You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by li...@apache.org on 2010/08/27 23:00:25 UTC
svn commit: r990269 - in /shindig/trunk/java/gadgets/src:
main/java/org/apache/shindig/gadgets/parse/caja/
main/java/org/apache/shindig/gadgets/render/
test/java/org/apache/shindig/gadgets/parse/caja/
test/java/org/apache/shindig/gadgets/rewrite/
Author: lindner
Date: Fri Aug 27 21:00:24 2010
New Revision: 990269
URL: http://svn.apache.org/viewvc?rev=990269&view=rev
Log:
Patch from Gagandeep Singh | Followup change to pass on container information correctly in all CajaCssSanitizer usages
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/parse/caja/CajaCssSanitizer.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/SanitizingGadgetRewriter.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/SanitizingResponseRewriter.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/parse/caja/CajaCssSanitizerTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/rewrite/CssResponseRewriterTest.java
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/parse/caja/CajaCssSanitizer.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/parse/caja/CajaCssSanitizer.java?rev=990269&r1=990268&r2=990269&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/parse/caja/CajaCssSanitizer.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/parse/caja/CajaCssSanitizer.java Fri Aug 27 21:00:24 2010
@@ -70,14 +70,16 @@ public class CajaCssSanitizer {
* Sanitize the CSS content of a style tag.
* @param content to sanitize
* @param linkContext url of containing content
+ * @param gadgetContext The gadget context.
* @param importRewriter to rewrite @imports to sanitizing proxy
- * @param importRewriter to rewrite images to sanitizing proxy
+ * @param imageRewriter to rewrite images to sanitizing proxy
+ * @return Sanitized css.
*/
- public String sanitize(String content, Uri linkContext, ProxyUriManager importRewriter,
- ProxyUriManager imageRewriter) {
+ public String sanitize(String content, Uri linkContext, GadgetContext gadgetContext,
+ ProxyUriManager importRewriter, ProxyUriManager imageRewriter) {
try {
CssTree.StyleSheet stylesheet = parser.parseDom(content, linkContext);
- sanitize(stylesheet, linkContext, importRewriter, imageRewriter);
+ sanitize(stylesheet, linkContext, gadgetContext, importRewriter, imageRewriter);
// Write the rewritten CSS back into the element
return parser.serialize(stylesheet);
} catch (GadgetException ge) {
@@ -91,16 +93,17 @@ public class CajaCssSanitizer {
* Sanitize the CSS content of a style tag.
* @param styleElem to sanitize
* @param linkContext url of containing content
+ * @param gadgetContext The gadget context.
* @param importRewriter to rewrite @imports to sanitizing proxy
- * @param importRewriter to rewrite images to sanitizing proxy
+ * @param imageRewriter to rewrite images to sanitizing proxy
*/
- public void sanitize(Element styleElem, Uri linkContext, ProxyUriManager importRewriter,
- ProxyUriManager imageRewriter) {
+ public void sanitize(Element styleElem, Uri linkContext, GadgetContext gadgetContext,
+ ProxyUriManager importRewriter, ProxyUriManager imageRewriter) {
String content = null;
try {
CssTree.StyleSheet stylesheet =
parser.parseDom(styleElem.getTextContent(), linkContext);
- sanitize(stylesheet, linkContext, importRewriter, imageRewriter);
+ sanitize(stylesheet, linkContext, gadgetContext, importRewriter, imageRewriter);
// Write the rewritten CSS back into the element
content = parser.serialize(stylesheet);
} catch (GadgetException ge) {
@@ -119,11 +122,12 @@ public class CajaCssSanitizer {
* Sanitize the given CSS tree in-place by removing all non-whitelisted function calls
* @param css DOM root
* @param linkContext url of containing content
+ * @param gadgetContext The gadget context.
