message m : mq.getMessages()) {
errbuilder.append(m.format(mc)).append('\n');
}
-
+
logger.info("Unable to cajole gadget: " + errbuilder);
// throw new GadgetException(
Modified: incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndTest.java?rev=747682&r1=747681&r2=747682&view=diff
==============================================================================
--- incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndTest.java (original)
+++ incubator/shindig/trunk/java/server/src/test/java/org/apache/shindig/server/endtoend/EndToEndTest.java Wed Feb 25 06:46:54 2009
@@ -17,37 +17,37 @@
*/
package org.apache.shindig.server.endtoend;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
import org.apache.shindig.auth.BasicSecurityToken;
import org.apache.shindig.auth.BasicSecurityTokenDecoder;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.crypto.BlobCrypterException;
+
+import com.gargoylesoftware.htmlunit.CollectingAlertHandler;
+import com.gargoylesoftware.htmlunit.NicelyResynchronizingAjaxController;
+import com.gargoylesoftware.htmlunit.Page;
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.DomNode;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.google.common.collect.Maps;
import org.json.JSONArray;
import org.json.JSONObject;
import org.junit.After;
import org.junit.AfterClass;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
+import org.w3c.dom.NodeList;
+import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Map;
-import javax.servlet.http.HttpServletResponse;
-
-import com.gargoylesoftware.htmlunit.CollectingAlertHandler;
-import com.gargoylesoftware.htmlunit.NicelyResynchronizingAjaxController;
-import com.gargoylesoftware.htmlunit.Page;
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-import com.google.common.collect.Maps;
-
/**
* Base class for end-to-end tests.
*/
@@ -57,6 +57,7 @@
"fetchPeopleTest.xml",
"errorTest.xml",
"cajaTest.xml",
+ "failCajaTest.xml",
"testframework.js"
};
@@ -92,6 +93,11 @@
}
@Test
+ public void caja() throws Exception {
+ executeAllPageTests("cajaTest.xml");
+ }
+
+ @Test
public void messageBundlesRtl() throws Exception {
// Repeeat the messageBundle tests, but with the language set to "ar"
language = "ar";
@@ -128,6 +134,21 @@
}
@Test
+ public void testFailCaja() throws Exception {
+ HtmlPage page = executePageTest("failCajaTest", null);
+ NodeList bodyList = page.getElementsByTagName("body");
+
+ // Result should contain just one body
+ assertEquals(bodyList.getLength(), 1);
+ DomNode body = (DomNode)bodyList.item(0);
+
+ // Failed output contains only an error block plus a onload script block
+ assertEquals(body.getChildNodes().getLength(), 2);
+ assertEquals(body.getFirstChild().getNodeName(), "pre");
+ assertEquals(body.getLastChild().getNodeName(), "script");
+ }
+
+ @Test
public void testPipelining() throws Exception {
HtmlPage page = executePageTest("pipeliningTest", null);
JSONArray array = new JSONArray(page.asText());
@@ -147,7 +168,7 @@
JSONObject expected = new JSONObject("{key: 'value'}");
assertEquals(expected.toString(), json.toString());
}
-
+
@BeforeClass
public static void setUpOnce() throws Exception {
server = new EndToEndServer();
Added: incubator/shindig/trunk/java/server/src/test/resources/endtoend/failCajaTest.xml
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/server/src/test/resources/endtoend/failCajaTest.xml?rev=747682&view=auto
==============================================================================
--- incubator/shindig/trunk/java/server/src/test/resources/endtoend/failCajaTest.xml (added)
+++ incubator/shindig/trunk/java/server/src/test/resources/endtoend/failCajaTest.xml Wed Feb 25 06:46:54 2009
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<Module>
+ <ModulePrefs title="EndToEndTest">
+ <Require feature="caja" />
+ <Require feature="opensocial-0.8" />
+ </ModulePrefs>
+ <Content type="html">
+ <![CDATA[
+ <script>
+ x___ = 1; // This should fail to cajole in caja
+ </script>
+ ]]>
+ </Content>
+</Module>
Modified: incubator/shindig/trunk/javascript/samplecontainer/samplecontainer.js
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/javascript/samplecontainer/samplecontainer.js?rev=747682&r1=747681&r2=747682&view=diff
==============================================================================
--- incubator/shindig/trunk/javascript/samplecontainer/samplecontainer.js (original)
+++ incubator/shindig/trunk/javascript/samplecontainer/samplecontainer.js Wed Feb 25 06:46:54 2009
@@ -99,7 +99,7 @@
var params = '';
if (useCaja) {
- params += "&caja=1";
+ params += "&caja=1&libs=caja";
}
if (usePermissive) {
params += "&usepermissive=1";