Revision: 5665
Author: [email protected]
Date: Wed Feb 12 18:09:06 2014 UTC
Log: Backport to es53 branch: r5661, r5664
5661 Add leniency in taming for better Google Visualization API support.
5664 Fix repair-framework not fully respecting acceptableProblems.
The merge command was
svn merge -c 5661,5664 ^/trunk
and there were no conflicts.
Skipping review since this is a straight merge of everything
since the previous merge.
http://code.google.com/p/google-caja/source/detail?r=5665
Modified:
/branches/es53
/branches/es53/src/com/google/caja/apitaming/cajaTamingGoogleLoader.js
/branches/es53/src/com/google/caja/ses/repair-framework.js
/branches/es53/tests/com/google/caja/ses/test-repair-framework.js
/branches/es53/tests/com/google/caja/util/LocalServer.java
=======================================
--- /branches/es53/src/com/google/caja/apitaming/cajaTamingGoogleLoader.js
Tue Feb 4 17:26:19 2014 UTC
+++ /branches/es53/src/com/google/caja/apitaming/cajaTamingGoogleLoader.js
Wed Feb 12 18:09:06 2014 UTC
@@ -325,6 +325,14 @@
function defCtor(path, obj, policy) {
caja.console.log(path + ' defCtor');
+
+ // Be lenient: don't fail on getting an object instead of a
function. This
+ // is needed for the modular Visualization API which sometimes has
stub
+ // objects instead of actual ctor functions when the ctor was in a
module
+ // not loaded.
+ if (typeof obj === 'object') {
+ return;
+ }
adviseFunction(obj, policy);
=======================================
--- /branches/es53/src/com/google/caja/ses/repair-framework.js Tue Feb 4
17:26:19 2014 UTC
+++ /branches/es53/src/com/google/caja/ses/repair-framework.js Wed Feb 12
18:09:06 2014 UTC
@@ -244,6 +244,12 @@
*/
var acceptableProblems = {};
+ /**
+ * Whether acceptableProblems has been used and therefore should not be
+ * modified.
+ */
+ var acceptableProblemsLocked = false;
+
/**
* As we start to repair, this will track the worst *post-repair*
severity
* seen so far.
@@ -308,6 +314,7 @@
var defaultDisposition = { permit: false, doNotRepair: false };
function disposition(problem) {
+ acceptableProblemsLocked = true;
return Object.prototype.hasOwnProperty.call(acceptableProblems,
problem.id) ? acceptableProblems[problem.id] :
defaultDisposition;
}
@@ -335,7 +342,8 @@
repairsPerformed.lastIndexOf(problem.repair) !== -1;
// Update yetToRepair and plannedSeverity
- if (repairPerformed || !problem.repair) { // repair
attempted/absent
+ if (repairPerformed || !problem.repair ||
+ disposition(problem).doNotRepair) { // repair attempted/absent
if (report.postSeverity.level > severities.SAFE.level
&& disposition(problem).permit) {
@@ -452,7 +460,9 @@
};
this.setAcceptableProblems = function(value) {
- // TODO(kpreid): Check some condition? Do only once?
+ if (acceptableProblemsLocked) {
+ throw new Error('Too late to setAcceptableProblems.');
+ }
acceptableProblems = value;
};
@@ -469,9 +479,8 @@
this.getCurrentSeverity = function() {
var severity = plannedSeverity;
yetToRepair.forEach(function(problem) {
- // TODO(kpreid): Fix interaction of this with acceptableProblems
config
-
- if (problem.preSeverity.level > severity.level) {
+ if (problem.preSeverity.level > severity.level &&
+ !disposition(problem).permit) {
severity = problem.preSeverity;
}
});
@@ -504,6 +513,11 @@
// TODO(kpreid): Replace uses of this with higher level ops
this.updateMaxSeverity = function updateMaxSeverity(severity) {
if (severity.level > plannedSeverity.level) {
+ // This is a useful breakpoint for answering the question "why is
the
+ // severity as high as it is".