* @param importRewriter to rewrite links to sanitizing proxy
* @param imageRewriter to rewrite links to the sanitizing proxy
*/
- public void sanitize(CssTree css, final Uri linkContext, final ProxyUriManager importRewriter,
- final ProxyUriManager imageRewriter) {
+ public void sanitize(CssTree css, final Uri linkContext, final GadgetContext gadgetContext,
+ final ProxyUriManager importRewriter, final ProxyUriManager imageRewriter) {
css.acceptPreOrder(new Visitor() {
public boolean visit(AncestorChain<?> ancestorChain) {
if (ancestorChain.node instanceof CssTree.Property) {
@@ -151,7 +155,7 @@ public class CajaCssSanitizer {
if (isValidUri(uri)) {
// Assume the URI is for an image. Rewrite it using the image link rewriter
((CssTree.UriLiteral)ancestorChain.node).setValue(
- rewriteUri(imageRewriter, uri, linkContext));
+ rewriteUri(imageRewriter, uri, linkContext, gadgetContext));
} else {
// Remove offending node
if (LOG.isLoggable(Level.FINE)) {
@@ -163,7 +167,8 @@ public class CajaCssSanitizer {
CssTree.Import importDecl = (CssTree.Import) ancestorChain.node;
String uri = importDecl.getUri().getValue();
if (isValidUri(uri)) {
- importDecl.getUri().setValue(rewriteUri(importRewriter, uri, linkContext));
+ importDecl.getUri().setValue(rewriteUri(importRewriter, uri, linkContext,
+ gadgetContext));
} else {
if (LOG.isLoggable(Level.FINE)) {
LOG.log(Level.FINE, "Removing invalid URI " + uri);
@@ -176,7 +181,8 @@ public class CajaCssSanitizer {
}, null);
}
- private static String rewriteUri(ProxyUriManager proxyUriManager, String input, final Uri context) {
+ private static String rewriteUri(ProxyUriManager proxyUriManager, String input,
+ final Uri context, GadgetContext gadgetContext) {
Uri inboundUri = null;
try {
inboundUri = Uri.parse(input);
@@ -187,9 +193,9 @@ public class CajaCssSanitizer {
if (context != null) {
inboundUri = context.resolve(inboundUri);
}
+
List<ProxyUriManager.ProxyUri> uris = ImmutableList.of(
- new ProxyUriManager.ProxyUri(DomWalker.makeGadget(new GadgetContext() {
- // TODO: Refactor this method to pass on the container as well.
+ new ProxyUriManager.ProxyUri(DomWalker.makeGadget(new GadgetContext(gadgetContext) {
@Override
public Uri getUrl() {
return context;
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/SanitizingGadgetRewriter.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/SanitizingGadgetRewriter.java?rev=990269&r1=990268&r2=990269&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/SanitizingGadgetRewriter.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/SanitizingGadgetRewriter.java Fri Aug 27 21:00:24 2010
@@ -314,8 +314,8 @@ public class SanitizingGadgetRewriter ex
public VisitStatus visit(Gadget gadget, Node node) throws RewritingException {
if (node.getNodeType() == Node.ELEMENT_NODE &&
"style".equalsIgnoreCase(node.getNodeName())) {
- cssSanitizer.sanitize(
- (Element)node, gadget.getSpec().getUrl(), cssImportRewriter, imageRewriter);
+ cssSanitizer.sanitize((Element) node, gadget.getSpec().getUrl(),
+ gadget.getContext(), cssImportRewriter, imageRewriter);
return VisitStatus.MODIFY;
}
return VisitStatus.BYPASS;
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/SanitizingResponseRewriter.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/SanitizingResponseRewriter.java?rev=990269&r1=990268&r2=990269&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/SanitizingResponseRewriter.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/SanitizingResponseRewriter.java Fri Aug 27 21:00:24 2010
@@ -23,10 +23,12 @@ import org.apache.sanselan.ImageFormat;
