[Caja] [google-caja] r4289 committed - Taming policy fixes for ES53 in the playground...

Mon, 27 Sep 2010 19:28:44 -0700 

Revision: 4289
Author: jasvir
Date: Mon Sep 27 19:27:11 2010
Log: Taming policy fixes for ES53 in the playground
http://codereview.appspot.com/2145042

* Makes the policy tab work for both ES53 and Valija mode
* Relabel Valija to ES3
* cssparser.js fix for [^] regex on IE

[email protected]

http://code.google.com/p/google-caja/source/detail?r=4289

Modified:
 /trunk/src/com/google/caja/demos/playground/client/policy.js
 /trunk/src/com/google/caja/demos/playground/client/ui/PlaygroundView.java
 /trunk/src/com/google/caja/demos/playground/es53.html
/trunk/src/com/google/caja/demos/playground/server/GWTCajolingServiceImpl.java 
 /trunk/src/com/google/caja/demos/playground/taming.js

=======================================
--- /trunk/src/com/google/caja/demos/playground/client/policy.js Wed Jul 14 15:13:28 2010 +++ /trunk/src/com/google/caja/demos/playground/client/policy.js Mon Sep 27 19:27:11 2010 
@@ -1,14 +1,14 @@
 // Playground policy
 //  - exposes flash
 //  - exposes alert
-
+tamings___ = [];
 /**
  * Simple flash taming
  *   - exposes a taming of the swfobject API
  *   - ensures version of flash > 9 (defaults to v10)
  *   - adds parameters to limit network and prevent script access
  */
-tamings___.push(function tameSimpleFlash(imports) {
+tamings___.push(function tameSimpleFlash(___, imports) {
   imports.outers.swfobject = {};
   imports.outers.swfobject.embedSWF = function(swfUrl, id, width, height,
       version, expressInstall, flashvars, params, attributes, cb) {
@@ -40,24 +40,15 @@
  *   - ensures that after 10 alerts the user has the option of redirecting
  *     remaining calls to alert to cajita.log instead
  */
-tamings___.push(function tameAlert(imports) {
+tamings___.push(function tameAlert(___, imports) {
   imports.outers.alert = (function() {
     var remainingAlerts = 10;
-    var useConsole = false;
     function tameAlert(msg) {
-      if (useConsole) {
-        cajita.log(msg);
-      } else {
-        if (remainingAlerts > 0) {
-          remainingAlerts--;
-          alert(msg);
-        } else {
-          if (confirm("Redirect remaining alerts to console?")) {
-            useConsole = true;
-          } else {
-            remainingAlerts = 10;
-          }
-        }
+      if (remainingAlerts > 0) {
+        remainingAlerts--;
+        alert("Untrusted gadget says: " + msg);
+      } else if (remainingAlerts == 0) {
+        remainingAlerts = confirm("Ignore remaining alerts?") ? -1 : 10;
       }
     };
     return tameAlert;
=======================================
--- /trunk/src/com/google/caja/demos/playground/client/ui/PlaygroundView.java Mon Sep 20 14:30:08 2010 +++ /trunk/src/com/google/caja/demos/playground/client/ui/PlaygroundView.java Mon Sep 27 19:27:11 2010 
@@ -163,8 +163,8 @@

     es53ModeButton = new RadioButton("inputLanguage", "ES5");
     es53ModeButton.setTitle("Input in ES5 targetting ES3 browsers");
-    valijaModeButton = new RadioButton("inputLanguage", "Valija");
-    valijaModeButton.setTitle("Input in Valija targetting ES3 browsers");
+    valijaModeButton = new RadioButton("inputLanguage", "ES3");
+    valijaModeButton.setTitle("Input in ES3 targetting ES3 browsers");
     valijaModeButton.setValue(true);

     cajoleButton.addClickHandler(new ClickHandler() {
=======================================
--- /trunk/src/com/google/caja/demos/playground/es53.html Tue Sep 14 16:08:36 2010 +++ /trunk/src/com/google/caja/demos/playground/es53.html Mon Sep 27 19:27:11 2010 
@@ -37,12 +37,21 @@
   <script src="bridal.js"></script>
   <script src="cssparser.js"></script>
   <script src="domita.js"></script>
+
   <script>
-  initJS = function(div, uriPolicy, cajoledJS) {
+  var grantAdditionalPowers = function(tamings___, ___, imports) {
+    for (var tamer in tamings___) {
+      if (tamings___.hasOwnProperty(tamer)) {
+        tamings___[tamer].call(___.USELESS, ___, imports);
+      }
+    }
+  }
+
+  initJS = function(div, uriPolicy, policyJS, cajoledJS) {
     var imports = ___.copy(___.whitelistAll(___.sharedImports));
     imports.onerror = ___.markFunc(function(x){
       parent.caja___.logFunc(x);
-      return false;
+      return true;
     });
     ___.setLogFunc(imports.onerror);