+ // if (severity.level > maxAcceptableSeverity.level) {
+ // console.info('Increasing planned severity.');
+ // }
plannedSeverity = severity;
}
};
=======================================
--- /branches/es53/tests/com/google/caja/ses/test-repair-framework.js Tue
Feb 4 17:26:19 2014 UTC
+++ /branches/es53/tests/com/google/caja/ses/test-repair-framework.js Wed
Feb 12 18:09:06 2014 UTC
@@ -141,6 +141,55 @@
jsunitPass();
});
+ jsunitRegister('testAcceptableProblems', function() {
+ var repairer = new ses._Repairer();
+
+ repairer.setAcceptableProblems({
+ 'DNR': { doNotRepair: true },
+ 'PERMIT': { permit: true },
+ 'PERMIT_DNR': { permit: true, doNotRepair: true },
+ });
+ var repaired_pd = false;
+ var repaired_d = false;
+ repairer.registerProblem({
+ id: 'PERMIT',
+ test: function() { return true; },
+ repair: undefined,
+ preSeverity: severities.UNSAFE_SPEC_VIOLATION,
+ canRepair: false,
+ });
+ repairer.registerProblem({
+ id: 'DNR',
+ test: function() { return !repaired_d; },
+ repair: function() { repaired_d = true; },
+ preSeverity: severities.SAFE_SPEC_VIOLATION,
+ canRepair: true,
+ });
+ repairer.registerProblem({
+ id: 'PERMIT_DNR',
+ test: function() { return !repaired_pd; },
+ repair: function() { repaired_pd = true; },
+ preSeverity: severities.UNSAFE_SPEC_VIOLATION,
+ canRepair: true,
+ });
+ repairer.runTests('test without repair');
+ assertEquals('cur sev 1', severities.SAFE_SPEC_VIOLATION,
+ repairer.getCurrentSeverity());
+ assertEquals('plan sev 1', severities.SAFE_SPEC_VIOLATION,
+ repairer.getPlannedSeverity());
+ repairer.testAndRepair();
+ assertFalse('not repaired DNR', repaired_d);
+ assertFalse('not repaired permit&DNR', repaired_pd);
+ // We expect SAFE_SPEC_VIOLATION because problem 'DNR' is doNotRepair
but
+ // it is not permitted, so its severity should show up.
+ assertEquals('cur sev 2', severities.SAFE_SPEC_VIOLATION,
+ repairer.getCurrentSeverity());
+ assertEquals('plan sev 2', severities.SAFE_SPEC_VIOLATION,
+ repairer.getPlannedSeverity());
+
+ jsunitPass();
+ });
+
jsunitRegister('testRepairOutcomes', function() {
var repairer = new ses._Repairer();
=======================================
--- /branches/es53/tests/com/google/caja/util/LocalServer.java Tue Feb 4
17:26:19 2014 UTC
+++ /branches/es53/tests/com/google/caja/util/LocalServer.java Wed Feb 12
18:09:06 2014 UTC
@@ -14,6 +14,8 @@
package com.google.caja.util;
+import javax.servlet.http.HttpServletResponse;
+
import org.mortbay.jetty.Server;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.jetty.handler.ResourceHandler;
@@ -22,6 +24,7 @@
import org.mortbay.jetty.handler.HandlerList;
import org.mortbay.jetty.servlet.Context;
import org.mortbay.jetty.servlet.ServletHolder;
+import org.mortbay.resource.Resource;
import com.google.caja.SomethingWidgyHappenedError;
import com.google.caja.service.CajolingService;
@@ -71,7 +74,18 @@
cajaStatic.setResourceBase("./ant-war/");
// static file serving for tests
- final ResourceHandler resource_handler = new ResourceHandler();
+ final ResourceHandler resource_handler = new ResourceHandler() {
+ @Override
+ protected void doResponseHeaders(HttpServletResponse response,
+ Resource resource, String mimeType) {
+ super.doResponseHeaders(response, resource, mimeType);
+
+ // If not disabled, IE and Chrome will refuse to execute script
text
+ // which happens to occur in the URL (which applies to our
+ // generic-host-page for one).
+ response.setHeader("X-XSS-Protection", "0");
+ }
+ };
resource_handler.setResourceBase(".");
// caja (=playground for now) server under /caja directory
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