import org.apache.sanselan.ImageReadException;
import org.apache.sanselan.Sanselan;
import org.apache.sanselan.common.byteSources.ByteSourceInputStream;
+import org.apache.shindig.gadgets.GadgetContext;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
import org.apache.shindig.gadgets.parse.caja.CajaCssSanitizer;
import org.apache.shindig.gadgets.rewrite.ContentRewriterFeature;
+import org.apache.shindig.gadgets.rewrite.DomWalker;
import org.apache.shindig.gadgets.rewrite.ResponseRewriter;
import org.apache.shindig.gadgets.uri.ProxyUriManager;
@@ -129,8 +131,10 @@ public class SanitizingResponseRewriter
new SanitizingProxyUriManager(proxyUriManager, "image/*");
SanitizingProxyUriManager cssImportRewriter =
new SanitizingProxyUriManager(proxyUriManager, "text/css");
+
+ GadgetContext gadgetContext = DomWalker.makeGadget(request).getContext();
sanitized = cssSanitizer.sanitize(resp.getContent(), request.getUri(),
- cssImportRewriter, cssImageRewriter);
+ gadgetContext, cssImportRewriter, cssImageRewriter);
}
return;
} finally {
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/parse/caja/CajaCssSanitizerTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/parse/caja/CajaCssSanitizerTest.java?rev=990269&r1=990268&r2=990269&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/parse/caja/CajaCssSanitizerTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/parse/caja/CajaCssSanitizerTest.java Fri Aug 27 21:00:24 2010
@@ -17,42 +17,84 @@
*/
package org.apache.shindig.gadgets.parse.caja;
+import com.google.caja.parser.css.CssTree;
+import com.google.common.collect.ImmutableMap;
+
import org.apache.shindig.common.EasyMockTestCase;
import org.apache.shindig.common.uri.Uri;
+import org.apache.shindig.config.AbstractContainerConfig;
+import org.apache.shindig.config.ContainerConfig;
+import org.apache.shindig.gadgets.GadgetContext;
import org.apache.shindig.gadgets.render.SanitizingProxyUriManager;
-import org.apache.shindig.gadgets.uri.PassthruManager;
+import org.apache.shindig.gadgets.uri.DefaultProxyUriManager;
import org.apache.shindig.gadgets.uri.ProxyUriManager;
-
-import com.google.caja.parser.css.CssTree;
import org.junit.Before;
import org.junit.Test;
+import java.util.HashMap;
+import java.util.Map;
+
/**
- *
+ * Tests for CajaCssSanitizer.
*/
public class CajaCssSanitizerTest extends EasyMockTestCase {
-
private CajaCssParser parser;
private CajaCssSanitizer sanitizer;
private final Uri DUMMY = Uri.parse("http://www.example.org/base");
- private ProxyUriManager passthruManager;
private SanitizingProxyUriManager importRewriter;
private SanitizingProxyUriManager imageRewriter;
+ private GadgetContext gadgetContext;
+ public static final String MOCK_CONTAINER = "mockContainer";
+
+ private static class FakeContainerConfig extends AbstractContainerConfig {
+ private Map<String, Map<String, Object>> containers =
+ new HashMap<String, Map<String, Object>>();
+
+ private FakeContainerConfig() {
+ containers.put(ContainerConfig.DEFAULT_CONTAINER, ImmutableMap.<String, Object>builder()
+ .put(DefaultProxyUriManager.PROXY_HOST_PARAM, "www.test.com")
+ .put(DefaultProxyUriManager.PROXY_PATH_PARAM, "/dir/proxy")
+ .build());
+ containers.put(MOCK_CONTAINER, ImmutableMap.<String, Object>builder()
+ .put(DefaultProxyUriManager.PROXY_HOST_PARAM, "www.mock.com")
+ .build());
+ }
+
+ @Override
+ public Object getProperty(String container, String name) {
+ Map<String, Object> data = containers.get(container);
+
+ // Inherit from default if there is no value for this key.
