You are viewing a plain text version of this content. The canonical link for it is here.
Posted to batik-dev@xmlgraphics.apache.org by vh...@apache.org on 2002/06/17 15:01:44 UTC
cvs commit: xml-batik/sources/org/apache/batik/bridge DefaultExternalResourceSecurity.java DefaultScriptSecurity.java EmbededExternalResourceSecurity.java EmbededScriptSecurity.java ExternalResourceSecurity.java NoLoadExternalResourceSecurity.java NoLoadScriptSecurity.java RelaxedExternalResourceSecurity.java RelaxedScriptSecurity.java ScriptSecurity.java
vhardy 2002/06/17 06:01:44
Modified: sources/org/apache/batik/apps/svgbrowser ResourceOrigin.java
sources/org/apache/batik/bridge
DefaultExternalResourceSecurity.java
DefaultScriptSecurity.java
EmbededExternalResourceSecurity.java
EmbededScriptSecurity.java
ExternalResourceSecurity.java
NoLoadExternalResourceSecurity.java
NoLoadScriptSecurity.java
RelaxedExternalResourceSecurity.java
RelaxedScriptSecurity.java ScriptSecurity.java
Log:
Fixed encoding problem. No change is source besides encoding
Revision Changes Path
1.2 +38 -38 xml-batik/sources/org/apache/batik/apps/svgbrowser/ResourceOrigin.java
Index: ResourceOrigin.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/ResourceOrigin.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ResourceOrigin.java 14 Jun 2002 13:12:24 -0000 1.1
+++ ResourceOrigin.java 17 Jun 2002 13:01:43 -0000 1.2
@@ -1,38 +1,38 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.apps.svgbrowser;
-
-/**
- * This interface defines constants for the possible resource
- * origins.
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public interface ResourceOrigin {
- /**
- * Any origin
- */
- static final int ANY = 1;
-
- /**
- * Same as document
- */
- static final int DOCUMENT = 2;
-
- /**
- * Embeded into the document
- */
- static final int EMBEDED = 4;
-
- /**
- * No origin is ok
- */
- static final int NONE = 8;
-}
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.apps.svgbrowser;
+
+/**
+ * This interface defines constants for the possible resource
+ * origins.
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public interface ResourceOrigin {
+ /**
+ * Any origin
+ */
+ static final int ANY = 1;
+
+ /**
+ * Same as document
+ */
+ static final int DOCUMENT = 2;
+
+ /**
+ * Embeded into the document
+ */
+ static final int EMBEDED = 4;
+
+ /**
+ * No origin is ok
+ */
+ static final int NONE = 8;
+}
1.3 +92 -92 xml-batik/sources/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
Index: DefaultExternalResourceSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/DefaultExternalResourceSecurity.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- DefaultExternalResourceSecurity.java 14 Jun 2002 13:12:24 -0000 1.2
+++ DefaultExternalResourceSecurity.java 17 Jun 2002 13:01:44 -0000 1.3
@@ -1,92 +1,92 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.bridge;
-
-import org.apache.batik.util.ParsedURL;
-
-/**
- * Default implementation for the <tt>ExternalResourceSecurity</tt> interface.
- * It allows all types of external resources to be loaded, but only if they
- * come from the same server as the document they are referenced from.
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public class DefaultExternalResourceSecurity implements ExternalResourceSecurity {
- public static final String DATA_PROTOCOL = "data";
- /**
- * Message when trying to load a external resource file and the Document
- * does not have a URL
- */
- public static final String ERROR_CANNOT_ACCESS_DOCUMENT_URL
- = "DefaultExternalResourceSecurity.error.cannot.access.document.url";
-
- /**
- * Message when trying to load a externalResource file from a server
- * different than the one of the document.
- */
- public static final String ERROR_EXTERNAL_RESOURCE_FROM_DIFFERENT_URL
- = "DefaultExternalResourceSecurity.error.external.resource.from.different.url";
-
- /**
- * The exception is built in the constructor and thrown if
- * not null and the checkLoadExternalResource method is called.
- */
- protected SecurityException se;
-
- /**
- * Controls whether the externalResource should be loaded or not.
- *
- * @throws SecurityException if the externalResource should not be loaded.
- */
- public void checkLoadExternalResource(){
- if (se != null) {
- se.fillInStackTrace();
- throw se;
- }
- }
-
- /**
- * @param externalResourceURL url for the externalResource, as defined in
- * the externalResource's xlink:href attribute. If that
- * attribute was empty, then this parameter should
- * be null
- * @param docURL url for the document into which the
- * externalResource was found.
