[Caja] [google-caja] r4228 committed - [?1034hAdd a parameter to the service to tide Kevin over until we hav...

Fri, 06 Aug 2010 18:55:18 -0700 

Revision: 4228
Author: [email protected]
Date: Fri Aug  6 18:54:18 2010
Log: [?1034hAdd a parameter to the service to tide Kevin over until we have policies in JS 
http://codereview.appspot.com/1880051

Temporary uri policy param to service for Kevin's demo.

[email protected]

http://code.google.com/p/google-caja/source/detail?r=4228

Modified:
 /trunk/src/com/google/caja/demos/playground/client/ui/PlaygroundView.java
 /trunk/src/com/google/caja/parser/AbstractParseTreeNode.java
 /trunk/src/com/google/caja/parser/ParseTreeNodes.java
 /trunk/src/com/google/caja/service/AbstractCajolingHandler.java
 /trunk/src/com/google/caja/service/ContentHandler.java
 /trunk/src/com/google/caja/service/GadgetHandler.java
 /trunk/src/com/google/caja/service/HtmlHandler.java
 /trunk/src/com/google/caja/service/ImageHandler.java
 /trunk/src/com/google/caja/service/InnocentHandler.java
 /trunk/src/com/google/caja/service/JsHandler.java
 /trunk/src/com/google/caja/util/Maps.java
 /trunk/src/com/google/caja/util/RhinoExecutor.java

=======================================
--- /trunk/src/com/google/caja/demos/playground/client/ui/PlaygroundView.java Thu Aug 5 23:43:16 2010 +++ /trunk/src/com/google/caja/demos/playground/client/ui/PlaygroundView.java Fri Aug 6 18:54:18 2010 
@@ -64,7 +64,7 @@
  */
 public class PlaygroundView {
   private final boolean EXPERIMENTAL_MODE = false;
-
+
   private HTML renderPanel;
   private TextBox renderResult;
   private HTML cajoledSource;
@@ -91,7 +91,7 @@
     policyAddressField.setText(url);
     policyExamples.add(url);
   }
-
+
   public void setUrl(String url) {
     addressField.setText(url);
     sourceExamples.add(url);
@@ -179,7 +179,7 @@
     addressBar.setStyleName("playgroundUI");
     addressBar.setWidget(0, item, addressField);
     addressBar.getCellFormatter().setWidth(0, item++, "80%");
-
+
     addressBar.setWidget(0, item++, debugModeButton);
     addressBar.setWidget(0, item++, goButton);
     addressBar.setWidget(0, item++, cajoleButton);
@@ -209,7 +209,7 @@
     });
     policyAddressField.setText("http://";);
     policyAddressField.setWidth("100%");
-
+
     final Button clearButton = new Button("Clear");
     clearButton.addClickHandler(new ClickHandler() {
       public void onClick(ClickEvent event) {
@@ -217,7 +217,7 @@
         controller.clearPolicy();
       }
     });
-
+
     final Button loadButton = new Button("\u21B4\u00A0Load");
     loadButton.addClickHandler(new ClickHandler() {
       public void onClick(ClickEvent event) {
@@ -261,7 +261,7 @@
     currentPolicy = PlaygroundResource.INSTANCE.defaultPolicy().getText();
     policyText.setText(currentPolicy);
   }
-
+
   private Widget createCajoledSourcePanel() {
     FlowPanel fp = new FlowPanel();
     cajoledSource = new HTML();
@@ -537,7 +537,7 @@
     script.setInnerText(text);
     return script;
   }
-
+
   public void setRenderedResult(String policy, String html, String js) {
     if (html == null && js == null) {
       renderPanel.setText("There were cajoling errors");
@@ -551,7 +551,7 @@
// Make the cajoled content visible so that the DOM will be laid out before 
     // the script checks DOM geometry.
     editorPanel.selectTab(2);
-
+
     Element parent = renderPanel.getElement();
     parent.appendChild(scriptOf(policy));
     parent.appendChild(scriptOf("caja___.enable()"));
=======================================
--- /trunk/src/com/google/caja/parser/AbstractParseTreeNode.java Thu Dec 10 17:39:38 2009 +++ /trunk/src/com/google/caja/parser/AbstractParseTreeNode.java Fri Aug 6 18:54:18 2010 
@@ -26,7 +26,6 @@
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Iterator;
 import java.util.List;
 import java.util.NoSuchElementException;

