Author: zhoresh
Date: Fri Nov 5 17:24:08 2010
New Revision: 1031672
URL: http://svn.apache.org/viewvc?rev=1031672&view=rev
Log:
Ref http://codereview.appspot.com/2917041/
patch by Jacobo, Do not return type=url views for gadgets that are to be
sanitized
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/process/Processor.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/spec/GadgetSpec.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/process/ProcessorTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManagerTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/UriManagerTestBase.java
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java?rev=1031672&r1=1031671&r2=1031672&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java
Fri Nov 5 17:24:08 2010
@@ -139,4 +139,11 @@ public class GadgetContext {
public String getUserAgent() {
return delegate == null ? null : delegate.getUserAgent();
}
+
+ /**
+ * @return Whether the gadget output should be sanitized.
+ */
+ public boolean getSanitize() {
+ return delegate == null ? false : delegate.getSanitize();
+ }
}
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/process/Processor.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/process/Processor.java?rev=1031672&r1=1031671&r2=1031672&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/process/Processor.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/process/Processor.java
Fri Nov 5 17:24:08 2010
@@ -89,6 +89,10 @@ public class Processor {
try {
GadgetSpec spec = gadgetSpecFactory.getGadgetSpec(context);
spec = substituter.substitute(context, spec);
+
+ if (context.getSanitize()) {
+ spec = spec.removeUrlViews();
+ }
return new Gadget()
.setContext(context)
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/spec/GadgetSpec.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/spec/GadgetSpec.java?rev=1031672&r1=1031671&r2=1031672&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/spec/GadgetSpec.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/spec/GadgetSpec.java
Fri Nov 5 17:24:08 2010
@@ -21,6 +21,7 @@ import org.apache.commons.lang.StringUti
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.util.HashUtil;
import org.apache.shindig.common.xml.XmlUtil;
+import org.apache.shindig.gadgets.spec.View.ContentType;
import org.apache.shindig.gadgets.variables.Substitutions;
import com.google.common.collect.ImmutableMap;
@@ -234,6 +235,23 @@ public class GadgetSpec {
return spec;
}
+
+ /**
+ * Returns a copy of the spec with all type=url views removed.
+ */
+ public GadgetSpec removeUrlViews() {
+ GadgetSpec spec = new GadgetSpec(this);
+ spec.modulePrefs = modulePrefs;
+ spec.userPrefs = userPrefs;
+ ImmutableMap.Builder<String, View> viewMap = ImmutableMap.builder();
+ for (View view : views.values()) {
+ if (view.getType() != ContentType.URL) {
+ viewMap.put(view.getName(), view);
+ }
+ }
+ spec.views = viewMap.build();
+ return spec;
+ }
@Override
public String toString() {
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java?rev=1031672&r1=1031671&r2=1031672&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java
Fri Nov 5 17:24:08 2010
@@ -150,6 +150,7 @@ public class DefaultIframeUriManager imp
addParam(uri, Param.COUNTRY.getKey(), context.getLocale().getCountry(),
useTpl, false);
addParam(uri, Param.DEBUG.getKey(), context.getDebug() ? "1" : "0",
useTpl, false);
addParam(uri, Param.NO_CACHE.getKey(), context.getIgnoreCache() ? "1" :
"0", useTpl, false);
+ addParam(uri, Param.SANITIZE.getKey(), context.getSanitize() ? "1" : "0",
useTpl, false);
// Add all UserPrefs
UserPrefs prefs = context.getUserPrefs();
Modified:
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/process/ProcessorTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/process/ProcessorTest.java?rev=1031672&r1=1031671&r2=1031672&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/process/ProcessorTest.java
(original)
+++
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/process/ProcessorTest.java
Fri Nov 5 17:24:08 2010
@@ -75,7 +75,7 @@ public class ProcessorTest {
processor = new Processor(gadgetSpecFactory, substituter, containerConfig,
blacklist, null);
}
- private GadgetContext makeContext(final String view, final Uri specUrl) {