- */
- public DefaultExternalResourceSecurity(ParsedURL externalResourceURL,
- ParsedURL docURL){
- // Make sure that the archives comes from the same host
- // as the document itself
- if (docURL == null) {
- se = new SecurityException
- (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
- new Object[]{externalResourceURL}));
- } else {
- String docHost = docURL.getHost();
- String externalResourceHost = externalResourceURL.getHost();
-
- if ((docHost != externalResourceHost) &&
- ((docHost == null) || (!docHost.equals(externalResourceHost)))){
-
- if ( externalResourceURL == null
- ||
- !DATA_PROTOCOL.equals(externalResourceURL.getProtocol()) ) {
- se = new SecurityException
- (Messages.formatMessage(ERROR_EXTERNAL_RESOURCE_FROM_DIFFERENT_URL,
- new Object[]{externalResourceURL}));
- }
-
- }
- }
- }
-}
-
-
-
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.bridge;
+
+import org.apache.batik.util.ParsedURL;
+
+/**
+ * Default implementation for the <tt>ExternalResourceSecurity</tt> interface.
+ * It allows all types of external resources to be loaded, but only if they
+ * come from the same server as the document they are referenced from.
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public class DefaultExternalResourceSecurity implements ExternalResourceSecurity {
+ public static final String DATA_PROTOCOL = "data";
+ /**
+ * Message when trying to load a external resource file and the Document
+ * does not have a URL
+ */
+ public static final String ERROR_CANNOT_ACCESS_DOCUMENT_URL
+ = "DefaultExternalResourceSecurity.error.cannot.access.document.url";
+
+ /**
+ * Message when trying to load a externalResource file from a server
+ * different than the one of the document.
+ */
+ public static final String ERROR_EXTERNAL_RESOURCE_FROM_DIFFERENT_URL
+ = "DefaultExternalResourceSecurity.error.external.resource.from.different.url";
+
+ /**
+ * The exception is built in the constructor and thrown if
+ * not null and the checkLoadExternalResource method is called.
+ */
+ protected SecurityException se;
+
+ /**
+ * Controls whether the externalResource should be loaded or not.
+ *
+ * @throws SecurityException if the externalResource should not be loaded.
+ */
+ public void checkLoadExternalResource(){
+ if (se != null) {
+ se.fillInStackTrace();
+ throw se;
+ }
+ }
+
+ /**
+ * @param externalResourceURL url for the externalResource, as defined in
+ * the externalResource's xlink:href attribute. If that
+ * attribute was empty, then this parameter should
+ * be null
+ * @param docURL url for the document into which the
+ * externalResource was found.
+ */
+ public DefaultExternalResourceSecurity(ParsedURL externalResourceURL,
+ ParsedURL docURL){
+ // Make sure that the archives comes from the same host
+ // as the document itself
+ if (docURL == null) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
+ new Object[]{externalResourceURL}));
+ } else {
+ String docHost = docURL.getHost();
+ String externalResourceHost = externalResourceURL.getHost();
+
+ if ((docHost != externalResourceHost) &&
+ ((docHost == null) || (!docHost.equals(externalResourceHost)))){
+
+ if ( externalResourceURL == null
+ ||
+ !DATA_PROTOCOL.equals(externalResourceURL.getProtocol()) ) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_EXTERNAL_RESOURCE_FROM_DIFFERENT_URL,
+ new Object[]{externalResourceURL}));
+ }
+
+ }
+ }
+ }
+}
+
+
+
1.4 +95 -95 xml-batik/sources/org/apache/batik/bridge/DefaultScriptSecurity.java
Index: DefaultScriptSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/DefaultScriptSecurity.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- DefaultScriptSecurity.java 14 Jun 2002 13:12:24 -0000 1.3
+++ DefaultScriptSecurity.java 17 Jun 2002 13:01:44 -0000 1.4
@@ -1,95 +1,95 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.bridge;
-
-import org.apache.batik.util.ParsedURL;
-
-/**
- * Default implementation for the <tt>ScriptSecurity</tt> interface.
- * It allows all types of scripts to be loaded, but only if they
- * come from the same server as the document they are included into.
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public class DefaultScriptSecurity implements ScriptSecurity {
- public static final String DATA_PROTOCOL = "data";
- /**
- * Message when trying to load a script file and the Document
- * does not have a URL
- */
- public static final String ERROR_CANNOT_ACCESS_DOCUMENT_URL
- = "DefaultScriptSecurity.error.cannot.access.document.url";
-
- /**
- * Message when trying to load a script file from a server
- * different than the one of the document.