@@ -94,7 +93,7 @@
     return this.attributes;
   }
   @SuppressWarnings("unchecked")
-  public void setComments(List<? extends Token> comments) {
+  public void setComments(List<? extends Token<?>> comments) {
     List<Token<?>> tokens = (List<Token<?>>) comments;
     this.comments = !comments.isEmpty()
         ? Collections.unmodifiableList(new ArrayList<Token<?>>(tokens))
@@ -382,12 +381,8 @@
       return insertBefore(toAppend, null);
     }

-    @SuppressWarnings("unchecked")
public Mutation appendChildren(Iterable<? extends ParseTreeNode> nodes) { 
-      for (Iterator it=nodes.iterator(); it.hasNext(); ) {
-        ParseTreeNode node = (ParseTreeNode)it.next();
-        changes.add(new Insertion(node, null));
-      }
+      for (ParseTreeNode node : nodes) { insertBefore(node, null); }
       return this;
     }

=======================================
--- /trunk/src/com/google/caja/parser/ParseTreeNodes.java Thu Dec 10 17:39:38 2009 +++ /trunk/src/com/google/caja/parser/ParseTreeNodes.java Fri Aug 6 18:54:18 2010 
@@ -127,7 +127,7 @@
     return (Constructor<T>) cloneCtorCache.get(clazz);
   }

-  @SuppressWarnings({"unchecked", "cast"})
+  @SuppressWarnings({"cast", "rawtypes", "unchecked"})
   private static <T> List<Constructor<T>> declaredCtors(Class<T> clazz) {
     // This is typesafe because a constructor yields exactly the type T,
// never a subclass. Unfortunately getDeclaredConstructors loses type info 
=======================================
--- /trunk/src/com/google/caja/service/AbstractCajolingHandler.java Fri Aug 6 15:45:08 2010 +++ /trunk/src/com/google/caja/service/AbstractCajolingHandler.java Fri Aug 6 18:54:18 2010 
@@ -49,6 +49,7 @@
 import com.google.caja.util.Callback;
 import com.google.caja.util.Lists;
 import com.google.caja.util.Pair;
+import com.google.caja.util.Strings;

 /**
  * Common parent class for handlers that invoke the cajoler
@@ -59,21 +60,36 @@
 public abstract class AbstractCajolingHandler implements ContentHandler {
   protected final BuildInfo buildInfo;
   protected final UriFetcher uriFetcher;
-  protected final UriPolicy uriPolicy;
+  protected final String hostedService;

   public AbstractCajolingHandler(
-      BuildInfo buildInfo, final String hostedService,
-      final UriFetcher uriFetcher) {
+      BuildInfo buildInfo, String hostedService, UriFetcher uriFetcher) {
     this.buildInfo = buildInfo;
+    this.hostedService = hostedService;
this.uriFetcher = uriFetcher != null ? uriFetcher : UriFetcher.NULL_NETWORK; 
-    this.uriPolicy = new UriPolicy() {
+  }
+
+  protected UriPolicy makeUriPolicy(final URI inputUri) {
+    return new UriPolicy() {
       public String rewriteUri(
           ExternalReference u, UriEffect effect, LoaderType loader,
           Map<String, ?> hints) {
+        URI uri = u.getUri();
+        if (((effect == UriEffect.NEW_DOCUMENT
+              && loader == LoaderType.UNSANDBOXED)
+             || (effect == UriEffect.SAME_DOCUMENT
+                 && loader == LoaderType.SANDBOXED))
+            && !sandboxLinksAndImages(inputUri)) {
+          String protocol = Strings.toLowerCase(uri.getScheme());
+          if ("http".equals(protocol) || "https".equals(protocol)) {
+            return uri.toString();
+          }
+        }
         if (hostedService != null) {
           return hostedService
-              + "?url=" + UriUtil.encode(u.getUri().toString())
-              + "&effect=" + effect + "&loader=" + loader;
+              + "?url=" + UriUtil.encode(uri.toString())
+              + "&effect=" + effect + "&loader=" + loader
+              + "&sext=" + sandboxLinksAndImages(inputUri);
         } else {
           return null;
         }
=======================================
--- /trunk/src/com/google/caja/service/ContentHandler.java Tue Jun 1 15:11:38 2010 +++ /trunk/src/com/google/caja/service/ContentHandler.java Fri Aug 6 18:54:18 2010 
@@ -74,4 +74,10 @@
                                     OutputStream response,
                                     MessageQueue mq)
       throws UnsupportedContentTypeException;
-}
+
+  /**
+   * True if links should be sandboxed.
+   * TODO: get rid of this once we have URI policies specified in JS.
+   */
+  public boolean sandboxLinksAndImages(URI inputUri);
+}
=======================================
--- /trunk/src/com/google/caja/service/GadgetHandler.java Tue Jun 15 20:33:47 2010 +++ /trunk/src/com/google/caja/service/GadgetHandler.java Fri Aug 6 18:54:18 2010 
@@ -83,8 +83,8 @@
     }
   }

