You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2012/07/25 15:03:49 UTC
svn commit: r1365563 - in /myfaces/tobago/trunk:
tobago-core/src/main/java/org/apache/myfaces/tobago/context/
tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/css/
tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/html/
tobago-...
Author: lofwyr
Date: Wed Jul 25 13:03:49 2012
New Revision: 1365563
URL: http://svn.apache.org/viewvc?rev=1365563&view=rev
Log:
TOBAGO-1171: Support for the Content Security Policy (CSP)
Element style attributes are no longer working with CSP
Modified:
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/context/UserAgent.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/css/Style.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/html/DataAttributes.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java
myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/org/apache/myfaces/tobago/renderkit/html/standard/standard/script/tobago.js
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/context/UserAgent.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/context/UserAgent.java?rev=1365563&r1=1365562&r2=1365563&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/context/UserAgent.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/context/UserAgent.java Wed Jul 25 13:03:49 2012
@@ -135,7 +135,8 @@ public class UserAgent implements Serial
/**
* e. g. Firefox
*/
- public static final UserAgent GECKO = new UserAgent("gecko", null, EnumSet.of(Capability.CONTENT_TYPE_XHTML));
+ public static final UserAgent GECKO
+ = new UserAgent("gecko", null, EnumSet.of(Capability.CONTENT_TYPE_XHTML), CspHeader.CSP_GECKO);
/**
* e. g. Firefox 2.0
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/css/Style.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/css/Style.java?rev=1365563&r1=1365562&r2=1365563&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/css/Style.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/css/Style.java Wed Jul 25 13:03:49 2012
@@ -248,6 +248,122 @@ public class Style implements Serializab
return buf.toString();
}
+ public String encodeJson() {
+ StringBuilder buf = new StringBuilder("{");
+ if (width != null) {
+ buf.append("\"width\":\"");
+ buf.append(width);
+ buf.append("\",");
+ }
+ if (height != null) {
+ buf.append("\"height\":\"");
+ buf.append(height);
+ buf.append("\",");
+ }
+ if (top != null) {
+ buf.append("\"top\":\"");
+ buf.append(top);
+ buf.append("\",");
+ }
+ if (left != null) {
+ buf.append("\"left\":\"");
+ buf.append(left);
+ buf.append("\",");
+ }
+ if (display != null) {
+ buf.append("\"display\":\"");
+ buf.append(display.getValue());
+ buf.append("\",");
+ }
+ if (position != null) {
+ buf.append("\"position\":\"");
+ buf.append(position.getValue());
+ buf.append("\",");
+ }
+ if (overflowX != null) {
+ buf.append("\"overflowX\":\"");
+ buf.append(overflowX.getValue());
+ buf.append("\",");
+ }
+ if (overflowY != null) {
+ buf.append("\"overflowY\":\"");
+ buf.append(overflowY.getValue());
+ buf.append("\",");
+ }
+ if (marginLeft != null) {
+ buf.append("\"marginLeft\":\"");
+ buf.append(marginLeft);
+ buf.append("\",");
+ }
+ if (marginRight != null) {
+ buf.append("\"marginRight\":\"");
+ buf.append(marginRight);
+ buf.append("\",");
+ }
+ if (marginTop != null) {
+ buf.append("\"marginTop\":\"");
+ buf.append(marginTop);
+ buf.append("\",");
+ }
+ if (marginBottom != null) {
+ buf.append("\"marginBottom\":\"");
+ buf.append(marginBottom);
+ buf.append("\",");
+ }
+ if (margin != null) {
+ buf.append("\"margin\":\"");
+ buf.append(margin);
+ buf.append("\",");
+ }
+ if (paddingLeft != null) {
+ buf.append("\"paddingLeft\":\"");
+ buf.append(paddingLeft);
+ buf.append("\",");
+ }
+ if (paddingRight != null) {
+ buf.append("\"paddingRight\":\"");
+ buf.append(paddingRight);
+ buf.append("\",");
+ }
+ if (paddingTop != null) {
+ buf.append("\"paddingTop\":\"");
+ buf.append(paddingTop);
+ buf.append("\",");
+ }
+ if (paddingBottom != null) {
+ buf.append("\"paddingBottom\":\"");
+ buf.append(paddingBottom);
+ buf.append("\",");
+ }
+ if (padding != null) {
+ buf.append("\"padding\":\"");
+ buf.append(padding);
+ buf.append("\",");
+ }
+ if (backgroundImage != null) {
+ buf.append("\"backgroundImage\":\"");
+ buf.append(backgroundImage);
+ buf.append("\",");
+ }
+ if (zIndex != null) {
+ buf.append("\"zIndex\":");
+ buf.append(zIndex);
+ buf.append(";");
+ }
+ if (textAlign != null) {
+ buf.append("\"textAlign\":\"");
+ buf.append(textAlign.getValue());
+ buf.append("\",");
+ }
+
+ if (buf.length() > 1) {
+ buf.deleteCharAt(buf.length() - 1);
+ }
+
+ buf.append('}');
+ return buf.toString();
+ }
+
public Measure getWidth() {
return width;
}
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/html/DataAttributes.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/html/DataAttributes.java?rev=1365563&r1=1365562&r2=1365563&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/html/DataAttributes.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/renderkit/html/DataAttributes.java Wed Jul 25 13:03:49 2012
@@ -129,6 +129,11 @@ public final class DataAttributes {
public static final String SRCOPEN = "data-tobago-srcopen";
/**
+ * A way to transport style data in JSON format to the browser. With CSP the normal style attribute isn't allowed.