- */
- public static final String ERROR_SCRIPT_FROM_DIFFERENT_URL
- = "DefaultScriptSecurity.error.script.from.different.url";
-
- /**
- * The exception is built in the constructor and thrown if
- * not null and the checkLoadScript method is called.
- */
- protected SecurityException se;
-
- /**
- * Controls whether the script should be loaded or not.
- *
- * @throws SecurityException if the script should not be loaded.
- */
- public void checkLoadScript(){
- if (se != null) {
- throw se;
- }
- }
-
- /**
- * @param scriptType type of script, as found in the
- * type attribute of the <script> element.
- * @param scriptURL url for the script, as defined in
- * the script's xlink:href attribute. If that
- * attribute was empty, then this parameter should
- * be null
- * @param docURL url for the document into which the
- * script was found.
- */
- public DefaultScriptSecurity(String scriptType,
- ParsedURL scriptURL,
- ParsedURL docURL){
- // Make sure that the archives comes from the same host
- // as the document itself
- if (docURL == null) {
- se = new SecurityException
- (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
- new Object[]{scriptURL}));
- } else {
- String docHost = docURL.getHost();
- String scriptHost = scriptURL.getHost();
-
- if ((docHost != scriptHost) &&
- ((docHost == null) || (!docHost.equals(scriptHost)))) {
- if ( !docURL.equals(scriptURL)
- &&
- (scriptURL == null
- ||
- !DATA_PROTOCOL.equals(scriptURL.getProtocol()) )) {
- se = new SecurityException
- (Messages.formatMessage(ERROR_SCRIPT_FROM_DIFFERENT_URL,
- new Object[]{scriptURL}));
- }
- }
- }
-
- }
-}
-
-
-
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.bridge;
+
+import org.apache.batik.util.ParsedURL;
+
+/**
+ * Default implementation for the <tt>ScriptSecurity</tt> interface.
+ * It allows all types of scripts to be loaded, but only if they
+ * come from the same server as the document they are included into.
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public class DefaultScriptSecurity implements ScriptSecurity {
+ public static final String DATA_PROTOCOL = "data";
+ /**
+ * Message when trying to load a script file and the Document
+ * does not have a URL
+ */
+ public static final String ERROR_CANNOT_ACCESS_DOCUMENT_URL
+ = "DefaultScriptSecurity.error.cannot.access.document.url";
+
+ /**
+ * Message when trying to load a script file from a server
+ * different than the one of the document.
+ */
+ public static final String ERROR_SCRIPT_FROM_DIFFERENT_URL
+ = "DefaultScriptSecurity.error.script.from.different.url";
+
+ /**
+ * The exception is built in the constructor and thrown if
+ * not null and the checkLoadScript method is called.
+ */
+ protected SecurityException se;
+
+ /**
+ * Controls whether the script should be loaded or not.
+ *
+ * @throws SecurityException if the script should not be loaded.
+ */
+ public void checkLoadScript(){
+ if (se != null) {
+ throw se;
+ }
+ }
+
+ /**
+ * @param scriptType type of script, as found in the
+ * type attribute of the <script> element.
+ * @param scriptURL url for the script, as defined in
+ * the script's xlink:href attribute. If that
+ * attribute was empty, then this parameter should
+ * be null
+ * @param docURL url for the document into which the
+ * script was found.
+ */
+ public DefaultScriptSecurity(String scriptType,
+ ParsedURL scriptURL,
+ ParsedURL docURL){
+ // Make sure that the archives comes from the same host
+ // as the document itself
+ if (docURL == null) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
+ new Object[]{scriptURL}));
+ } else {
+ String docHost = docURL.getHost();
+ String scriptHost = scriptURL.getHost();
+
+ if ((docHost != scriptHost) &&
+ ((docHost == null) || (!docHost.equals(scriptHost)))) {
+ if ( !docURL.equals(scriptURL)
+ &&
+ (scriptURL == null
+ ||
+ !DATA_PROTOCOL.equals(scriptURL.getProtocol()) )) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_SCRIPT_FROM_DIFFERENT_URL,
+ new Object[]{scriptURL}));
+ }
+ }
+ }
+
+ }
+}
+
+
+
1.2 +68 -68 xml-batik/sources/org/apache/batik/bridge/EmbededExternalResourceSecurity.java
Index: EmbededExternalResourceSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/EmbededExternalResourceSecurity.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- EmbededExternalResourceSecurity.java 14 Jun 2002 13:12:24 -0000 1.1
+++ EmbededExternalResourceSecurity.java 17 Jun 2002 13:01:44 -0000 1.2
@@ -1,68 +1,68 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.bridge;
-
-import org.apache.batik.util.ParsedURL;
-
-/**
- * This implementation of the <tt>ExternalResourceSecurity</tt> interface only
- * allows external resources embeded in the document, i.e., externalResources
- * embeded with the data protocol.