-  private void cajoleGadget(URI inputUri, CharProducer cajaInput,
-      Appendable output, MessageQueue mq)
+  private void cajoleGadget(
+ URI inputUri, CharProducer cajaInput, Appendable output, MessageQueue mq) 
       throws ParseException, GadgetRewriteException, IOException {
DefaultGadgetRewriter rewriter = new DefaultGadgetRewriter(buildInfo, mq); 

@@ -102,4 +102,6 @@
     };
rewriter.rewrite(inputUri, cajaInput, fetcher, policy, "canvas", output); 
   }
-}
+
+  public boolean sandboxLinksAndImages(URI inputUri) { return true; }
+}
=======================================
--- /trunk/src/com/google/caja/service/HtmlHandler.java Fri Aug 6 15:45:08 2010 +++ /trunk/src/com/google/caja/service/HtmlHandler.java Fri Aug 6 18:54:18 2010 
@@ -16,9 +16,13 @@
 import java.io.IOException;
 import java.io.OutputStream;
 import java.io.OutputStreamWriter;
+import java.io.UnsupportedEncodingException;
 import java.net.URI;
+import java.net.URLEncoder;
 import java.util.List;
 import org.w3c.dom.Document;
+
+import com.google.caja.SomethingWidgyHappenedError;
 import com.google.caja.lexer.CharProducer;
 import com.google.caja.lexer.FetchedData;
 import com.google.caja.lexer.HtmlLexer;
@@ -46,8 +50,8 @@
  */
 public class HtmlHandler extends AbstractCajolingHandler {

-  public HtmlHandler(BuildInfo buildInfo, final String hostedService,
-      final UriFetcher uriFetcher) {
+  public HtmlHandler(
+ BuildInfo buildInfo, final String hostedService, UriFetcher uriFetcher) { 
     super(buildInfo, hostedService, uriFetcher);
   }