+ if (!data.containsKey(name)) {
+ data = containers.get(ContainerConfig.DEFAULT_CONTAINER);
+ }
+ return data.get(name);
+ }
+ }
@Before
public void setUp() throws Exception {
parser = new CajaCssParser();
sanitizer = new CajaCssSanitizer(parser);
- passthruManager = new PassthruManager("test.com", "/proxy/path");
- importRewriter = new SanitizingProxyUriManager(passthruManager, "text/css");
- imageRewriter = new SanitizingProxyUriManager(passthruManager, "image/*");
+
+ ContainerConfig config = new FakeContainerConfig();
+ ProxyUriManager proxyUriManager = new DefaultProxyUriManager(config, null);
+
+ importRewriter = new SanitizingProxyUriManager(proxyUriManager, "text/css");
+ imageRewriter = new SanitizingProxyUriManager(proxyUriManager, "image/*");
+ gadgetContext = new GadgetContext() {
+ @Override
+ public String getContainer() {
+ return MOCK_CONTAINER;
+ }
+ };
}
@Test
public void testPreserveSafe() throws Exception {
String css = ".xyz { font: bold;} A { color: #7f7f7f}";
CssTree.StyleSheet styleSheet = parser.parseDom(css);
- sanitizer.sanitize(styleSheet, DUMMY, importRewriter, imageRewriter);
+ sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter);
assertStyleEquals(css, styleSheet);
}
@@ -60,7 +102,7 @@ public class CajaCssSanitizerTest extend
public void testSanitizeFunctionCall() throws Exception {
String css = ".xyz { font : iamevil(bold); }";
CssTree.StyleSheet styleSheet = parser.parseDom(css);
- sanitizer.sanitize(styleSheet, DUMMY, importRewriter, imageRewriter);
+ sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter);
assertStyleEquals(".xyz {}", styleSheet);
}
@@ -68,7 +110,7 @@ public class CajaCssSanitizerTest extend
public void testSanitizeUnsafeProperties() throws Exception {
String css = ".xyz { behavior: url('xyz.htc'); -moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\") }";
CssTree.StyleSheet styleSheet = parser.parseDom(css);
- sanitizer.sanitize(styleSheet, DUMMY, importRewriter, imageRewriter);
+ sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter);
assertStyleEquals(".xyz {}", styleSheet);
}
@@ -76,7 +118,7 @@ public class CajaCssSanitizerTest extend
public void testSanitizeScriptUrls() throws Exception {
String css = ".xyz { background: url('javascript:doevill'); background : url(vbscript:moreevil); }";
CssTree.StyleSheet styleSheet = parser.parseDom(css);
- sanitizer.sanitize(styleSheet, DUMMY, importRewriter, imageRewriter);
+ sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter);
assertStyleEquals(".xyz {}", styleSheet);
}
@@ -84,20 +126,41 @@ public class CajaCssSanitizerTest extend
public void testProxyUrls() throws Exception {
String css = ".xyz { background: url('http://www.example.org/img.gif');}";
CssTree.StyleSheet styleSheet = parser.parseDom(css);
- sanitizer.sanitize(styleSheet, DUMMY, importRewriter, imageRewriter);
- assertStyleEquals(
- ".xyz { background: url('http://test.com/proxy/path?url=" +
- "http%3A%2F%2Fwww.example.org%2Fimg.gif" +
- "&sanitize=1&rewriteMime=image%2F%2a');}", styleSheet);
+ sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter);
+ assertStyleEquals(".xyz { " +
+ "background: url('//www.mock.com/dir/proxy?gadget=http%3A%2F%2Fwww.example.org%2Fbase" +
+ "&container=mockContainer&nocache=0&debug=0&url=http%3A%2F%2Fwww.example.org%2Fimg.gif&" +
+ "sanitize=1&rewriteMime=image%2F%2a');}", styleSheet);
+ }
+
+ @Test
+ public void testUrlEscapingMockContainer() throws Exception {
+ String css = ".xyz { background: url('http://www.example.org/img.gif');}";
+ CssTree.StyleSheet styleSheet = parser.parseDom(css);
+ sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter);
+ assertEquals(".xyz{" +
+ "background:url('//www.mock.com/dir/proxy?gadget=http%3A%2F%2Fwww.example.org%2Fbase" +
+ "&container=mockContainer&nocache=0&debug=0&url=http%3A%2F%2Fwww.example.org%2Fimg.gif" +
+ "&sanitize=1&rewriteMime=image%2F%2a');}",