+ private GadgetContext makeContext(final String view, final Uri specUrl,
final boolean sanitize) {
return new GadgetContext() {
@Override
public Uri getUrl() {
@@ -89,11 +89,16 @@ public class ProcessorTest {
public String getView() {
return view;
}
+
+ @Override
+ public boolean getSanitize() {
+ return sanitize;
+ }
};
}
private GadgetContext makeContext(final String view) {
- return makeContext(view, SPEC_URL);
+ return makeContext(view, SPEC_URL, false);
}
@Test
@@ -153,7 +158,7 @@ public class ProcessorTest {
@Test
public void nullUrlThrows() throws Exception {
try {
- processor.process(makeContext("html", null));
+ processor.process(makeContext("html", null, false));
fail("expected ProcessingException");
} catch (ProcessingException e) {
assertEquals(HttpServletResponse.SC_BAD_REQUEST, e.getHttpStatusCode());
@@ -163,12 +168,20 @@ public class ProcessorTest {
@Test
public void nonHttpOrHttpsThrows() throws Exception {
try {
- processor.process(makeContext("html", Uri.parse("file://foo")));
+ processor.process(makeContext("html", Uri.parse("file://foo"), false));
fail("expected ProcessingException");
} catch (ProcessingException e) {
assertEquals(HttpServletResponse.SC_FORBIDDEN, e.getHttpStatusCode());
}
}
+
+ @Test
+ public void typeUrlViewsAreSkippedForSanitizedGadget() throws Exception {
+ Gadget gadget = processor.process(makeContext("url", SPEC_URL, true));
+ assertNull(gadget.getCurrentView());
+ gadget = processor.process(makeContext("html", SPEC_URL, true));
+ assertEquals(BASIC_HTML_CONTENT, gadget.getCurrentView().getContent());
+ }
private static class FakeBlacklist implements GadgetBlacklist {
protected boolean wasChecked;
Modified:
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManagerTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManagerTest.java?rev=1031672&r1=1031671&r2=1031672&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManagerTest.java
(original)
+++
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManagerTest.java
Fri Nov 5 17:24:08 2010
@@ -62,8 +62,8 @@ public class DefaultIframeUriManagerTest
private static final String LD_SUFFIX = ".lockeddomain.com";
private static final String LD_SUFFIX_ALT = ".altld.com";
private static final String UNLOCKED_DOMAIN = "unlockeddomain.com";
- private static final int TYPE_URL_NUM_BASE_PARAMS = 7;
- private static final int TYPE_HTML_NUM_BASE_PARAMS = 7;
+ private static final int TYPE_URL_NUM_BASE_PARAMS = 8;
+ private static final int TYPE_HTML_NUM_BASE_PARAMS = 8;
private static final LockedDomainPrefixGenerator prefixGen = new
LockedDomainPrefixGenerator() {
public String getLockedDomainPrefix(Uri gadgetUri) {
@@ -87,6 +87,7 @@ public class DefaultIframeUriManagerTest
false, // not type=url
false, // isDebug
false, // ignoreCache
+ false, // sanitize
prefs, // spec-contained prefs
prefs, // prefs supplied by the requester, same k/v as spec w/
default val for simplicity
false, // no pref substitution needed, ergo prefs in fragment
@@ -112,6 +113,7 @@ public class DefaultIframeUriManagerTest
assertEquals(COUNTRY, uri.getQueryParameter(Param.COUNTRY.getKey()));
assertEquals("0", uri.getQueryParameter(Param.DEBUG.getKey()));
assertEquals("0", uri.getQueryParameter(Param.NO_CACHE.getKey()));
+ assertEquals("0", uri.getQueryParameter(Param.SANITIZE.getKey()));
assertEquals(prefVal, uri.getFragmentParameter("up_" + prefKey));
// Only the params that are needed.
@@ -138,6 +140,7 @@ public class DefaultIframeUriManagerTest
false, // not type=url
false, // isDebug
false, // ignoreCache
+ false, // sanitize
prefs, // spec-contained prefs
prefs, // prefs supplied by the requester, same k/v as spec w/
default val for simplicity
false, // no pref substitution needed, ergo prefs in fragment
@@ -165,6 +168,8 @@ public class DefaultIframeUriManagerTest
assertEquals(tplKey(Param.DEBUG.getKey()),
uriTpl.getQueryParameter(Param.DEBUG.getKey()));
assertEquals(tplKey(Param.NO_CACHE.getKey()),
uriTpl.getQueryParameter(Param.NO_CACHE.getKey()));
+ assertEquals(tplKey(Param.SANITIZE.getKey()),
+ uriTpl.getQueryParameter(Param.SANITIZE.getKey()));
assertEquals(tplKey("up_" + prefKey), uriTpl.getFragmentParameter("up_" +
prefKey));
// Only the params that are needed.