@@ -75,7 +79,7 @@
                                    OutputStream response,
                                    MessageQueue mq)
       throws UnsupportedContentTypeException {
-    PluginMeta meta = new PluginMeta(uriFetcher, uriPolicy);
+    PluginMeta meta = new PluginMeta(uriFetcher, makeUriPolicy(uri));
     ContentType outputType = ContentType.fromMimeType(outputContentType);
     if (outputType == null) {
       if (outputContentType.matches("\\*/\\*(\\s*;.*)?")) {
@@ -160,4 +164,29 @@
           MessagePart.Factory.valueOf(e.getMessage()));
     }
   }
-}
+
+  public boolean sandboxLinksAndImages(URI inputUri) {
+    return !(hasParameter(inputUri.getRawQuery(), "sext=false"));
+  }
+
+  private static boolean hasParameter(String query, String param) {
+    if (query == null) { return false; }
+    int pos = 0;
+    int n = query.length();
+    if (n >= 1 && query.charAt(0) == '?') { pos = 1; }
+    while (pos < n) {
+      int end = query.indexOf('&', pos);
+      if (end < 0) { end = n; }
+      String rawParam = query.substring(pos, end);
+      try {
+        if (URLEncoder.encode(rawParam, "UTF-8").equals(param)) {
+          return true;
+        }
+      } catch (UnsupportedEncodingException ex) {
+        throw new SomethingWidgyHappenedError(ex);
+      }
+      pos = end + 1;
+    }
+    return false;
+  }
+}
=======================================
--- /trunk/src/com/google/caja/service/ImageHandler.java Tue May 25 13:51:03 2010 +++ /trunk/src/com/google/caja/service/ImageHandler.java Fri Aug 6 18:54:18 2010 
@@ -60,4 +60,8 @@
       return null;
     }
   }
-}
+
+  public boolean sandboxLinksAndImages(URI inputUri) {
+    throw new UnsupportedOperationException();
+  }
+}
=======================================
--- /trunk/src/com/google/caja/service/InnocentHandler.java Tue Jun 1 15:11:38 2010 +++ /trunk/src/com/google/caja/service/InnocentHandler.java Fri Aug 6 18:54:18 2010 
@@ -93,4 +93,6 @@
           MessagePart.Factory.valueOf(e.getMessage()));
     }
   }
-}
+
+  public boolean sandboxLinksAndImages(URI inputUri) { return true; }
+}
=======================================
--- /trunk/src/com/google/caja/service/JsHandler.java Fri Aug 6 15:45:08 2010 +++ /trunk/src/com/google/caja/service/JsHandler.java Fri Aug 6 18:54:18 2010 
@@ -129,4 +129,8 @@
           MessagePart.Factory.valueOf(e.getMessage()));
     }
   }
-}
+
+  public boolean sandboxLinksAndImages(URI inputUri) {
+    throw new UnsupportedOperationException();
+  }
+}
=======================================
--- /trunk/src/com/google/caja/util/Maps.java   Tue Jul 13 09:51:09 2010
+++ /trunk/src/com/google/caja/util/Maps.java   Fri Aug  6 18:54:18 2010
@@ -96,7 +96,7 @@
   public static final class ImmutableMapBuilder<K, V> {
     private Map<K, V> map;
     private boolean canUseEnumMap = true;
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     private Class<? extends Enum> enumKeyType;
     ImmutableMapBuilder(Map<K, V> emptyMap) { this.map = emptyMap; }

@@ -145,7 +145,7 @@
// This is legit because enumKeyType above is both an enum type (checked at 
   // runtime in the EnumMap ctor) and is the type of a subclass of K.
-  @SuppressWarnings("unchecked")
+  @SuppressWarnings({ "rawtypes", "unchecked" })
   private static <K, V>
   Map<K, V> makeEnumMap(Class<? extends Enum> t) { return new EnumMap(t); }

=======================================
--- /trunk/src/com/google/caja/util/RhinoExecutor.java Thu Jul 22 10:23:41 2010 +++ /trunk/src/com/google/caja/util/RhinoExecutor.java Fri Aug 6 18:54:18 2010 
@@ -129,10 +129,11 @@
         }
       });
       context.setWrapFactory(new WrapFactory() {
-        @SuppressWarnings("unchecked")  // Overridden method is not generic
         @Override
         public Object wrap(
- Context cx, Scriptable scope, Object javaObject, Class staticType) { 
+            Context cx, Scriptable scope, Object javaObject,
+ @SuppressWarnings("rawtypes") // Overridden method is not generic 
+            Class staticType) {
// Deny reflective access up front. This should not be triggered due 
           // to getter filtering, but let's be paranoid.
           if (javaObject != null
@@ -161,10 +162,11 @@
           return super.wrap(cx, scope, javaObject, staticType);
         }

-        @SuppressWarnings("unchecked")  // Overridden method is not generic
         @Override
         public Scriptable wrapAsJavaObject(
- Context cx, Scriptable scope, Object javaObject, Class staticType) { 
+            Context cx, Scriptable scope, Object javaObject,
+ @SuppressWarnings("rawtypes") // Overridden method is not generic 
+            Class staticType) {
           return new NativeJavaObject(scope, javaObject, staticType) {
             @Override
             public Object get(String name, Scriptable start) {

Reply via email to