Hello noel, dsymonds,
I'd like you to do a code review. Please execute
g4 diff -c 9191113
or point your web browser to
http://mondrian/9191113
to review the following code:
Change 9191113 by [EMAIL PROTECTED] on 2008/11/28 16:34:04 *pending*
Rename desktop.getDragAndDropData to be desktop.getDragData.
Also, introduce a stub for desktop.acceptData.
R=noel,dsymonds
[EMAIL PROTECTED]
DELTA=131 (78 added, 0 deleted, 53 changed)
OCL=9191113
Affected files ...
... //depot/googleclient/gears/opensource/gears/desktop/desktop.cc#60 edit
... //depot/googleclient/gears/opensource/gears/desktop/desktop.h#23 edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.cc#2
edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.h#1
edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.cc#1
edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.h#1
edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.h#3
edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.mm#3
edit
...
//depot/googleclient/gears/opensource/gears/test/manual/drag_and_drop_fake_event_attack.html#3
edit
131 delta lines: 78 added, 0 deleted, 53 changed
Also consider running:
g4 lint -c 9191113
which verifies that the changelist doesn't introduce new style violations.
If you can't do the review, please let me know as soon as possible. During
your review, please ensure that all new code has corresponding unit tests and
that existing unit tests are updated appropriately. Visit
http://www/eng/code_review.html for more information.
This is a semiautomated message from "g4 mail". Complaints or suggestions?
Mail [EMAIL PROTECTED]
Change 9191113 by [EMAIL PROTECTED] on 2008/11/28 16:34:04 *pending*
Rename desktop.getDragAndDropData to be desktop.getDragData.
Also, introduce a stub for desktop.acceptData.
Affected files ...
... //depot/googleclient/gears/opensource/gears/desktop/desktop.cc#60 edit
... //depot/googleclient/gears/opensource/gears/desktop/desktop.h#23 edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.cc#2
edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.h#1
edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.cc#1
edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.h#1
edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.h#3
edit
...
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.mm#3
edit
...
//depot/googleclient/gears/opensource/gears/test/manual/drag_and_drop_fake_event_attack.html#3
edit
==== //depot/googleclient/gears/opensource/gears/desktop/desktop.cc#60 -
c:\devel\srcwingears2/googleclient/gears/opensource/gears/desktop/desktop.cc
====
# action=edit type=text
--- googleclient/gears/opensource/gears/desktop/desktop.cc 2008-11-28
16:33:56.000000000 +1100
+++ googleclient/gears/opensource/gears/desktop/desktop.cc 2008-11-28
16:13:30.000000000 +1100
@@ -86,7 +86,8 @@
// The Drag-and-Drop API has not been finalized for official builds.
#else
#if GEARS_DRAG_AND_DROP_API_IS_SUPPORTED_FOR_THIS_PLATFORM
- RegisterMethod("getDragAndDropData", &GearsDesktop::GetDragAndDropData);
+ RegisterMethod("acceptDrag", &GearsDesktop::AcceptDrag);
+ RegisterMethod("getDragData", &GearsDesktop::GetDragData);
RegisterMethod("registerDropTarget", &GearsDesktop::RegisterDropTarget);
#endif
#endif // OFFICIAL_BUILD
@@ -1030,10 +1031,10 @@
// The Drag-and-Drop API has not been finalized for official builds.
#else
#if GEARS_DRAG_AND_DROP_API_IS_SUPPORTED_FOR_THIS_PLATFORM
-void GearsDesktop::GetDragAndDropData(JsCallContext *context) {
+void GearsDesktop::AcceptDrag(JsCallContext *context) {
if (EnvIsWorker()) {
context->SetException(
- STRING16(L"getDragAndDropData is not supported in workers."));
+ STRING16(L"acceptDrag is not supported in workers."));
return;
}
@@ -1045,6 +1046,37 @@
if (context->is_exception_set()) return;
std::string16 error;
+#if BROWSER_FF || (BROWSER_IE && !defined(OS_WINCE)) || BROWSER_WEBKIT
+ ::AcceptDrag(module_environment_.get(),
+ event_as_js_object.get(),
+ &error);
+#else
+ // TODO(nigeltao): implement on Chromium.