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public class EmbededExternalResourceSecurity implements ExternalResourceSecurity {
- public static final String DATA_PROTOCOL = "data";
-
- /**
- * Message when trying to load a external resource that is not embeded
- * in the document.
- */
- public static final String ERROR_EXTERNAL_RESOURCE_NOT_EMBEDED
- = "EmbededExternalResourceSecurity.error.external.esource.not.embeded";
-
- /**
- * The exception is built in the constructor and thrown if
- * not null and the checkLoadExternalResource method is called.
- */
- protected SecurityException se;
-
- /**
- * Controls whether the externalResource should be loaded or not.
- *
- * @throws SecurityException if the externalResource should not be loaded.
- */
- public void checkLoadExternalResource(){
- if (se != null) {
- throw se;
- }
- }
-
- /**
- * @param externalResourceURL url for the externalResource, as defined in
- * the externalResource's xlink:href attribute. If that
- * attribute was empty, then this parameter should
- * be null
- */
- public EmbededExternalResourceSecurity(ParsedURL externalResourceURL){
- if ( externalResourceURL == null
- ||
- !DATA_PROTOCOL.equals(externalResourceURL.getProtocol()) ) {
- se = new SecurityException
- (Messages.formatMessage(ERROR_EXTERNAL_RESOURCE_NOT_EMBEDED,
- new Object[]{externalResourceURL}));
-
-
- }
- }
-}
-
-
-
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.bridge;
+
+import org.apache.batik.util.ParsedURL;
+
+/**
+ * This implementation of the <tt>ExternalResourceSecurity</tt> interface only
+ * allows external resources embeded in the document, i.e., externalResources
+ * embeded with the data protocol.
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public class EmbededExternalResourceSecurity implements ExternalResourceSecurity {
+ public static final String DATA_PROTOCOL = "data";
+
+ /**
+ * Message when trying to load a external resource that is not embeded
+ * in the document.
+ */
+ public static final String ERROR_EXTERNAL_RESOURCE_NOT_EMBEDED
+ = "EmbededExternalResourceSecurity.error.external.esource.not.embeded";
+
+ /**
+ * The exception is built in the constructor and thrown if
+ * not null and the checkLoadExternalResource method is called.
+ */
+ protected SecurityException se;
+
+ /**
+ * Controls whether the externalResource should be loaded or not.
+ *
+ * @throws SecurityException if the externalResource should not be loaded.
+ */
+ public void checkLoadExternalResource(){
+ if (se != null) {
+ throw se;
+ }
+ }
+
+ /**
+ * @param externalResourceURL url for the externalResource, as defined in
+ * the externalResource's xlink:href attribute. If that
+ * attribute was empty, then this parameter should
+ * be null
+ */
+ public EmbededExternalResourceSecurity(ParsedURL externalResourceURL){
+ if ( externalResourceURL == null
+ ||
+ !DATA_PROTOCOL.equals(externalResourceURL.getProtocol()) ) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_EXTERNAL_RESOURCE_NOT_EMBEDED,
+ new Object[]{externalResourceURL}));
+
+
+ }
+ }
+}
+
+
+
1.2 +90 -90 xml-batik/sources/org/apache/batik/bridge/EmbededScriptSecurity.java
Index: EmbededScriptSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/EmbededScriptSecurity.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- EmbededScriptSecurity.java 14 Jun 2002 13:12:24 -0000 1.1
+++ EmbededScriptSecurity.java 17 Jun 2002 13:01:44 -0000 1.2
@@ -1,90 +1,90 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.bridge;
-
-import org.apache.batik.util.ParsedURL;
-
-/**
- * This implementation of the <tt>ScriptSecurity</tt> interface only
- * allows scripts embeded in the document, i.e., scripts whith either
- * the same URL as the document (as for event attributes) or scripts
- * embeded with the data protocol.