@@ -56,11 +65,13 @@
       imports.window[i] = imports[i];
     }
     imports = imports.window;
+    imports.outers = imports;
     imports.domitaTrace___ = 1;
-    imports.alert = ___.markFunc(function (x) { alert(x); });
-    ___.getNewModuleHandler().setImports(___.whitelistAll(imports));
-    imports.handleSet___ = void 0;
-
+
+    imports.handleSet___ = void 0;
+    eval(policyJS);
+    grantAdditionalPowers(tamings___, ___, imports);
+    ___.getNewModuleHandler().setImports(___.whitelistAll(imports));
     eval(cajoledJS);
   };

=======================================
--- /trunk/src/com/google/caja/demos/playground/server/GWTCajolingServiceImpl.java Wed Sep 1 17:42:06 2010 +++ /trunk/src/com/google/caja/demos/playground/server/GWTCajolingServiceImpl.java Mon Sep 27 19:27:11 2010 
@@ -81,7 +81,12 @@
     public String rewriteUri(
         ExternalReference u, UriEffect effect, LoaderType loader,
         Map<String, ?> hints) {
-      if (LoaderType.SANDBOXED == loader) { return u.getUri().toString(); }
+      if ((effect == UriEffect.NEW_DOCUMENT ||
+          (effect == UriEffect.SAME_DOCUMENT &&
+              loader == LoaderType.SANDBOXED))) {
+        return u.getUri().toString();
+      }
+
       return (
           "http://caja.appspot.com/cajole";
           + "?url=" + UriUtil.encode(u.getUri().toString())
=======================================
--- /trunk/src/com/google/caja/demos/playground/taming.js Wed Sep 1 17:42:06 2010 +++ /trunk/src/com/google/caja/demos/playground/taming.js Mon Sep 27 19:27:11 2010 
@@ -25,10 +25,10 @@
 var tamings___ = tamings___ || [];
 var caja___ = (function () {
   var cajaDomSuffix = 'g___';
-  var grantAdditionalPowers = function(imports) {
+  var grantAdditionalPowers = function(___, imports) {
     for (var tamer in tamings___) {
       if (tamings___.hasOwnProperty(tamer)) {
-        tamings___[tamer].call(___.USELESS, imports);
+        tamings___[tamer].call(___.USELESS, ___, imports);
       }
     }
   }
@@ -63,28 +63,40 @@
     ___.setLogFunc(function(x) { caja___.logFunc(x); })
     ___.getNewModuleHandler().setImports(imports);
     eval(policy);
-    grantAdditionalPowers(imports);
+    grantAdditionalPowers(___, imports);
     eval(js);
   }

   var cajoledJS = "";
+  var policyJS = "";
   var currentFrame = null;
   function enableES53(parent, policy, html, js) {
     configureHTML(parent, html);

     var hiddenDiv = document.getElementById("es53frames");
     currentFrame = document.createElement('iframe');
-    currentFrame.src = "es53.html";
+ currentFrame.src = "es53.html?rnd=" + Math.floor(Math.random() * 10000); 
+    currentFrame.id = "es53frame";
+    policyJS = policy;
     cajoledJS = js;
     hiddenDiv.appendChild(currentFrame);
   }

-  function onReady(init, childFrame) {
-    init(document.getElementById(id), uriPolicy, cajoledJS);
+  function onReady(initJS, childFrame) {
+    initJS(document.getElementById(id), uriPolicy, policyJS, cajoledJS,
+        grantAdditionalPowers);
+  }
+
+  function tearDownES53() {
+    try {
+      document.body.removeChild(document.getElementById("es53frame"));
+    } catch (e) {
+      // failure is an option
+    }
   }

   function enable(es53, parent, policy, html, js) {
-    document.getElementById("es53frames").innerHTML = "";
+    tearDownES53();
     if (es53) {
       enableES53(parent, policy, html, js);
     } else {

Reply via email to