+ error = STRING16(L"acceptDrag is not supported for this platform.");
+#endif
+
+ if (!error.empty()) {
+ context->SetException(error);
+ return;
+ }
+}
+
+
+void GearsDesktop::GetDragData(JsCallContext *context) {
+ if (EnvIsWorker()) {
+ context->SetException(
+ STRING16(L"getDragData is not supported in workers."));
+ return;
+ }
+
+ scoped_ptr<JsObject> event_as_js_object;
+ JsArgument argv[] = {
+ { JSPARAM_REQUIRED, JSPARAM_OBJECT, &event_as_js_object },
+ };
+ context->GetArguments(ARRAYSIZE(argv), argv);
+ if (context->is_exception_set()) return;
+
+ std::string16 error;
scoped_ptr<JsObject> result(
module_environment_->js_runner_->NewObject());
@@ -1052,21 +1084,21 @@
#if defined(WIN32) || defined(OS_MACOSX)
// TODO(nigeltao): test that the implementation is sound for Firefox/Windows
// and Firefox/Mac.
- error = STRING16(L"getDragAndDropData is not supported for this platform.");
-#else
- ::GetDragAndDropData(module_environment_.get(),
- event_as_js_object.get(),
- result.get(),
- &error);
+ error = STRING16(L"getDragData is not supported for this platform.");
+#else
+ ::GetDragData(module_environment_.get(),
+ event_as_js_object.get(),
+ result.get(),
+ &error);
#endif
#elif (BROWSER_IE && !defined(OS_WINCE)) || BROWSER_WEBKIT
- ::GetDragAndDropData(module_environment_.get(),
- event_as_js_object.get(),
- result.get(),
- &error);
+ ::GetDragData(module_environment_.get(),
+ event_as_js_object.get(),
+ result.get(),
+ &error);
#else
// TODO(nigeltao): implement on Chromium.
- error = STRING16(L"getDragAndDropData is not supported for this platform.");
+ error = STRING16(L"getDragData is not supported for this platform.");
#endif
if (!error.empty()) {
==== //depot/googleclient/gears/opensource/gears/desktop/desktop.h#23 -
c:\devel\srcwingears2/googleclient/gears/opensource/gears/desktop/desktop.h ====
# action=edit type=text
--- googleclient/gears/opensource/gears/desktop/desktop.h 2008-11-28
16:33:56.000000000 +1100
+++ googleclient/gears/opensource/gears/desktop/desktop.h 2008-11-28
16:35:45.000000000 +1100
@@ -206,12 +206,16 @@
// The Drag-and-Drop API has not been finalized for official builds.
#else
// TODO(nigeltao): decide on exactly one model for the DnD API:
- // * The "Web-app calls Gears" model (GetDragAndDropData), or
+ // * The "Web-app calls Gears" model (GetDragData followed by AcceptDrag), or
// * The "Gears calls Web-app" model (RegisterDropTarget).
+
+ // IN: Event event
+ // OUT: -
+ void AcceptDrag(JsCallContext *context);
// IN: Event event
// OUT: object data
- void GetDragAndDropData(JsCallContext *context);
+ void GetDragData(JsCallContext *context);
// IN: DomElement div, object options
// OUT: -
====
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.cc#2
-
c:\devel\srcwingears2/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.cc
====
# action=edit type=text
--- googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.cc
2008-11-28 16:33:57.000000000 +1100
+++ googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.cc
2008-11-28 16:19:21.000000000 +1100
@@ -204,10 +204,20 @@
}
-void GetDragAndDropData(ModuleEnvironment *module_environment,
- JsObject *event_as_js_object,
- JsObject *data_out,
- std::string16 *error_out) {
+void AcceptDrag(ModuleEnvironment *module_environment,
+ JsObject *event,
+ std::string16 *error_out) {
+ // TODO(nigeltao): implement
+ // if (isDrop) {
+ // evt.stopPropagation();
+ // }
+}
+
+
+void GetDragData(ModuleEnvironment *module_environment,
+ JsObject *event_as_js_object,
+ JsObject *data_out,
+ std::string16 *error_out) {
nsCOMPtr<nsISupports> event_as_supports;
if (!JsvalToISupports(
module_environment->js_runner_->GetContext(),
====
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.h#1
-
c:\devel\srcwingears2/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.h
====
# action=edit type=text
--- googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.h
2008-11-28 16:33:57.000000000 +1100
+++ googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ff.h
2008-11-28 16:16:35.000000000 +1100
@@ -35,9 +35,13 @@
JsArray *files_out,