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public class EmbededScriptSecurity implements ScriptSecurity {
- public static final String DATA_PROTOCOL = "data";
-
- /**
- * Message when trying to load a script file and the Document
- * does not have a URL
- */
- public static final String ERROR_CANNOT_ACCESS_DOCUMENT_URL
- = "DefaultScriptSecurity.error.cannot.access.document.url";
-
- /**
- * Message when trying to load a script that is not embeded
- * in the document.
- */
- public static final String ERROR_SCRIPT_NOT_EMBEDED
- = "EmbededScriptSecurity.error.script.not.embeded";
-
- /**
- * The exception is built in the constructor and thrown if
- * not null and the checkLoadScript method is called.
- */
- protected SecurityException se;
-
- /**
- * Controls whether the script should be loaded or not.
- *
- * @throws SecurityException if the script should not be loaded.
- */
- public void checkLoadScript(){
- if (se != null) {
- throw se;
- }
- }
-
- /**
- * @param scriptType type of script, as found in the
- * type attribute of the <script> element.
- * @param scriptURL url for the script, as defined in
- * the script's xlink:href attribute. If that
- * attribute was empty, then this parameter should
- * be null
- * @param docURL url for the document into which the
- * script was found.
- */
- public EmbededScriptSecurity(String scriptType,
- ParsedURL scriptURL,
- ParsedURL docURL){
- // Make sure that the archives comes from the same host
- // as the document itself
- if (docURL == null) {
- se = new SecurityException
- (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
- new Object[]{scriptURL}));
- } else {
- if ( !docURL.equals(scriptURL)
- &&
- (scriptURL == null
- ||
- !DATA_PROTOCOL.equals(scriptURL.getProtocol()) )) {
- se = new SecurityException
- (Messages.formatMessage(ERROR_SCRIPT_NOT_EMBEDED,
- new Object[]{scriptURL}));
- }
- }
- }
-}
-
-
-
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.bridge;
+
+import org.apache.batik.util.ParsedURL;
+
+/**
+ * This implementation of the <tt>ScriptSecurity</tt> interface only
+ * allows scripts embeded in the document, i.e., scripts whith either
+ * the same URL as the document (as for event attributes) or scripts
+ * embeded with the data protocol.
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public class EmbededScriptSecurity implements ScriptSecurity {
+ public static final String DATA_PROTOCOL = "data";
+
+ /**
+ * Message when trying to load a script file and the Document
+ * does not have a URL
+ */
+ public static final String ERROR_CANNOT_ACCESS_DOCUMENT_URL
+ = "DefaultScriptSecurity.error.cannot.access.document.url";
+
+ /**
+ * Message when trying to load a script that is not embeded
+ * in the document.
+ */
+ public static final String ERROR_SCRIPT_NOT_EMBEDED
+ = "EmbededScriptSecurity.error.script.not.embeded";
+
+ /**
+ * The exception is built in the constructor and thrown if
+ * not null and the checkLoadScript method is called.
+ */
+ protected SecurityException se;
+
+ /**
+ * Controls whether the script should be loaded or not.
+ *
+ * @throws SecurityException if the script should not be loaded.
+ */
+ public void checkLoadScript(){
+ if (se != null) {
+ throw se;
+ }
+ }
+
+ /**
+ * @param scriptType type of script, as found in the
+ * type attribute of the <script> element.
+ * @param scriptURL url for the script, as defined in
+ * the script's xlink:href attribute. If that
+ * attribute was empty, then this parameter should
+ * be null
+ * @param docURL url for the document into which the
+ * script was found.
+ */
+ public EmbededScriptSecurity(String scriptType,
+ ParsedURL scriptURL,
+ ParsedURL docURL){
+ // Make sure that the archives comes from the same host
+ // as the document itself
+ if (docURL == null) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
+ new Object[]{scriptURL}));
+ } else {
+ if ( !docURL.equals(scriptURL)
+ &&
+ (scriptURL == null
+ ||
+ !DATA_PROTOCOL.equals(scriptURL.getProtocol()) )) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_SCRIPT_NOT_EMBEDED,
+ new Object[]{scriptURL}));
+ }
+ }
+ }
+}
+
+
+
1.2 +29 -29 xml-batik/sources/org/apache/batik/bridge/ExternalResourceSecurity.java
Index: ExternalResourceSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/ExternalResourceSecurity.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ExternalResourceSecurity.java 13 Jun 2002 11:19:37 -0000 1.1
+++ ExternalResourceSecurity.java 17 Jun 2002 13:01:44 -0000 1.2
@@ -1,29 +1,29 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.bridge;
-
-/**
- * An interface that allows UserAgents to describe the security
- * constraints desired for external resources.
