[gears-eng] a medium-size code review: 12175016 Update dataTransfer.setData() attack test, a

Mon, 03 Aug 2009 02:00:21 -0700 

Hello nigeltao,

I'd like you to do a code review.  Please execute
        g4 diff -c 12175016

or point your web browser to
        http://mondrian/12175016
(this changelist has been uploaded to Mondrian)

to review the following code:

Change 12175016 by n...@noel-gears on 2009/08/03 18:51:32 *pending*

        Update dataTransfer.setData() attack test, add cross-browser
        support, including FF3.5.
        
        PRESUBMIT=passed
        R=nigeltao
        [email protected]
        DELTA=88  (66 added, 7 deleted, 15 changed)
        OCL=12175016

Affected files ...

... 
//depot/googleclient/gears/opensource/gears/test/manual/drag_and_drop_set_data_attack.html#1
 edit

88 delta lines: 66 added, 7 deleted, 15 changed

If you can't do the review, please let me know as soon as possible.  During
your review, please ensure that all new code has corresponding unit tests and
that existing unit tests are updated appropriately.  Visit
http://www/eng/code_review.html for more information.

This is a semiautomated message from "g4 mail".  Complaints or suggestions?
Mail [email protected].

Change 12175016 by n...@noel-gears on 2009/08/03 18:51:32 *pending*

        Update dataTransfer.setData() attack test, add cross-browser
        support, including FF3.5.
        
        OCL=12175016

Affected files ...

... 
//depot/googleclient/gears/opensource/gears/test/manual/drag_and_drop_set_data_attack.html#1
 edit

==== 
//depot/googleclient/gears/opensource/gears/test/manual/drag_and_drop_set_data_attack.html#1
 - 
c:\Users\noel.GOOGLE\src-gears/googleclient/gears/opensource/gears/test/manual/drag_and_drop_set_data_attack.html
 ====
# action=edit type=text
--- 
googleclient/gears/opensource/gears/test/manual/drag_and_drop_set_data_attack.html
  2009-08-03 18:51:44.000000000 +1000
+++ 
googleclient/gears/opensource/gears/test/manual/drag_and_drop_set_data_attack.html
  2009-08-03 18:54:59.000000000 +1000
@@ -1,3 +1,4 @@
+
 <html><head><title>Gears Drag and Drop, setData(aFileUrl)</title></head>
 <body>
 <p>Instructions: drag the image and drop it into the black-bordered square.
@@ -17,37 +18,95 @@
 pasteboard, during ondrag, may or may not be a WebKit bug. The TODO is for
 me to discuss this upstream, with the WebKit people. -->
 
-<img src="icon_48x48.png" ondragstart="onImgDragStart()"/>
+<img src="icon_48x48.png" ondragstart="onImgDragStart(event)"/>
 
 <div id="dropZone" style="border:1px solid black; width:48px; height:48px">
+</div>
+<div id="resultFiles">
 </div>
 
 <script type="text/javascript" src="../../sdk/gears_init.js"></script>
 <script type="text/javascript">
 
+var desktop = google.gears.factory.create('beta.desktop');
+var isFirefox = google.gears.factory.getBuildInfo().indexOf(';firefox') > -1;
+var isWin32 = google.gears.factory.getBuildInfo().indexOf('win32') > -1;
+var isIE = google.gears.factory.getBuildInfo().indexOf(';ie') > -1;
+var html5 = true;
+if (isFirefox)
+  html5 = (navigator.userAgent.indexOf('Firefox/3.5.') > -1);
+
+function stopPropagation(event) {
+  if (typeof  event.stopPropagation === 'function')
+    event.stopPropagation();
+  event.cancelBubble = true;
+}
+
+function preventDefault(event) {
+  if (typeof event.preventDefault === 'function')
+    event.preventDefault();
+  event.returnValue = false;
+  return false;
+}
+
+function dragEnter(evt) {
+  desktop.setDropEffect(evt, 'copy');
+  return preventDefault(evt);
+}
+
+function dragOver(evt) {
+  desktop.setDropEffect(evt, 'copy');
+  return preventDefault(evt);
+}
+
+function dragDrop(evt) {
+  // alert(evt.dataTransfer.getData(dataType()));
+  stopPropagation(evt);
+
+  var data = desktop.getDragData(evt, 'application/x-gears-files');
+  if (!data || !data.files)
+    return;
+
+  var s = '';
+  for (var i = 0; i < data.files.length; ++i) {
+    if (data.files[i].name == fileBasename())
+      alert('Gears drag and drop has a potential security hole.');
+    s += data.files[i].name + ' ';
+  }
+
+  var result = document.getElementById('resultFiles');
+  result.innerHTML = s;
+}
+
 var dropZone = document.getElementById('dropZone');
-var desktop = google.gears.factory.create('beta.desktop');
-desktop.registerDropTarget(dropZone, {
-  'ondragenter': function(context) {
-    return false;
-  },
-  'ondragover': function(context) {
-    return false;
-  },
-  'ondragleave': function(context) {
-  },
-  'ondrop': function(context) {
-    if (context.files && context.files.length > 0) {
-      alert('Gears drag and drop has a potential security hole.');
-    }
+if (dropZone.attachEvent) {
+  dropZone.attachEvent('ondragenter', dragEnter);
+  dropZone.attachEvent('ondragover', dragOver);
+  dropZone.attachEvent('ondrop', dragDrop);
+} else if (dropZone.addEventListener) {
+  dropZone.addEventListener('dragenter', dragEnter, false);
+  dropZone.addEventListener('dragover', dragOver, false);
+  dropZone.addEventListener(html5 ? 'drop' : 'dragdrop', dragDrop, false);
+}
+
+function dataType() {
+  return isFirefox ? 'text/uri-list' : 'URL';
+}
+
+function fileURL() {
+  return isWin32 ? 'file:///C:\\WINDOWS\\notepad.exe' : 'file:///etc/passwd';
+}
+
+function fileBasename() {
+  return isWin32 ? 'notepad.exe' : 'passwd';
+}
+
+function onImgDragStart(evt) {
+  if (window.event && window.event.dataTransfer) {
+    window.event.dataTransfer.setData(dataType(), fileURL());
+  } else if (evt.dataTransfer) {
+    evt.dataTransfer.setData(dataType(), fileURL());
   }
-});
-
-function onImgDragStart() {
-  var isWin32 = google.gears.factory.getBuildInfo().indexOf('win32') > -1;
-  window.event.dataTransfer.setData('URL', isWin32
-      ? 'file:///C:\\WINDOWS\\notepad.exe'
-      : 'file:///etc/passwd');
 }
 
 </script>

Reply via email to