std::string16 *error_out);
-void GetDragAndDropData(ModuleEnvironment *module_environment,
- JsObject *event,
- JsObject *data_out,
- std::string16 *error_out);
+void AcceptDrag(ModuleEnvironment *module_environment,
+ JsObject *event,
+ std::string16 *error_out);
+
+void GetDragData(ModuleEnvironment *module_environment,
+ JsObject *event,
+ JsObject *data_out,
+ std::string16 *error_out);
#endif // GEARS_DESKTOP_DRAG_AND_DROP_UTILS_FF_H__
====
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.cc#1
-
c:\devel\srcwingears2/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.cc
====
# action=edit type=text
--- googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.cc
2008-11-28 16:33:57.000000000 +1100
+++ googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.cc
2008-11-28 16:18:12.000000000 +1100
@@ -137,10 +137,21 @@
}
-void GetDragAndDropData(ModuleEnvironment *module_environment,
- JsObject *event_as_js_object,
- JsObject *data_out,
- std::string16 *error_out) {
+void AcceptDrag(ModuleEnvironment *module_environment,
+ JsObject *event,
+ std::string16 *error_out) {
+ // TODO(nigeltao): implement
+ // if (isDragEnterOrDragOver) {
+ // evt.returnValue = false;
+ // evt.cancelBubble = true;
+ // }
+}
+
+
+void GetDragData(ModuleEnvironment *module_environment,
+ JsObject *event_as_js_object,
+ JsObject *data_out,
+ std::string16 *error_out) {
// We ignore event_as_js_object, since Gears can access the IHTMLWindow2
// and its IHTMLEventObj directly, via COM, and that seems more trustworthy
// than event_as_js_object, which is supplied by (potentially malicious)
====
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.h#1
-
c:\devel\srcwingears2/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.h
====
# action=edit type=text
--- googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.h
2008-11-28 16:33:57.000000000 +1100
+++ googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_ie.h
2008-11-28 16:16:29.000000000 +1100
@@ -37,9 +37,13 @@
JsArray *files_out,
std::string16 *error_out);
-void GetDragAndDropData(ModuleEnvironment *module_environment,
- JsObject *event,
- JsObject *data_out,
- std::string16 *error_out);
+void AcceptDrag(ModuleEnvironment *module_environment,
+ JsObject *event,
+ std::string16 *error_out);
+
+void GetDragData(ModuleEnvironment *module_environment,
+ JsObject *event,
+ JsObject *data_out,
+ std::string16 *error_out);
#endif // GEARS_DESKTOP_DRAG_AND_DROP_UTILS_IE_H__
====
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.h#3
-
c:\devel\srcwingears2/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.h
====
# action=edit type=text
--- googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.h
2008-11-28 16:33:57.000000000 +1100
+++ googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.h
2008-11-28 16:16:42.000000000 +1100
@@ -58,9 +58,13 @@
bool IsInADragOperation();
bool IsInADropOperation();
-void GetDragAndDropData(ModuleEnvironment *module_environment,
- JsObject *event,
- JsObject *data_out,
- std::string16 *error_out);
+void AcceptDrag(ModuleEnvironment *module_environment,
+ JsObject *event,
+ std::string16 *error_out);
+
+void GetDragData(ModuleEnvironment *module_environment,
+ JsObject *event,
+ JsObject *data_out,
+ std::string16 *error_out);
#endif // GEARS_DESKTOP_DRAG_AND_DROP_UTILS_SF_H__
====
//depot/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.mm#3
-
c:\devel\srcwingears2/googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.mm
====
# action=edit type=text
--- googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.mm
2008-11-28 16:33:57.000000000 +1100
+++ googleclient/gears/opensource/gears/desktop/drag_and_drop_utils_sf.mm
2008-11-28 16:18:39.000000000 +1100
@@ -169,10 +169,17 @@
error_out);
};
-void GetDragAndDropData(ModuleEnvironment *module_environment,
- JsObject *event_as_js_object,
- JsObject *data_out,
- std::string16 *error_out) {
+void AcceptDrag(ModuleEnvironment *module_environment,
+ JsObject *event,
+ std::string16 *error_out) {
+ // TODO(nigeltao): implement
+ // evt.preventDefault();
+}
+
