Author: ssievers
Date: Mon May 14 12:01:36 2012
New Revision: 1338171
URL: http://svn.apache.org/viewvc?rev=1338171&view=rev
Log:
SHINDIG-1765 | Replace the unparseable cruft message "throw 1; < don't be evil'
>" constant in client and server with a container config | Patch from Marshall
Shi. Thanks!
Modified:
shindig/trunk/config/container.js
shindig/trunk/features/src/main/javascript/features/core.io/io.js
shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
Modified: shindig/trunk/config/container.js
URL:
http://svn.apache.org/viewvc/shindig/trunk/config/container.js?rev=1338171&r1=1338170&r2=1338171&view=diff
==============================================================================
--- shindig/trunk/config/container.js (original)
+++ shindig/trunk/config/container.js Mon May 14 12:01:36 2012
@@ -157,7 +157,9 @@
// Note: ${Cur['gadgets.uri.proxy.path']} is an open proxy. Be careful how
you expose this!
// Note: These urls should be protocol relative (start with //)
"proxyUrl" :
"//${Cur['default.domain.unlocked.client']}${Cur['gadgets.uri.proxy.path']}?container=%container%&refresh=%refresh%&url=%url%%rewriteMime%",
- "jsonProxyUrl" :
"//${Cur['default.domain.locked.client']}${CONTEXT_ROOT}/gadgets/makeRequest"
+ "jsonProxyUrl" :
"//${Cur['default.domain.locked.client']}${CONTEXT_ROOT}/gadgets/makeRequest",
+ // Note: this setting MUST be supplied in every container config object,
as there is no default if it is not supplied.
+ "unparseableCruft" : "throw 1; < don't be evil' >"
},
"views" : {
"profile" : {
Modified: shindig/trunk/features/src/main/javascript/features/core.io/io.js
URL:
http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/core.io/io.js?rev=1338171&r1=1338170&r2=1338171&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/core.io/io.js (original)
+++ shindig/trunk/features/src/main/javascript/features/core.io/io.js Mon May
14 12:01:36 2012
@@ -118,8 +118,6 @@ gadgets.io = function() {
callback(transformResponseData(params, data));
}
- var UNPARSEABLE_CRUFT = "throw 1; < don't be evil' >";
-
/**
* Handles XHR callback processing.
*
@@ -134,6 +132,7 @@ gadgets.io = function() {
}
var txt = xobj['responseText'];
+ var UNPARSEABLE_CRUFT = config['unparseableCruft'];
// remove unparseable cruft used to prevent cross-site script inclusion
var offset = txt.indexOf(UNPARSEABLE_CRUFT) + UNPARSEABLE_CRUFT.length;
Modified: shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
URL:
http://svn.apache.org/viewvc/shindig/trunk/features/src/test/javascript/features/core.io/iotest.js?rev=1338171&r1=1338170&r2=1338171&view=diff
==============================================================================
--- shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
(original)
+++ shindig/trunk/features/src/test/javascript/features/core.io/iotest.js Mon
May 14 12:01:36 2012
@@ -40,14 +40,16 @@ IoTest.prototype.setUp = function() {
document.scripts = [];
gadgets.config.init({ "core.io" : {
"proxyUrl" :
"http://example.com/proxy?url=%url%&refresh=%refresh%&g=%gadget%&c=%container%";,
- "jsonProxyUrl" : "http://example.com/json"; }});
+ "jsonProxyUrl" : "http://example.com/json";,
+ "unparseableCruft" : "throw 1; < don't be evil' >"}});
gadgets.io.preloaded_ = [];
};
IoTest.prototype.setSchemaless = function() {
gadgets.config.init({ "core.io" : {
"proxyUrl" :
"//example.com/proxy?url=%url%&refresh=%refresh%&g=%gadget%&c=%container%",
- "jsonProxyUrl" : "http://example.com/json"; }});
+ "jsonProxyUrl" : "http://example.com/json";,
+ "unparseableCruft" : "throw 1; < don't be evil' >"}});
gadgets.io.preloaded_ = [];
};
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java?rev=1338171&r1=1338170&r2=1338171&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
Mon May 14 12:01:36 2012
@@ -71,7 +71,6 @@ import com.google.inject.Singleton;
@Singleton
public class MakeRequestHandler implements ContainerConfig.ConfigObserver {
// Relaxed visibility for ease of integration. Try to avoid relying on these.
