Revision: 5609
Author: [email protected]
Date: Wed Oct 2 23:01:41 2013 UTC
Log: Fix URI policies without fetch causing lost-signal.
https://codereview.appspot.com/14228045
Fixes <https://code.google.com/p/google-caja/issues/detail?id=1579>.
Domado's uriFetch now always invokes its callback, one way or another;
particularly if the URI policy object contains no 'fetch' method.
[email protected]
http://code.google.com/p/google-caja/source/detail?r=5609
Modified:
/trunk/src/com/google/caja/plugin/domado.js
/trunk/tests/com/google/caja/plugin/test-cajajs-invocation.js
=======================================
--- /trunk/src/com/google/caja/plugin/domado.js Mon Sep 9 18:40:16 2013 UTC
+++ /trunk/src/com/google/caja/plugin/domado.js Wed Oct 2 23:01:41 2013 UTC
@@ -82,30 +82,22 @@
function allowedUriScheme(uri) {
return (uri.hasScheme() && ALLOWED_URI_SCHEMES.test(uri.getScheme()));
}
-
- function ifThrowsThenNull(uri, func) {
- try {
- return func();
- } catch (e) {
- console.log('Rejecting url ' + uri + ' because ' + e);
- return null;
- }
- }
function uriFetch(naiveUriPolicy, uri, mime, callback) {
- if (!naiveUriPolicy || !callback
- || 'function' !== typeof naiveUriPolicy.fetch) {
- return;
- }
uri = '' + uri;
var parsed = URI.parse(uri);
- ifThrowsThenNull(uri, function() {
- if (allowedUriScheme(parsed)) {
+ try {
+ if (!naiveUriPolicy || 'function' !== typeof naiveUriPolicy.fetch) {
+ window.setTimeout(function() { callback({}); }, 0);
+ } else if (allowedUriScheme(parsed)) {
naiveUriPolicy.fetch(parsed, mime, callback);
} else {
naiveUriPolicy.fetch(undefined, mime, callback);
}
- });
+ } catch (e) {
+ console.log('Rejecting url ' + uri + ' because ' + e);
+ window.setTimeout(function() { callback({}); }, 0);
+ }
}
function uriRewrite(naiveUriPolicy, uri, effects, ltype, hints) {
@@ -114,14 +106,17 @@
}
uri = '' + uri;
var parsed = URI.parse(uri);
- return ifThrowsThenNull(uri, function() {
+ try {
if (allowedUriScheme(parsed)) {
var safeUri = naiveUriPolicy.rewrite(parsed, effects, ltype,
hints);
return safeUri ? safeUri.toString() : null;
} else {
return null;
}
- });
+ } catch (e) {
+ console.log('Rejecting url ' + uri + ' because ' + e);
+ return null;
+ }
}
var proxiesAvailable = typeof Proxy !== 'undefined';
=======================================
--- /trunk/tests/com/google/caja/plugin/test-cajajs-invocation.js Fri Aug
30 17:29:12 2013 UTC
+++ /trunk/tests/com/google/caja/plugin/test-cajajs-invocation.js Wed Oct
2 23:01:41 2013 UTC
@@ -312,6 +312,25 @@
});
});
+ var urlSrcAndXHRTestCase =
+ '<a href="http://fake1.url/foo";>fake1</a>' +
+ '<a href="http://fake2.url/foo";>fake2</a>' +
+ // script should not stall execution, just not load.
+ '<script src="http://bogus.invalid/foo.js";></script>' +
+ // xhr should indicate error response
+ '<script>' +
+ 'r("init");' +
+ 'var xhr = new XMLHttpRequest();' +
+ 'try {' +
+ ' xhr.open("GET", "' + location.protocol + '//' + location.host +
+ '/nonexistent");' +
+ '} catch (e) { r("" + e); }' +
+ 'xhr.onreadystatechange = function() {' +
+ ' r(xhr.readyState + xhr.responseText);' +
+ '};' +
+ 'xhr.send();' +
+ '</script>';
+
jsunitRegister('testBuilderApiNetNone', function testBuilderApiNetNone()
{
var div = createDiv();
caja.load(div, caja.policy.net.NO_NETWORK,
jsunitCallback(function(frame) {
@@ -319,21 +338,7 @@
frame.code(
location.protocol + '//' + location.host + '/',
'text/html',
- '<a href="http://fake1.url/foo";>fake1</a>' +
- '<a href="http://fake2.url/foo";>fake2</a>' +
- // script should not stall execution, just not load.
- '<script src="http://bogus.invalid/foo.js";></script>' +
- // xhr should indicate error response
- '<script>' +
- 'r("init");' +
- 'var xhr = new XMLHttpRequest();' +
- 'try { xhr.open("http://localhost/";); } catch (e) { r("" + e);
}' +
- 'xhr.onreadystatechange = function() {' +
- ' r(xhr.readyState + xhr.responseText);' +
- '};' +
- 'xhr.send();' +
- '</script>'
- )
+ urlSrcAndXHRTestCase)
.api({r: frame.tame(frame.markFunction(
function(val) { xhrRes.push(val); }))})
.run(jsunitCallback(function(result) {
@@ -348,6 +353,30 @@
}));
});
+ jsunitRegister('testBuilderApiNetNoFetch', function
testBuilderApiNetNone() {
+ var div = createDiv();
+ caja.load(
+ div,
+ { rewrite: caja.policy.net.ALL.rewrite /* but no 'fetch' */ },
+ jsunitCallback(function(frame) {
+ var xhrRes = [];
+ frame.code(
+ location.protocol + '//' + location.host + '/',
+ 'text/html',
+ urlSrcAndXHRTestCase)
+ .api({r: frame.tame(frame.markFunction(
+ function(val) { xhrRes.push(val); }))})
+ .run(jsunitCallback(function(result) {
+ assertStringContains('http://fake1.url/foo', div.innerHTML);
+ assertStringContains('http://fake2.url/foo', div.innerHTML);
+ // TODO(kpreid): verify script did not load, as expected
+ // XHR is independent of fetcher
+ assertEquals('init,4<html>\n', String(xhrRes).substr(0, 13));
+ jsunitPass('testBuilderApiNetNoFetch');
+ }));
+ }));
+ });
+
jsunitRegister('testBuilderApiNetAll', function testBuilderApiNetAll() {
var div = createDiv();
caja.load(div, caja.policy.net.ALL, function (frame) {
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
