Reviewers: metaweta,
Please review this at http://codereview.appspot.com/6494081/
Affected files:
M src/com/google/caja/apitaming/cajaTamingGoogleLoader.js
M tests/com/google/caja/plugin/es53-test-apitaming-guest-0.html
M tests/com/google/caja/plugin/es53-test-apitaming.js
Index: tests/com/google/caja/plugin/es53-test-apitaming.js
===================================================================
--- tests/com/google/caja/plugin/es53-test-apitaming.js (revision 5032)
+++ tests/com/google/caja/plugin/es53-test-apitaming.js (working copy)
@@ -98,7 +98,14 @@
caja.load(createDiv(), uriPolicy, function (frame) {
- var t = caja.tamingGoogleLoader.applyToFrame(frame);
+ var t = caja.tamingGoogleLoader.applyToFrame(frame, {
+ initialObj: frame.markReadOnlyRecord({
+ initialFcn: frame.markFunction(function(x) {
+ return x + 19;
+ })
+ })
+ });
+
t.whitelistApi('foo');
t.whitelistApi('bar');
Index: tests/com/google/caja/plugin/es53-test-apitaming-guest-0.html
===================================================================
--- tests/com/google/caja/plugin/es53-test-apitaming-guest-0.html (revision
5032)
+++ tests/com/google/caja/plugin/es53-test-apitaming-guest-0.html (working
copy)
@@ -14,6 +14,27 @@
- limitations under the License.
-->
+<div id="testInitialEntries" class="testcontainer waiting">
+ testInitialEntries
+</div>
+<script type="text/javascript">
+ jsunitRegister('testInitialEntries',
+ function testInitialEntries() {
+ assertEquals('object', typeof google.initialObj);
+ assertEquals('function', typeof google.initialObj.initialFcn);
+ assertEquals(17 + 19, google.initialObj.initialFcn(17));
+ try {
+ google.foo = 1;
+ fail('google object is not read-only');
+ } catch (e) {}
+ try {
+ google.initialObj.foo = 1;
+ fail('google.initialObj object is not read-only');
+ } catch (e) {}
+ pass('testInitialEntries');
+ });
+</script>
+
<div id="testOnload" class="testcontainer waiting">
testOnload
</div>
Index: src/com/google/caja/apitaming/cajaTamingGoogleLoader.js
===================================================================
--- src/com/google/caja/apitaming/cajaTamingGoogleLoader.js (revision 5032)
+++ src/com/google/caja/apitaming/cajaTamingGoogleLoader.js (working copy)
@@ -423,7 +423,7 @@
google.load(name, version, opt_info);
}
- function applyToFrame(frame) {
+ function applyToFrame(frame, initialEntries) {
// TODO(ihab.awad): redundant!!!
var tamingUtils = TamingUtils(frame);
@@ -439,6 +439,12 @@
var safeGoogle = policyEvaluator.defTopLevelObj(
'google', window['google'], framePolicyByName);
+ for (var key in initialEntries) {
+ if (initialEntries.hasOwnProperty(key) && !/__$/.test(key)) {
+ safeGoogle[key] = initialEntries[key];
+ }
+ }
+
safeGoogle.load = frame.markFunction(function(name, opt_ver,
opt_info) {
if (!whitelistedApis.has(name)) {
// This is our front line of defense against a malicious guest
