Revision: 5033
Author: [email protected]
Date: Tue Sep 4 14:53:00 2012
Log: Allow cajaTamingGoogleLoader to accept 'initial entries' from
caller
http://codereview.appspot.com/6494081
[email protected]
http://code.google.com/p/google-caja/source/detail?r=5033
Modified:
/trunk/src/com/google/caja/apitaming/cajaTamingGoogleLoader.js
/trunk/tests/com/google/caja/plugin/es53-test-apitaming-guest-0.html
/trunk/tests/com/google/caja/plugin/es53-test-apitaming.js
=======================================
--- /trunk/src/com/google/caja/apitaming/cajaTamingGoogleLoader.js Sun Aug
19 17:44:26 2012
+++ /trunk/src/com/google/caja/apitaming/cajaTamingGoogleLoader.js Tue Sep
4 14:53:00 2012
@@ -423,7 +423,7 @@
google.load(name, version, opt_info);
}
- function applyToFrame(frame) {
+ function applyToFrame(frame, initialEntries) {
// TODO(ihab.awad): redundant!!!
var tamingUtils = TamingUtils(frame);
@@ -439,6 +439,12 @@
var safeGoogle = policyEvaluator.defTopLevelObj(
'google', window['google'], framePolicyByName);
+ for (var key in initialEntries) {
+ if (initialEntries.hasOwnProperty(key) && !/__$/.test(key)) {
+ safeGoogle[key] = initialEntries[key];
+ }
+ }
+
safeGoogle.load = frame.markFunction(function(name, opt_ver,
opt_info) {
if (!whitelistedApis.has(name)) {
// This is our front line of defense against a malicious guest
=======================================
--- /trunk/tests/com/google/caja/plugin/es53-test-apitaming-guest-0.html
Sun Aug 19 17:44:26 2012
+++ /trunk/tests/com/google/caja/plugin/es53-test-apitaming-guest-0.html
Tue Sep 4 14:53:00 2012
@@ -14,6 +14,27 @@
- limitations under the License.
-->
+<div id="testInitialEntries" class="testcontainer waiting">
+ testInitialEntries
+</div>
+<script type="text/javascript">
+ jsunitRegister('testInitialEntries',
+ function testInitialEntries() {
+ assertEquals('object', typeof google.initialObj);
+ assertEquals('function', typeof google.initialObj.initialFcn);
+ assertEquals(17 + 19, google.initialObj.initialFcn(17));
+ try {
+ google.foo = 1;
+ fail('google object is not read-only');
+ } catch (e) {}
+ try {
+ google.initialObj.foo = 1;
+ fail('google.initialObj object is not read-only');
+ } catch (e) {}
+ pass('testInitialEntries');
+ });
+</script>
+
<div id="testOnload" class="testcontainer waiting">
testOnload
</div>
=======================================
--- /trunk/tests/com/google/caja/plugin/es53-test-apitaming.js Sun Aug 19
17:44:26 2012
+++ /trunk/tests/com/google/caja/plugin/es53-test-apitaming.js Tue Sep 4
14:53:00 2012
@@ -98,7 +98,14 @@
caja.load(createDiv(), uriPolicy, function (frame) {
- var t = caja.tamingGoogleLoader.applyToFrame(frame);
+ var t = caja.tamingGoogleLoader.applyToFrame(frame, {
+ initialObj: frame.markReadOnlyRecord({
+ initialFcn: frame.markFunction(function(x) {
+ return x + 19;
+ })
+ })
+ });
+
t.whitelistApi('foo');
t.whitelistApi('bar');
