scripting security.svg security2.jar security2.svg

Vincent Hardy Tue, 30 Apr 2002 04:29:31 -0700

vhardy      02/04/30 01:45:16

  Modified:    .        build.xml
               resources/org/apache/batik/apps/svgbrowser/resources
                        GUI.properties
               resources/org/apache/batik/bridge/resources
                        Messages.properties
               sources/org/apache/batik/apps/svgbrowser Application.java
                        JSVGViewerFrame.java Main.java
                        PreferenceDialog.java
               sources/org/apache/batik/bridge
                        BaseScriptingEnvironment.java Messages.java
                        ScriptingEnvironment.java UserAgent.java
                        UserAgentAdapter.java
               sources/org/apache/batik/script InterpreterFactory.java
                        InterpreterPool.java Window.java
               sources/org/apache/batik/script/jacl
                        JaclInterpreterFactory.java
               sources/org/apache/batik/script/jpython
                        JPythonInterpreterFactory.java
               sources/org/apache/batik/script/rhino
                        RhinoInterpreterFactory.java
               sources/org/apache/batik/swing/svg JSVGComponent.java
                        SVGUserAgent.java
               sources/org/apache/batik/transcoder/image
                        ImageTranscoder.java
               sources/org/apache/batik/transcoder/print
                        PrintTranscoder.java
               sources/org/apache/batik/util SVGConstants.java
  Added:       resources/org/apache/batik/apps/svgbrowser/resources
                        svgbrowser.bin.policy svgbrowser.policy
               resources/org/apache/batik/script/rhino/resources
                        messages.properties
               sources/org/apache/batik/bridge
DefaultScriptSecurity.java
                        NoLoadScriptSecurity.java
                        RelaxedScriptSecurity.java ScriptSecurity.java
               sources/org/apache/batik/script/rhino Messages.java
              
samples/tests/resources/java/resources/com/untrusted/script
                        security2.mf
               samples/tests/resources/java/sources/com/untrusted/script
                        UntrustedScriptHandler.java
               samples/tests/resources/script common.js rhinoSecurity.js
                        scrollbar.js
               samples/tests/spec/scripting security.svg security2.jar
                        security2.svg
  Log:
  Initial security support for the Squiggle browser.
  
  By default:
  
  . Scripts run in a sandbox.
  . Scripts can only connect back to the server from
    which the document they belong to was loaded.
  . Scripts can only come from the same server as the
    document they are linked from.
  
  These behaviors are optional (in the Preference Dialog,
  Browser options):
  
  . Users can disable/enable script security altogether.
  . Users can disable/enable script types (java or ecmascript)
  . Users can disable/enable limiting scripts to the same
    origin as the document that references them.
  
  Note that when the configuration is such that the 
  user allows script coming from a different origin than
  that of the document referencing it, the script can 
  only connect back to the server which served the 
  script and not to the server which served the 
  document.
  
  Limitations:
  
  - in this initial commit, ECMA scripts cannot connect back
    to the server which served them. This should be added 
    shortly.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: xml-batik/samples/tests/spec/scripting security.svg security2.jar security2.svg

Reply via email to