+ */
+ public static final String STYLE = "data-tobago-style";
+
+ /**
* Id of the parent node in a tree node.
*/
public static final String TREEPARENT = "data-tobago-treeparent";
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java?rev=1365563&r1=1365562&r2=1365563&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java Wed Jul 25 13:03:49 2012
@@ -17,13 +17,16 @@ package org.apache.myfaces.tobago.webapp
* limitations under the License.
*/
+import org.apache.myfaces.tobago.config.TobagoConfig;
import org.apache.myfaces.tobago.renderkit.css.Classes;
import org.apache.myfaces.tobago.renderkit.css.Style;
+import org.apache.myfaces.tobago.renderkit.html.DataAttributes;
import org.apache.myfaces.tobago.renderkit.html.HtmlAttributes;
import org.apache.myfaces.tobago.renderkit.html.HtmlElements;
import org.apache.myfaces.tobago.renderkit.html.StyleClasses;
import javax.faces.component.UIComponent;
+import javax.faces.context.FacesContext;
import javax.faces.context.ResponseWriter;
import java.io.IOException;
import java.io.Writer;
@@ -165,14 +168,54 @@ public abstract class TobagoResponseWrit
@Deprecated
public abstract void writeClassAttribute() throws IOException;
+/*
+ private long self = 0;
+ private long gson = 0;
+
+ private synchronized void time(long s, long g) {
+ self += s;
+ gson += g;
+ }
+
+ private static final Logger LOG = LoggerFactory.getLogger(TobagoResponseWriter.class);
+
+ public static final Gson GSON = new Gson();
+
+*/
/**
* Write the style attribute. The value will not escaped.
*/
public void writeStyleAttribute(Style style) throws IOException {
if (style != null) {
- final String value = style.encode();
- if (value.length() > 0) {
- writeAttribute(HtmlAttributes.STYLE, value, style.needsToBeEscaped());
+ if (TobagoConfig.getInstance(FacesContext.getCurrentInstance()).getContentSecurityPolicy().size() > 0) {
+
+// final long a = System.nanoTime();
+
+ final String json = style.encodeJson();
+
+/*
+ final long b = System.nanoTime();
+
+ final String json2 = GSON.toJson(style);
+
+ final long c = System.nanoTime();
+
+ time(b-a, c-b);
+
+ LOG.error("self: " + json);
+ LOG.error("gson: " + json2);
+ LOG.error("self: " + self + " gson: " + gson);
+
+*/
+ if (json.length() > 2) { // empty "{}" needs not to be written
+ writeAttribute(DataAttributes.STYLE, json, true);
+ }
+ } else {
+
+ final String value = style.encode();
+ if (value.length() > 0) {
+ writeAttribute(HtmlAttributes.STYLE, value, style.needsToBeEscaped());
+ }
}
}
}
Modified: myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml?rev=1365563&r1=1365562&r2=1365563&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml (original)
+++ myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml Wed Jul 25 13:03:49 2012
@@ -44,7 +44,8 @@
<resource-dir>tobago-resource</resource-dir>
-<!-- enable this to test CSP
+<!-- enable this to test CSP -->
+<!--
<content-security-policy>
<directive>default-src 'self'</directive>
</content-security-policy>
Modified: myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/org/apache/myfaces/tobago/renderkit/html/standard/standard/script/tobago.js
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/org/apache/myfaces/tobago/renderkit/html/standard/standard/script/tobago.js?rev=1365563&r1=1365562&r2=1365563&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/org/apache/myfaces/tobago/renderkit/html/standard/standard/script/tobago.js (original)
+++ myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/org/apache/myfaces/tobago/renderkit/html/standard/standard/script/tobago.js Wed Jul 25 13:03:49 2012
@@ -933,11 +933,15 @@ var Tobago = {
},
initDom: function(elements) {
+
+ // focus
var autofocus = Tobago.Utils.selectWidthJQuery(elements, '[autofocus]');
autofocus.each(function setupFocus() {
Tobago.focusId = jQuery(this).attr("id");
Tobago.setFocus();
});
+
+ // commands
var commandButtons = Tobago.Utils.selectWidthJQuery(elements, '[data-tobago-action]');
commandButtons.each(function setupInputFacetCommand() {
var command = jQuery(this);
@@ -961,7 +965,6 @@ var Tobago = {
}
});
}
-
if (commands.complete) {
if (commands.complete.partially) {
Tobago.reloadComponent(this, commands.complete.partially, commands.complete.actionId, commands.complete);
@@ -982,12 +985,20 @@ var Tobago = {
setTimeout(Tobago.submitAction(this, commands.action.actionId, commands.action), delay);
}
});
+
+ // access keys
var accesskeys = Tobago.Utils.selectWidthJQuery(elements, '[accesskey]');
accesskeys.each(function setupAccessKey() {
var el = jQuery(this);
new Tobago.AcceleratorKey(function clickAccelKey() {
Tobago.clickOnElement(el.attr("id"))}, el.attr("accesskey"));
});
+
+ // element styles
+ Tobago.Utils.selectWidthJQuery(elements, "[data-tobago-style]").each(function () {
+ var element = jQuery(this);
+ element.css(element.data("tobago-style"));
+ });
},
frameKiller: function() {