+ parser.serialize(styleSheet).replaceAll("\\s", ""));
}
@Test
- public void testUrlEscaping() throws Exception {
+ public void testUrlEscapingDefaultContainer() throws Exception {
String css = ".xyz { background: url('http://www.example.org/img.gif');}";
CssTree.StyleSheet styleSheet = parser.parseDom(css);
- sanitizer.sanitize(styleSheet, DUMMY, importRewriter, imageRewriter);
- assertEquals(".xyz{background:url('http://test.com/proxy/path?url=http%3A%2F%2Fwww.example.org%2F" +
- "img.gif&sanitize=1&rewriteMime=image%2F%2a');}",
+ GadgetContext gadgetContext = new GadgetContext() {
+ @Override
+ public String getContainer() {
+ return ContainerConfig.DEFAULT_CONTAINER;
+ }
+ };
+
+ sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter);
+ assertEquals(".xyz{" +
+ "background:url('//www.test.com/dir/proxy?gadget=http%3A%2F%2Fwww.example.org%2Fbase" +
+ "&container=default&nocache=0&debug=0&url=http%3A%2F%2Fwww.example.org%2Fimg.gif" +
+ "&sanitize=1&rewriteMime=image%2F%2a');}",
parser.serialize(styleSheet).replaceAll("\\s", ""));
}
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/rewrite/CssResponseRewriterTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/rewrite/CssResponseRewriterTest.java?rev=990269&r1=990268&r2=990269&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/rewrite/CssResponseRewriterTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/rewrite/CssResponseRewriterTest.java Fri Aug 27 21:00:24 2010
@@ -17,9 +17,8 @@
*/
package org.apache.shindig.gadgets.rewrite;
-import static org.junit.Assert.assertEquals;
-
import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Lists;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.shindig.common.uri.Uri;
@@ -41,10 +40,10 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import com.google.common.collect.Lists;
+import static org.junit.Assert.assertEquals;
/**
- *
+ * Tests for CssResponseRewriter.
*/
public class CssResponseRewriterTest extends RewriterTestBase {
private static class FakeContainerConfig extends AbstractContainerConfig {
@@ -77,6 +76,7 @@ public class CssResponseRewriterTest ext
private CssResponseRewriter rewriter;
private CssResponseRewriter rewriterNoOverrideExpires;
private Uri dummyUri;
+ private GadgetContext gadgetContext;
private ProxyUriManager proxyUriManager;
private ContentRewriterFeature.Factory factory;
@@ -109,6 +109,12 @@ public class CssResponseRewriterTest ext
rewriter = new CssResponseRewriter(new CajaCssParser(),
proxyUriManager, factory);
dummyUri = Uri.parse("http://www.w3c.org");
+ gadgetContext = new GadgetContext() {
+ @Override
+ public Uri getUrl() {
+ return dummyUri;
+ }
+ };
}
@Test
@@ -248,12 +254,8 @@ public class CssResponseRewriterTest ext
StringWriter sw = new StringWriter();
List<String> stringList = rewriter
.rewrite(new StringReader(original), dummyUri,
- CssResponseRewriter.uriMaker(proxyUriManager, defaultRewriterFeature), sw, true, new GadgetContext() {
- @Override
- public Uri getUrl() {
- return dummyUri;
- }
- });
+ CssResponseRewriter.uriMaker(proxyUriManager, defaultRewriterFeature), sw,
+ true, gadgetContext);
assertEquals(StringUtils.deleteWhitespace(expected),
StringUtils.deleteWhitespace(sw.toString()));
assertEquals(Lists.newArrayList("www.example.org/some.css",
@@ -268,12 +270,8 @@ public class CssResponseRewriterTest ext
StringWriter sw = new StringWriter();
List<String> stringList = rewriter
.rewrite(new StringReader(original), dummyUri,
- CssResponseRewriter.uriMaker(proxyUriManager, defaultRewriterFeature), sw, true, new GadgetContext() {
- @Override
- public Uri getUrl() {
- return dummyUri;
- }
- });
+ CssResponseRewriter.uriMaker(proxyUriManager, defaultRewriterFeature), sw,
+ true, gadgetContext);
assertEquals(StringUtils.deleteWhitespace(expected),
StringUtils.deleteWhitespace(sw.toString()));
assertEquals(Lists.newArrayList("www.example.org/some.css"), stringList);