- *
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public interface ExternalResourceSecurity {
- /**
- * Controls whether the external resource should be loaded or not.
- *
- * @throws SecurityException if the resource should not be loaded.
- */
- void checkLoadExternalResource();
-}
-
-
-
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.bridge;
+
+/**
+ * An interface that allows UserAgents to describe the security
+ * constraints desired for external resources.
+ *
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public interface ExternalResourceSecurity {
+ /**
+ * Controls whether the external resource should be loaded or not.
+ *
+ * @throws SecurityException if the resource should not be loaded.
+ */
+ void checkLoadExternalResource();
+}
+
+
+
1.3 +56 -56 xml-batik/sources/org/apache/batik/bridge/NoLoadExternalResourceSecurity.java
Index: NoLoadExternalResourceSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/NoLoadExternalResourceSecurity.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- NoLoadExternalResourceSecurity.java 14 Jun 2002 13:12:24 -0000 1.2
+++ NoLoadExternalResourceSecurity.java 17 Jun 2002 13:01:44 -0000 1.3
@@ -1,56 +1,56 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.bridge;
-
-import org.apache.batik.util.ParsedURL;
-
-/**
- * This implementation does not allow any external resources to be
- * referenced from an SVG document.
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public class NoLoadExternalResourceSecurity implements ExternalResourceSecurity {
- /**
- * Message when trying to load an external resource
- */
- public static final String ERROR_NO_EXTERNAL_RESOURCE_ALLOWED
- = "NoLoadExternalResourceSecurity.error.no.external.resource.allowed";
-
- /**
- * The exception is built in the constructor and thrown if
- * not null and the checkLoadExternalResource method is called.
- */
- protected SecurityException se;
-
- /**
- * Controls whether the external resource should be loaded or not.
- *
- * @throws SecurityException if the externalResource should not be loaded.
- */
- public void checkLoadExternalResource(){
- if (se != null) {
- se.fillInStackTrace();
- throw se;
- }
- }
-
- /**
- */
- public NoLoadExternalResourceSecurity(){
- se = new SecurityException
- (Messages.formatMessage(ERROR_NO_EXTERNAL_RESOURCE_ALLOWED,
- null));
-
- }
-}
-
-
-
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.bridge;
+
+import org.apache.batik.util.ParsedURL;
+
+/**
+ * This implementation does not allow any external resources to be
+ * referenced from an SVG document.
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public class NoLoadExternalResourceSecurity implements ExternalResourceSecurity {
+ /**
+ * Message when trying to load an external resource
+ */
+ public static final String ERROR_NO_EXTERNAL_RESOURCE_ALLOWED
+ = "NoLoadExternalResourceSecurity.error.no.external.resource.allowed";
+
+ /**
+ * The exception is built in the constructor and thrown if
+ * not null and the checkLoadExternalResource method is called.
+ */
+ protected SecurityException se;
+
+ /**
+ * Controls whether the external resource should be loaded or not.
+ *
+ * @throws SecurityException if the externalResource should not be loaded.
+ */
+ public void checkLoadExternalResource(){
+ if (se != null) {
+ se.fillInStackTrace();
+ throw se;
+ }
+ }
+
+ /**
+ */
+ public NoLoadExternalResourceSecurity(){
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_NO_EXTERNAL_RESOURCE_ALLOWED,
+ null));
+
+ }
+}
+
+
+
1.2 +62 -62 xml-batik/sources/org/apache/batik/bridge/NoLoadScriptSecurity.java
Index: NoLoadScriptSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/NoLoadScriptSecurity.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- NoLoadScriptSecurity.java 30 Apr 2002 08:45:15 -0000 1.1
+++ NoLoadScriptSecurity.java 17 Jun 2002 13:01:44 -0000 1.2
@@ -1,62 +1,62 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.bridge;
-
-import java.net.URL;
-
-/**
- * This implementation for the <tt>ScriptSecurity</tt> interface
- * does not allow scripts to be loaded.
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public class NoLoadScriptSecurity implements ScriptSecurity {
- /**
- * Message when trying to load a script file and the Document
- * does not have a URL
- */
- public static final String ERROR_NO_SCRIPT_OF_TYPE_ALLOWED
- = "NoLoadScriptSecurity.error.no.script.of.type.allowed";
-
- /**
- * The exception is built in the constructor and thrown if
- * the checkLoadScript method is called.