@@ -192,6 +197,7 @@ public class DefaultIframeUriManagerTest
true, // type=url
true, // isDebug
true, // ignoreCache
+ true, // sanitize
prefs, // spec-contained prefs
prefs, // prefs supplied by the requester, same k/v as spec w/
default val for simplicity
false, // no pref substitution needed, ergo prefs in fragment
@@ -217,6 +223,7 @@ public class DefaultIframeUriManagerTest
assertEquals("rpc:setprefs", uri.getQueryParameter(Param.LIBS.getKey()));
assertEquals("1", uri.getQueryParameter(Param.DEBUG.getKey()));
assertEquals("1", uri.getQueryParameter(Param.NO_CACHE.getKey()));
+ assertEquals("1", uri.getQueryParameter(Param.SANITIZE.getKey()));
assertEquals(prefVal, uri.getFragmentParameter("up_" + prefKey));
// Only the params that are needed.
@@ -244,6 +251,7 @@ public class DefaultIframeUriManagerTest
true, // type=url
true, // isDebug
true, // ignoreCache
+ true, // sanitize
prefs, // spec-contained prefs
prefs, // prefs supplied by the requester, same k/v as spec w/
default val for simplicity
false, // no pref substitution needed, ergo prefs in fragment
Modified:
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/UriManagerTestBase.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/UriManagerTestBase.java?rev=1031672&r1=1031671&r2=1031672&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/UriManagerTestBase.java
(original)
+++
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/UriManagerTestBase.java
Fri Nov 5 17:24:08 2010
@@ -51,36 +51,36 @@ public class UriManagerTestBase {
// Used for "feature-focused" tests, eg. security token and locked domain
protected Gadget mockGadget(String... features) {
Map<String, String> prefs = Maps.newHashMap();
- return mockGadget(SPEC_URI.toString(), false, false, false, prefs, prefs,
false,
- Lists.newArrayList(features));
+ return mockGadget(SPEC_URI.toString(), false, false, false, false, prefs,
prefs,
+ false, Lists.newArrayList(features));
}
// Used for prefs-focused tests
protected Gadget mockGadget(boolean prefsForRendering, Map<String, String>
specPrefs,
Map<String, String> inPrefs) {
- return mockGadget(SPEC_URI.toString(), false, false, false, specPrefs,
inPrefs,
- prefsForRendering, Lists.<String>newArrayList());
+ return mockGadget(SPEC_URI.toString(), false, false, false, false,
specPrefs,
+ inPrefs, prefsForRendering, Lists.<String>newArrayList());
}
// Used for "base" tests.
protected Gadget mockGadget(String targetUrl, boolean isTypeUrl, boolean
isDebug,
- boolean ignoreCache, Map<String, String> specPrefs, Map<String, String>
inPrefs,
- boolean needsPrefSubst, List<String> features) {
+ boolean ignoreCache, boolean sanitize, Map<String, String> specPrefs,
+ Map<String, String> inPrefs, boolean needsPrefSubst, List<String>
features) {
return mockGadget(targetUrl, isTypeUrl, VIEW, LANG, COUNTRY, isDebug,
ignoreCache,
- specPrefs, inPrefs, needsPrefSubst, features);
+ sanitize, specPrefs, inPrefs, needsPrefSubst, features);
}
// Used for tests that don't care much about prefs or gadget type.
protected Gadget mockGadget(boolean isDebug, boolean ignoreCache) {
return mockGadget(SPEC_URI.toString(), false, isDebug, ignoreCache,
- Maps.<String, String>newHashMap(), Maps.<String, String>newHashMap(),
- false, Lists.<String>newArrayList());
+ false, Maps.<String, String>newHashMap(),
+ Maps.<String, String>newHashMap(), false,
Lists.<String>newArrayList());
}
// Actually generates the mock gadget. Used for error (null value) tests.
protected Gadget mockGadget(String targetUrl, boolean isTypeUrl, String
viewStr, String lang,
- String country, boolean isDebug, boolean ignoreCache, Map<String,
String> specPrefs,
- Map<String, String> inPrefs, boolean needsPrefSubst, List<String>
features) {
+ String country, boolean isDebug, boolean ignoreCache, boolean sanitize,
+ Map<String, String> specPrefs, Map<String, String> inPrefs, boolean
needsPrefSubst, List<String> features) {
View view = createMock(View.class);
ModulePrefs modulePrefs = createMock(ModulePrefs.class);
GadgetSpec spec = createMock(GadgetSpec.class);
@@ -106,6 +106,7 @@ public class UriManagerTestBase {
expect(context.getDebug()).andReturn(isDebug).anyTimes();
expect(context.getIgnoreCache()).andReturn(ignoreCache).anyTimes();
expect(context.getToken()).andReturn(null).anyTimes();
+ expect(context.getSanitize()).andReturn(sanitize).anyTimes();
// All Features (doesn't distinguish between transitive and not)
expect(gadget.getAllFeatures()).andReturn(features).anyTimes();
