PortletWindow.src.js

woonsan Thu, 10 Sep 2009 06:26:46 -0700

Author: woonsan
Date: Thu Sep 10 13:26:19 2009
New Revision: 813427

URL: http://svn.apache.org/viewvc?rev=813427&view=rev
Log:
JS2-1063: Not to make a request to a url of different domain in script.
If the script tries to make a cross-domain request, then the remaining scripts 
do not work after that. This caused another problems that other portlet windows 
are not rendered as well.


Modified:
    
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js

Modified: 
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js
URL: 
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js?rev=813427&r1=813426&r2=813427&view=diff
==============================================================================
--- 
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js
 (original)
+++ 
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js
 Thu Sep 10 13:26:19 2009
@@ -2896,7 +2896,30 @@
             this._handleDefaults(name+" failure\n "+err, "onExecError", 
"debug");
         }
     },
-
+    
+    _isUrlFromSameDomain: function( url )
+    {
+        var reUrl = /^https?\:\/\/([\w\.]+)[:/]?/i;
+        if (reUrl.test(url))
+        {
+            var targetDomain = RegExp.$1;
+            var hostName = window.location.hostname;
+            
+            if (hostName == targetDomain)
+            {
+                return true;
+            }
+            else
+            {
+                var baseDomain = hostName.replace(/^www\w*\./i, "");
+                if (targetDomain.lastIndexOf(baseDomain) == 
targetDomain.length - baseDomain.length) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    },
+    
     _executeScripts: function( scripts, djObj )
     {
         var jsObj = jetspeed;
@@ -2921,7 +2944,12 @@
             var contents = null;
             try
             {
-                contents = djHostEnv.getText( uri, null, false );
+                // cross domain content retrieval is not allowed.
+                if ( this._isUrlFromSameDomain( uri ))
+                {
+                    contents = djHostEnv.getText( uri, null, false );
+                }
+                
                if ( contents )
                 {
                     //djHostEnv.loadedUris[uri] = true;



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r813427 - /portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js

Reply via email to