- */
- protected SecurityException se;
-
- /**
- * Controls whether the script should be loaded or not.
- *
- * @throws SecurityException if the script should not be loaded.
- */
- public void checkLoadScript(){
- throw se;
- }
-
- /**
- * @param scriptType type of script, as found in the
- * type attribute of the <script> element.
- * @param scriptURL url for the script, as defined in
- * the script's xlink:href attribute. If that
- * attribute was empty, then this parameter should
- * be null
- * @param docURL url for the document into which the
- * script was found.
- */
- public NoLoadScriptSecurity(String scriptType){
-
- se = new SecurityException
- (Messages.formatMessage(ERROR_NO_SCRIPT_OF_TYPE_ALLOWED,
- new Object[]{scriptType}));
- }
-}
-
-
-
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.bridge;
+
+import java.net.URL;
+
+/**
+ * This implementation for the <tt>ScriptSecurity</tt> interface
+ * does not allow scripts to be loaded.
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public class NoLoadScriptSecurity implements ScriptSecurity {
+ /**
+ * Message when trying to load a script file and the Document
+ * does not have a URL
+ */
+ public static final String ERROR_NO_SCRIPT_OF_TYPE_ALLOWED
+ = "NoLoadScriptSecurity.error.no.script.of.type.allowed";
+
+ /**
+ * The exception is built in the constructor and thrown if
+ * the checkLoadScript method is called.
+ */
+ protected SecurityException se;
+
+ /**
+ * Controls whether the script should be loaded or not.
+ *
+ * @throws SecurityException if the script should not be loaded.
+ */
+ public void checkLoadScript(){
+ throw se;
+ }
+
+ /**
+ * @param scriptType type of script, as found in the
+ * type attribute of the <script> element.
+ * @param scriptURL url for the script, as defined in
+ * the script's xlink:href attribute. If that
+ * attribute was empty, then this parameter should
+ * be null
+ * @param docURL url for the document into which the
+ * script was found.
+ */
+ public NoLoadScriptSecurity(String scriptType){
+
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_NO_SCRIPT_OF_TYPE_ALLOWED,
+ new Object[]{scriptType}));
+ }
+}
+
+
+
1.2 +44 -44 xml-batik/sources/org/apache/batik/bridge/RelaxedExternalResourceSecurity.java
Index: RelaxedExternalResourceSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/RelaxedExternalResourceSecurity.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- RelaxedExternalResourceSecurity.java 13 Jun 2002 11:19:37 -0000 1.1
+++ RelaxedExternalResourceSecurity.java 17 Jun 2002 13:01:44 -0000 1.2
@@ -1,44 +1,44 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.bridge;
-
-import org.apache.batik.util.ParsedURL;
-
-/**
- * This implementation of <tt>ExternalResourceSecurity</tt> allows any
- * external references.
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public class RelaxedExternalResourceSecurity implements ExternalResourceSecurity {
- /**
- * Controls whether the externalResource should be loaded or not.
- *
- * @throws SecurityException if the externalResource should not be loaded.
- */
- public void checkLoadExternalResource(){
- }
-
- /**
- * @param externalResourceURL url for the externalResource, as defined in
- * the externalResource's xlink:href attribute. If that
- * attribute was empty, then this parameter should
- * be null
- * @param docURL url for the document into which the
- * externalResource was found.
- */
- public RelaxedExternalResourceSecurity(ParsedURL externalResourceURL,
- ParsedURL docURL){
- /* do nothing */
- }
-}
-
-
-
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.bridge;
+
+import org.apache.batik.util.ParsedURL;
+
+/**
+ * This implementation of <tt>ExternalResourceSecurity</tt> allows any
+ * external references.
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public class RelaxedExternalResourceSecurity implements ExternalResourceSecurity {
+ /**
+ * Controls whether the externalResource should be loaded or not.
+ *
+ * @throws SecurityException if the externalResource should not be loaded.
+ */
+ public void checkLoadExternalResource(){
+ }
+
+ /**
+ * @param externalResourceURL url for the externalResource, as defined in
+ * the externalResource's xlink:href attribute. If that
+ * attribute was empty, then this parameter should
+ * be null
+ * @param docURL url for the document into which the
+ * externalResource was found.
