Revision: 3722
Author: felix8a
Date: Thu Sep 10 15:07:14 2009
Log: onclick= set by innerHTML is broken
http://codereview.appspot.com/115082
http://code.google.com/p/google-caja/issues/detail?id=588
domita has support for setting very simple onevent= handlers
when assigning to innerHTML. for example, this is supposed
to work:
<div id='a'></div>
<script>
var a = document.getElementById('a');
a.innerHTML = '<input type="button" onclick="foo();">';
function foo () { cajita.log(1); }
</script>
however, this has been broken since valija was created,
because plugin_dispatchEvent knows how to find a cajita 'foo',
but not a valija 'foo'.
this change teaches plugin_dispatchEvent about valija 'foo'.
[email protected]
http://code.google.com/p/google-caja/source/detail?r=3722
Modified:
/trunk/src/com/google/caja/plugin/domita.js
/trunk/tests/com/google/caja/plugin/domita_test_untrusted.html
=======================================
--- /trunk/src/com/google/caja/plugin/domita.js Wed Sep 9 14:17:58 2009
+++ /trunk/src/com/google/caja/plugin/domita.js Thu Sep 10 15:07:14 2009
@@ -4047,7 +4047,8 @@
}
switch (typeof handler) {
case 'string':
- handler = imports[handler];
+ handler = (___.canRead(imports, '$v') && imports.$v.ro(handler))
+ || ___.readPub(imports, handler);
break;
case 'function': case 'object':
break;
=======================================
--- /trunk/tests/com/google/caja/plugin/domita_test_untrusted.html Wed Sep
9 14:17:58 2009
+++ /trunk/tests/com/google/caja/plugin/domita_test_untrusted.html Thu Sep
10 15:07:14 2009
@@ -39,6 +39,10 @@
<b>Click me</b>
</p>
+<p class="clickme-testcontainer" id="test-innerhtml-onclick">
+ <b>do not click yet</b>
+</p>
+
<div class="clickme-testcontainer" id="test-case-insensitive-attrs">
<table id="is-red">
<tr>
@@ -754,6 +758,23 @@
pass('test-dom-class-hierarchy');
});
});
+
+jsunitRegister('testInnerhtmlOnclick',
+ function testInnerhtmlOnclick() {
+ var el = document.getElementById('test-innerhtml-onclick');
+ if (directAccess.isValija) {
+ el.innerHTML = '<b onclick="innerhtmlClicked();">Click me</b>';
+ } else {
+ // in cajita, innerhtmlClicked is a local module function,
+ // and there's no way for domita.js to access it.
+ el.innerHTML = "<span>Cajita can't link up onclick= functions</span>";
+ pass('test-innerhtml-onclick');
+ }
+});
+
+function innerhtmlClicked() {
+ pass('test-innerhtml-onclick');
+}
jsunitRegister('testCaseInsensitiveAttrs',
function testCaseInsensitiveAttrs() {
