Author: etnu
Date: Fri Feb 22 04:28:42 2008
New Revision: 630172
URL: http://svn.apache.org/viewvc?rev=630172&view=rev
Log:
Commit for SHINDIG-89
Modified:
incubator/shindig/trunk/features/core/legacy.js
incubator/shindig/trunk/features/core/prefs.js
incubator/shindig/trunk/features/core/util.js
incubator/shindig/trunk/features/views/views.js
Modified: incubator/shindig/trunk/features/core/legacy.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/legacy.js?rev=630172&r1=630171&r2=630172&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core/legacy.js (original)
+++ incubator/shindig/trunk/features/core/legacy.js Fri Feb 22 04:28:42 2008
@@ -138,12 +138,7 @@
* @return The escaped string.
*/
function _hesc(str) {
- // '<' and '>'
- str = str.replace(/</g, "<").replace(/>/g, ">");
- // '"' and '
- str = str.replace(/"/g, """).replace(/'/g, "'");
-
- return str;
+ return gadgets.util.escapeString(str);
}
/**
Modified: incubator/shindig/trunk/features/core/prefs.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/prefs.js?rev=630172&r1=630171&r2=630172&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core/prefs.js (original)
+++ incubator/shindig/trunk/features/core/prefs.js Fri Feb 22 04:28:42 2008
@@ -240,12 +240,14 @@
/**
* Retrieves a preference as a string.
+ * Returned value will be html entity escaped.
+ *
* @param {String} key The preference to fetch
* @return {String} The preference; if not set, an empty string
*/
gadgets.Prefs.prototype.getString = function(key) {
var val = this.getPref_(key);
- return val === null ? "" : val;
+ return val === null ? "" : gadgets.util.escapeString(val);
};
/**
@@ -312,8 +314,9 @@
if (val !== null) {
var arr = val.split("|");
// Decode pipe characters.
+ var esc = gadgets.util.escapeString;
for (var i = 0, j = arr.length; i < j; ++i) {
- arr[i] = arr[i].replace(/%7C/g, "|");
+ arr[i] = esc(arr[i].replace(/%7C/g, "|"));
}
return arr;
}
Modified: incubator/shindig/trunk/features/core/util.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/util.js?rev=630172&r1=630171&r2=630172&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core/util.js (original)
+++ incubator/shindig/trunk/features/core/util.js Fri Feb 22 04:28:42 2008
@@ -157,7 +157,7 @@
* @member gadgets.util
*/
hasFeature : function (feature) {
- return typeof features[feature] === "undefined";
+ return typeof features[feature] !== "undefined";
},
/**
@@ -178,6 +178,40 @@
for (var i = 0, j = onLoadHandlers.length; i < j; ++i) {
onLoadHandlers[i]();
}
+ },
+
+ /**
+ * Escapes the input using html entities to make it safer.
+ *
+ * Currently only escapes < > ' and " All known browsers handle
+ * & without issue.
+ *
+ * Currently not in the spec -- future proposals may change
+ * how this is handled.
+ *
+ * TODO: Parsing the string would probably be more accurate and faster than
+ * a bunch of regular expressions.
+ *
+ * @param {String} str The string to escape
+ * @return {String} The escaped string
+ */
+ escapeString : function(str) {
+ return str.replace(/</g, "<")
+ .replace(/>/g, ">")
+ .replace(/"/g, """)
+ .replace(/'/g, "'");
+ },
+
+ /**
+ * Reverses escapeString
+ *
+ * @param {String} str The string to unescape.
+ */
+ unescapeString : function(str) {
+ return str.replace(/</g, "<")
+ .replace(/>/g, ">")
+ .replace(/"/g, '"')
+ .replace(/'/g, "'");
},
/**
Modified: incubator/shindig/trunk/features/views/views.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/views/views.js?rev=630172&r1=630171&r2=630172&view=diff
==============================================================================
--- incubator/shindig/trunk/features/views/views.js (original)
+++ incubator/shindig/trunk/features/views/views.js Fri Feb 22 04:28:42 2008
@@ -70,6 +70,9 @@
decodeURIComponent(urlParams["view-params"]));
if (tmpParams) {
params = tmpParams;
+ for (var p in params) if (params.hasOwnProperty(p)) {
+ params[p] = gadgets.util.escapeString(params[p]);
+ }
}
}
currentView = supportedViews[urlParams.view] || supportedViews["default"];
@@ -84,19 +87,47 @@
gadgets.config.register("views", requiredConfig, init);
return {
+ /**
+ * Attempts to navigate to this gadget in a different view. If the
container
+ * supports parameters will pass the optional parameters along to the
gadget
+ * in the new view.
+ *
+ * @param {gadgets.views.View} view The view to navigate to
+ * @param {Map.<String, String>} opt_params Parameters to pass to the
+ * gadget after it has been navigated to on the surface
+ */
requestNavigateTo : function(view, opt_params) {
gadgets.rpc.call(
null, "requestNavigateTo", null, view.getName(), opt_params);
},
+ /**
+ * Returns the current view.
+ *
+ * @return {gadgets.views.View} The current view
+ */
getCurrentView : function() {
return currentView;
},
+ /**
+ * Returns a map of all the supported views. Keys each gadgets.view.View by
+ * its name.
+ *
+ * @return {Map<gadgets.views.ViewType | String, gadgets.views.View>}
+ * All supported views, keyed by their name attribute.
+ */
getSupportedViews : function() {
return supportedViews;
},
+ /**
+ * Returns the parameters passed into this gadget for this view. Does not
+ * include all url parameters, only the ones passed into
+ * gadgets.views.requestNavigateTo
+ *
+ * @return {Map.<String, String>} The parameter map
+ */
getParams : function() {
return params;
}
@@ -108,10 +139,16 @@
this.isOnlyVisible_ = !!opt_isOnlyVisible;
};
+/**
+ * @return {String} The view name.
+ */
gadgets.views.View.prototype.getName = function() {
return this.name_;
};
+/**
+ * @return {Boolean} True if this is the only visible gadget on the page.
+ */
gadgets.views.View.prototype.isOnlyVisibleGadget = function() {
return this.isOnlyVisible_;
};