+void GetDragData(ModuleEnvironment *module_environment,
+ JsObject *event_as_js_object,
+ JsObject *data_out,
+ std::string16 *error_out) {
// We ignore event_as_js_object, since Gears (being restricted to the NPAPI
// interface) cannot distinguish between a drag and drop event genuinely
// inside dispatch, and an event that has had dispatchEvent called on,
====
//depot/googleclient/gears/opensource/gears/test/manual/drag_and_drop_fake_event_attack.html#3
-
c:\devel\srcwingears2/googleclient/gears/opensource/gears/test/manual/drag_and_drop_fake_event_attack.html
====
# action=edit type=text
---
googleclient/gears/opensource/gears/test/manual/drag_and_drop_fake_event_attack.html
2008-11-28 16:33:57.000000000 +1100
+++
googleclient/gears/opensource/gears/test/manual/drag_and_drop_fake_event_attack.html
2008-11-28 16:30:46.000000000 +1100
@@ -1,5 +1,5 @@
<html><head>
-<title>Gears Drag and Drop, getDragAndDropData(fakeEvent)</title></head>
+<title>Gears Drag and Drop, getDragData(fakeEvent)</title></head>
<body>
<ol>
<li>Drag some files from the desktop.</li>
@@ -10,7 +10,7 @@
<div>Also, click on these buttons below. If you get an alert (by clicking, or
by dragging, or whatever else) then something is wrong (i.e. Gears drag and
drop has a potential security hole).</div>
-<button onclick="tryGetDragAndDropData(event)">Click Me 1</button>
+<button onclick="tryGetDragData(event)">Click Me 1</button>
<button onclick="tryDispatchEvent(invalidEvent)">Click Me 2</button>
<button onclick="tryDispatchEvent(null)">Click Me 3</button>
@@ -37,10 +37,10 @@
'target': document,
'type': 'dragenter'
};
-// To start with, every 2 seconds, we tryGetDragAndDropData with this fake
-// event. However, after the first time handler is called (i.e. after the
-// first genuine drag and drop event), invalidEvent is set to that event and
-// we tryGetDragAndDropData that event, every 2 seconds.
+// To start with, every 2 seconds, we tryGetDragData with this fake event.
+// However, after the first time handler is called (i.e. after the first
+// genuine drag and drop event), invalidEvent is set to that event and we
+// tryGetDragData that event, every 2 seconds.
var invalidEvent = fakeEvent;
function handler(isDrop, isDragEnterOrDragOver) {
@@ -51,7 +51,7 @@
invalidEvent = evt;
if (isDrop) {
try {
- var data = desktop.getDragAndDropData(evt);
+ var data = desktop.getDragData(evt);
// The line above should always throw an exception, if we are in
// manual dispatch (as opposed to a genuine drag and drop event).
if (isInManualDispatch) {
@@ -59,7 +59,7 @@
}
} catch (ex) {
if (!isInManualDispatch) {
- alert('desktop.getDragAndDropData failed during genuine dispatch.');
+ alert('desktop.getDragData failed during genuine dispatch.');
} else {
// Getting an exception during manual dispatch is exactly what we
// expect.
@@ -76,6 +76,8 @@
}
document.getElementById('dropOutput').innerHTML = s;
}
+ // TODO(nigeltao): replace all of these browser-specific quirks with
+ // desktop.acceptDrag(evt);
if (isFirefox) {
if (isDrop) {
evt.stopPropagation();
@@ -114,10 +116,10 @@
// TODO(nigeltao): implement (and test) on Chromium.
}
-function tryGetDragAndDropData(evt) {
+function tryGetDragData(evt) {
document.getElementById('eventTypeOutput').innerHTML = evt.type;
try {
- desktop.getDragAndDropData(evt);
+ desktop.getDragData(evt);
// The line above should always throw an exception.
alert('Gears drag and drop has a potential security hole.');
} catch (ex) {
@@ -154,12 +156,12 @@
// This event listener will catch both natural mouseover events, and those
// mouseover events dispatched by the tryDispatchEvent function above.
if (isFirefox || isSafari) {
- document.addEventListener('mouseover', tryGetDragAndDropData, false);
+ document.addEventListener('mouseover', tryGetDragData, false);
} else if (isIE) {
- document.attachEvent('onmouseover', tryGetDragAndDropData);
+ document.attachEvent('onmouseover', tryGetDragData);
}
-window.setInterval(function() { tryGetDragAndDropData(invalidEvent); }, 2000);
+window.setInterval(function() { tryGetDragData(invalidEvent); }, 2000);
</script>
</body>