- public static final String UNPARSEABLE_CRUFT = "throw 1; < don't be evil' >";
public static final String POST_DATA_PARAM = "postData";
public static final String METHOD_PARAM = "httpMethod";
public static final String HEADERS_PARAM = "headers";
@@ -84,8 +83,12 @@ public class MakeRequestHandler implemen
public static final String MAX_POST_SIZE_KEY =
"gadgets.jsonProxyUrl.maxPostSize";
public static final String MULTI_PART_FORM_POST = "MPFP";
public static final String MULTI_PART_FORM_POST_IFRAME = "iframe";
+ public static final String GADGETS_FEATURES = "gadgets.features";
+ public static final String CORE_IO = "core.io";
+ public static final String UNPARSEABLE_CRUFT = "unparseableCruft";
public static final int MAX_POST_SIZE_DEFAULT = 5 * 1024 * 1024; // 5 MiB
+ private final Map<String, String> unparseableCruftMsgs;
private final RequestPipeline requestPipeline;
private final ResponseRewriterRegistry contentRewriterRegistry;
private final Provider<FeedProcessor> feedProcessorProvider;
@@ -109,6 +112,7 @@ public class MakeRequestHandler implemen
this.processor = processor;
this.lockedDomainService = lockedDomainService;
this.maxPostSizes = Maps.newConcurrentMap();
+ this.unparseableCruftMsgs = Maps.newConcurrentMap();
config.addConfigObserver(this, true);
}
@@ -182,12 +186,12 @@ public class MakeRequestHandler implemen
if ("1".equals(getParameter(request, MULTI_PART_FORM_POST_IFRAME, null))) {
response.setContentType("text/html");
out.write("<html><head></head><body><textarea>");
- out.write(UNPARSEABLE_CRUFT);
+ out.write(this.unparseableCruftMsgs.get(container));
out.write(output);
out.write("</textarea></body></html>");
} else {
response.setContentType("application/json");
- out.write(UNPARSEABLE_CRUFT + output);
+ out.write(this.unparseableCruftMsgs.get(container) + output);
}
}
@@ -472,9 +476,17 @@ public class MakeRequestHandler implemen
maxPostSize = MAX_POST_SIZE_DEFAULT;
}
maxPostSizes.put(container, maxPostSize);
+ Map<String, Map<String, String>> features = config.getMap(container,
GADGETS_FEATURES);
+ if (features != null) {
+ Map<String, String> coreIO = (Map<String, String>)
features.get(CORE_IO);
+ if (coreIO != null) {
+ unparseableCruftMsgs.put(container, coreIO.get(UNPARSEABLE_CRUFT));
+ }
+ }
}
for (String container : removed) {
maxPostSizes.remove(container);
+ unparseableCruftMsgs.remove(container);
}
}
}
Modified:
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java?rev=1338171&r1=1338170&r2=1338171&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
(original)
+++
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
Mon May 14 12:01:36 2012
@@ -150,8 +150,9 @@ public class MakeRequestHandlerTest exte
private JSONObject extractJsonFromResponse() throws JSONException {
String body = recorder.getResponseAsString();
- assertStartsWith(MakeRequestHandler.UNPARSEABLE_CRUFT, body);
- body = body.substring(MakeRequestHandler.UNPARSEABLE_CRUFT.length());
+ String defaultCruftMsg = "throw 1; < don't be evil' >";
+ assertStartsWith(defaultCruftMsg, body);
+ body = body.substring(defaultCruftMsg.length());
return new JSONObject(body).getJSONObject(REQUEST_URL.toString());
}
@@ -164,9 +165,10 @@ public class MakeRequestHandlerTest exte
JSONObject config = new JSONObject('{' + ContainerConfig.DEFAULT_CONTAINER
+ ':' +
"{'gadgets.container': ['default']," +
- "'gadgets.features':{views:" +
- "{aliased: {aliases: ['some-alias', 'alias']}}" +
- "}}}");
+ "'gadgets.features':{views:" +
+ "{aliased: {aliases: ['some-alias', 'alias']}}" +
+ ",'core.io':" +
+ "{unparseableCruft :\"throw 1; < don't be evil' >\"}}}}");
containerConfig = new JsonContainerConfig(config,
Expressions.forTesting());
ldService = new HashLockedDomainService(containerConfig, false, new
HashShaLockedDomainPrefixGenerator());
Modified:
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java?rev=1338171&r1=1338170&r2=1338171&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
(original)
+++
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
Mon May 14 12:01:36 2012
@@ -77,9 +77,10 @@ public class MakeRequestServletTest exte
public void setUp() throws Exception {
JSONObject config = new JSONObject('{' + ContainerConfig.DEFAULT_CONTAINER
+ ':' +
"{'gadgets.container': ['default']," +
- "'gadgets.features':{views:" +
- "{aliased: {aliases: ['some-alias', 'alias']}}" +
- "}}}");
+ "'gadgets.features':{views:" +
+ "{aliased: {aliases: ['some-alias', 'alias']}}" +
+ ",'core.io':" +
+ "{unparseableCruft :\"throw 1; < don't be evil' >\"}}}}");
containerConfig = new JsonContainerConfig(config,
Expressions.forTesting());
Gadget gadget = mock(Gadget.class);
@@ -111,8 +112,9 @@ public class MakeRequestServletTest exte
private void assertResponseOk(int expectedStatus, String expectedBody)
throws JSONException {
if (recorder.getHttpStatusCode() == HttpServletResponse.SC_OK) {
String body = recorder.getResponseAsString();
- assertStartsWith(MakeRequestHandler.UNPARSEABLE_CRUFT, body);
- body = body.substring(MakeRequestHandler.UNPARSEABLE_CRUFT.length());
+ String defaultCruftMsg = "throw 1; < don't be evil' >";
+ assertStartsWith(defaultCruftMsg, body);
+ body = body.substring(defaultCruftMsg.length());
JSONObject object = new JSONObject(body);
object = object.getJSONObject(REQUEST_URL.toString());
assertEquals(expectedStatus, object.getInt("rc"));
