vhardy 2002/06/13 04:19:39
Modified: resources/org/apache/batik/apps/svgbrowser/resources
GUI.properties
resources/org/apache/batik/bridge/resources
Messages.properties
sources/org/apache/batik/apps/svgbrowser Application.java
JSVGViewerFrame.java Main.java
PreferenceDialog.java
sources/org/apache/batik/bridge
BaseScriptingEnvironment.java BridgeContext.java
BridgeException.java DocumentLoader.java
ErrorConstants.java
SVGAltGlyphElementBridge.java
SVGAltGlyphHandler.java
SVGColorProfileElementBridge.java
SVGFeImageElementBridge.java
SVGImageElementBridge.java SVGUtilities.java
ScriptingEnvironment.java URIResolver.java
UserAgent.java UserAgentAdapter.java
sources/org/apache/batik/css/engine CSSContext.java
CSSEngine.java
sources/org/apache/batik/dom/svg
ExtensibleSVGDOMImplementation.java
SVGDOMImplementation.java
SVGStyleSheetProcessingInstruction.java
sources/org/apache/batik/script/rhino
RhinoClassLoader.java
sources/org/apache/batik/swing/svg JSVGComponent.java
SVGUserAgent.java
test-resources/org/apache/batik/bridge IWasLoaded.jar
IWasLoadedToo.jar JarCheckPermissionsDenied.jar
JarCheckPermissionsGranted.jar
ecmaCheckNoLoad.svg
unitTesting.xml
Added: sources/org/apache/batik/bridge
DefaultExternalResourceSecurity.java
ExternalResourceSecurity.java
NoLoadExternalResourceSecurity.java
RelaxedExternalResourceSecurity.java
test-resources/org/apache/batik/bridge
externalResourcesAccess.svg
test-sources/org/apache/batik/bridge
ExternalResourcesTest.java
Log:
New Fearure:
- Added centralized control over external resources download
The UserAgent API now contains method to authorize/deny access
to external resources referenced from a document. This is
orthogonal to the sand-box security (i.e., that feature can
be active even when scripting security is disabled).
There is an option in the Squiggle preference dialog (browser
options) to let the user select his/her prefered settings.
Right now, control over external resources can be disabled
or external resources can be constrained to come from the
same location as the document being loaded. These are the
only settings Squiggle offers at this time. However, the
UserAgent's new interface allow for any type of security
strategy with regards to external resources (e.g., it is
possible to have a strategy dependant on the external url).
External resources:
- stylesheets in processing instructions
- <use>
- <image>
- <feImage>
- <tref>
- <textPath>
- <altGlyph>
- <glyphRef>
- <color-profile>
- <linearGradient>
- <radialGradient>
- <pattern>
- <filter>
- <script>
- <font-face-uri>
Note that <definition-src> is not supported in Batik and
does not appear in the above list for that reason. <cursor>
is not supported yet (but it should be in the near future)
and <mpath> will be when the SMIL animation work is under
way.
Bug Fix:
- Removed unnecessary code from RhinoInterpreter
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