+ */
+ public RelaxedExternalResourceSecurity(ParsedURL externalResourceURL,
+ ParsedURL docURL){
+ /* do nothing */
+ }
+}
+
+
+
1.3 +51 -51 xml-batik/sources/org/apache/batik/bridge/RelaxedScriptSecurity.java
Index: RelaxedScriptSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/RelaxedScriptSecurity.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- RelaxedScriptSecurity.java 5 Jun 2002 21:14:47 -0000 1.2
+++ RelaxedScriptSecurity.java 17 Jun 2002 13:01:44 -0000 1.3
@@ -1,51 +1,51 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.bridge;
-
-import org.apache.batik.util.ParsedURL;
-
-/**
- * This implementation for the <tt>ScriptSecurity</tt> interface.
- * allows the script to be loaded and does not impose constraints
- * on the urls.
- * Note that this only means there is no check on the script's
- * origin, not that it will run without security checks.
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public class RelaxedScriptSecurity implements ScriptSecurity {
- /**
- * Controls whether the script should be loaded or not.
- *
- * @throws SecurityException if the script should not be loaded.
- */
- public void checkLoadScript(){
- /* do nothing */
- }
-
- /**
- * @param scriptType type of script, as found in the
- * type attribute of the <script> element.
- * @param scriptURL url for the script, as defined in
- * the script's xlink:href attribute. If that
- * attribute was empty, then this parameter should
- * be null
- * @param docURL url for the document into which the
- * script was found.
- */
- public RelaxedScriptSecurity(String scriptType,
- ParsedURL scriptURL,
- ParsedURL docURL){
- /* do nothing */
- }
-}
-
-
-
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.bridge;
+
+import org.apache.batik.util.ParsedURL;
+
+/**
+ * This implementation for the <tt>ScriptSecurity</tt> interface.
+ * allows the script to be loaded and does not impose constraints
+ * on the urls.
+ * Note that this only means there is no check on the script's
+ * origin, not that it will run without security checks.
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public class RelaxedScriptSecurity implements ScriptSecurity {
+ /**
+ * Controls whether the script should be loaded or not.
+ *
+ * @throws SecurityException if the script should not be loaded.
+ */
+ public void checkLoadScript(){
+ /* do nothing */
+ }
+
+ /**
+ * @param scriptType type of script, as found in the
+ * type attribute of the <script> element.
+ * @param scriptURL url for the script, as defined in
+ * the script's xlink:href attribute. If that
+ * attribute was empty, then this parameter should
+ * be null
+ * @param docURL url for the document into which the
+ * script was found.
+ */
+ public RelaxedScriptSecurity(String scriptType,
+ ParsedURL scriptURL,
+ ParsedURL docURL){
+ /* do nothing */
+ }
+}
+
+
+
1.2 +32 -32 xml-batik/sources/org/apache/batik/bridge/ScriptSecurity.java
Index: ScriptSecurity.java
===================================================================
RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/ScriptSecurity.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ScriptSecurity.java 30 Apr 2002 08:45:15 -0000 1.1
+++ ScriptSecurity.java 17 Jun 2002 13:01:44 -0000 1.2
@@ -1,32 +1,32 @@
-/*****************************************************************************
- * Copyright (C) The Apache Software Foundation. All rights reserved. *
- * ------------------------------------------------------------------------- *
- * This software is published under the terms of the Apache Software License *
- * version 1.1, a copy of which has been included with this distribution in *
- * the LICENSE file. *
- *****************************************************************************/
-
-package org.apache.batik.bridge;
-
-/**
- * An interface that allows UserAgents to describe the security
- * constraints desired for scripting.
- *
- * Right now, this interface only has one method, but it may be
- * extended in the future to add finer control over the security
- * settings for scripts.
- *
- * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
- * @version $Id$
- */
-public interface ScriptSecurity {
- /**
- * Controls whether the script should be loaded or not.
- *
- * @throws SecurityException if the script should not be loaded.
- */
- void checkLoadScript();
-}
-
-
-
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+package org.apache.batik.bridge;
+
+/**
+ * An interface that allows UserAgents to describe the security
+ * constraints desired for scripting.
+ *
+ * Right now, this interface only has one method, but it may be
+ * extended in the future to add finer control over the security
+ * settings for scripts.
+ *
+ * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
+ * @version $Id$
+ */
+public interface ScriptSecurity {
+ /**
+ * Controls whether the script should be loaded or not.
+ *
+ * @throws SecurityException if the script should not be loaded.
+ */
+ void checkLoadScript();
+}
+
+
+
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: batik-dev-help@xml.apache.org