svn commit: r630344 - in /incubator/shindig/trunk/features: core/ opensocial-reference/

doll Fri, 22 Feb 2008 14:55:52 -0800

Author: doll
Date: Fri Feb 22 14:55:21 2008
New Revision: 630344

URL: http://svn.apache.org/viewvc?rev=630344&view=rev
Log:
All getField calls now return escaped data. This prevents the doEvil flag from 
doing real harm in the SocialHelloWorld. As long as gadgets don't use unescape 
they should be safe from bad data.


Changed the escapeString function to check if the passed in object is a string 
(makes the opensocial code cleaner)



Modified:
    incubator/shindig/trunk/features/core/util.js
    incubator/shindig/trunk/features/opensocial-reference/activity.js
    incubator/shindig/trunk/features/opensocial-reference/address.js
    incubator/shindig/trunk/features/opensocial-reference/bodytype.js
    incubator/shindig/trunk/features/opensocial-reference/email.js
    incubator/shindig/trunk/features/opensocial-reference/message.js
    incubator/shindig/trunk/features/opensocial-reference/name.js
    incubator/shindig/trunk/features/opensocial-reference/organization.js
    incubator/shindig/trunk/features/opensocial-reference/person.js
    incubator/shindig/trunk/features/opensocial-reference/phone.js
    incubator/shindig/trunk/features/opensocial-reference/url.js

Modified: incubator/shindig/trunk/features/core/util.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/util.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core/util.js (original)
+++ incubator/shindig/trunk/features/core/util.js Fri Feb 22 14:55:21 2008
@@ -196,10 +196,14 @@
      * @return {String} The escaped string
      */
     escapeString : function(str) {
-      return str.replace(/</g, "&lt;")
-                .replace(/>/g, "&gt;")
-                .replace(/"/g, "&quot;")
-                .replace(/'/g, "&#39;");
+      if (typeof str == "string") {
+        return str.replace(/</g, "&lt;")
+            .replace(/>/g, "&gt;")
+            .replace(/"/g, "&quot;")
+            .replace(/'/g, "&#39;");
+      } else {
+        return str;
+      }
     },
 
     /**

Modified: incubator/shindig/trunk/features/opensocial-reference/activity.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/activity.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/activity.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/activity.js Fri Feb 
22 14:55:21 2008
@@ -354,7 +354,7 @@
  * @member opensocial.Activity
  */
 opensocial.Activity.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };
 
 
@@ -467,7 +467,7 @@
  * @return {String} The data
  */
 opensocial.Activity.MediaItem.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };
 
 

Modified: incubator/shindig/trunk/features/opensocial-reference/address.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/address.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/address.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/address.js Fri Feb 22 
14:55:21 2008
@@ -142,5 +142,5 @@
  * @return {String} The data
  */
 opensocial.Address.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };

Modified: incubator/shindig/trunk/features/opensocial-reference/bodytype.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/bodytype.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/bodytype.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/bodytype.js Fri Feb 
22 14:55:21 2008
@@ -97,5 +97,5 @@
  * @return {String} The data
  */
 opensocial.BodyType.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };

Modified: incubator/shindig/trunk/features/opensocial-reference/email.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/email.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/email.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/email.js Fri Feb 22 
14:55:21 2008
@@ -76,5 +76,5 @@
  * @return {String} The data
  */
 opensocial.Email.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };

Modified: incubator/shindig/trunk/features/opensocial-reference/message.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/message.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/message.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/message.js Fri Feb 22 
14:55:21 2008
@@ -135,7 +135,7 @@
  * @member opensocial.Message
  */
 opensocial.Message.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };
 
 

Modified: incubator/shindig/trunk/features/opensocial-reference/name.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/name.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/name.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/name.js Fri Feb 22 
14:55:21 2008
@@ -103,5 +103,5 @@
  * @return {String} The data
  */
 opensocial.Name.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };

Modified: incubator/shindig/trunk/features/opensocial-reference/organization.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/organization.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/organization.js 
(original)
+++ incubator/shindig/trunk/features/opensocial-reference/organization.js Fri 
Feb 22 14:55:21 2008
@@ -140,5 +140,5 @@
  * @return {String} The data
  */
 opensocial.Organization.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };

Modified: incubator/shindig/trunk/features/opensocial-reference/person.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/person.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/person.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/person.js Fri Feb 22 
14:55:21 2008
@@ -527,7 +527,7 @@
  * @return {String} The data
  */
 opensocial.Person.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };
 
 

Modified: incubator/shindig/trunk/features/opensocial-reference/phone.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/phone.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/phone.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/phone.js Fri Feb 22 
14:55:21 2008
@@ -76,5 +76,5 @@
  * @return {String} The data
  */
 opensocial.Phone.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };

Modified: incubator/shindig/trunk/features/opensocial-reference/url.js
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/url.js?rev=630344&r1=630343&r2=630344&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/url.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/url.js Fri Feb 22 
14:55:21 2008
@@ -83,5 +83,5 @@
  * @return {String} The data
  */
 opensocial.Url.prototype.getField = function(key) {
-  return this.fields_[key];
+  return gadgets.util.escapeString(this.fields_[key]);
 };

svn commit: r630344 - in /incubator/shindig/trunk/features: core/ opensocial-reference/

Reply via email to