Author: doll
Date: Mon Feb 25 11:55:25 2008
New Revision: 630971
URL: http://svn.apache.org/viewvc?rev=630971&view=rev
Log:
Rolled back my previous changes to escapeString.
Instead, made a new method, gadgets.util.escape that is container only. This
method handles logic for escaping strings, arrays and objects.
Updated the samplecontainer, jsoncontainer, and the reference code to use these
new methods. App data is now properly escaped.
Modified:
incubator/shindig/trunk/features/core/util.js
incubator/shindig/trunk/features/opensocial-0.7/jsoncontainer.js
incubator/shindig/trunk/features/opensocial-reference/activity.js
incubator/shindig/trunk/features/opensocial-reference/address.js
incubator/shindig/trunk/features/opensocial-reference/bodytype.js
incubator/shindig/trunk/features/opensocial-reference/email.js
incubator/shindig/trunk/features/opensocial-reference/enum.js
incubator/shindig/trunk/features/opensocial-reference/message.js
incubator/shindig/trunk/features/opensocial-reference/name.js
incubator/shindig/trunk/features/opensocial-reference/organization.js
incubator/shindig/trunk/features/opensocial-reference/person.js
incubator/shindig/trunk/features/opensocial-reference/phone.js
incubator/shindig/trunk/features/opensocial-reference/url.js
incubator/shindig/trunk/features/opensocial-samplecontainer/samplecontainer.js
Modified: incubator/shindig/trunk/features/core/util.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core/util.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core/util.js (original)
+++ incubator/shindig/trunk/features/core/util.js Mon Feb 25 11:55:25 2008
@@ -183,6 +183,45 @@
/**
* Escapes the input using html entities to make it safer.
*
+ * If the input is a string, uses gadgets.util.escapeString.
+ * If it is an array, calls escape on each of the array elements
+ * if it is an object, will only escape all the mapped keys and values if
+ * the opt_escapeObjects flag is set. This operation involves creating an
+ * entirely new object so only set the flag when the input is a simple
+ * string to string map.
+ * Otherwise, does not attempt to modify the input.
+ *
+ * @param {Object} input The object to escape
+ * @param {Boolean} opt_escapeObjects Whether to escape objects.
+ * @return {Object} The escaped object
+ * @private Only to be used by the container, not gadgets.
+ */
+ escape : function(input, opt_escapeObjects) {
+
+ if (typeof input == "string") {
+ return gadgets.util.escapeString(input);
+
+ } else if (typeof input == "array") {
+ for (var i = 0; i < input.length; i++) {
+ input[i] = gadgets.util.escape(input[i]);
+ }
+
+ } else if (opt_escapeObjects) {
+ var newObject = {};
+ for (var field in input) if (input.hasOwnProperty(field)) {
+ newObject[gadgets.util.escapeString(field)]
+ = gadgets.util.escape(input[field], true);
+ }
+ return newObject;
+
+ } else {
+ return input;
+ }
+ },
+
+ /**
+ * Escapes the input using html entities to make it safer.
+ *
* Currently only escapes < > ' and " All known browsers handle
* & without issue.
*
@@ -196,14 +235,10 @@
* @return {String} The escaped string
*/
escapeString : function(str) {
- if (typeof str == "string") {
- return str.replace(/</g, "<")
- .replace(/>/g, ">")
- .replace(/"/g, """)
- .replace(/'/g, "'");
- } else {
- return str;
- }
+ return str.replace(/</g, "<")
+ .replace(/>/g, ">")
+ .replace(/"/g, """)
+ .replace(/'/g, "'");
},
/**
Modified: incubator/shindig/trunk/features/opensocial-0.7/jsoncontainer.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-0.7/jsoncontainer.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-0.7/jsoncontainer.js (original)
+++ incubator/shindig/trunk/features/opensocial-0.7/jsoncontainer.js Mon Feb 25
11:55:25 2008
@@ -128,7 +128,11 @@
JsonContainer.prototype.newFetchPersonAppDataRequest = function(
idSpec, keys) {
return new RequestItem({'type' : 'FETCH_PERSON_APP_DATA', 'idSpec' : idSpec,
- 'keys' : keys});
+ 'keys' : keys},
+ function (appData) {
+ return new opensocial.ResponseItem(null,
+ gadgets.util.escape(appData, true)); // TODO: Original request
+ });
};
JsonContainer.prototype.newUpdatePersonAppDataRequest = function(
Modified: incubator/shindig/trunk/features/opensocial-reference/activity.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/activity.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/activity.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/activity.js Mon Feb
25 11:55:25 2008
@@ -354,7 +354,7 @@
* @member opensocial.Activity
*/
opensocial.Activity.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
@@ -467,7 +467,7 @@
* @return {String} The data
*/
opensocial.Activity.MediaItem.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/address.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/address.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/address.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/address.js Mon Feb 25
11:55:25 2008
@@ -142,5 +142,5 @@
* @return {String} The data
*/
opensocial.Address.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/bodytype.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/bodytype.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/bodytype.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/bodytype.js Mon Feb
25 11:55:25 2008
@@ -97,5 +97,5 @@
* @return {String} The data
*/
opensocial.BodyType.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/email.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/email.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/email.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/email.js Mon Feb 25
11:55:25 2008
@@ -76,5 +76,5 @@
* @return {String} The data
*/
opensocial.Email.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/enum.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/enum.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/enum.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/enum.js Mon Feb 25
11:55:25 2008
@@ -80,7 +80,7 @@
* below.
*/
opensocial.Enum.prototype.getKey = function() {
- return gadgets.util.escapeString(this.key);
+ return gadgets.util.escape(this.key);
};
@@ -91,7 +91,7 @@
* @return {String} The enum's value.
*/
opensocial.Enum.prototype.getDisplayValue = function() {
- return gadgets.util.escapeString(this.displayValue);
+ return gadgets.util.escape(this.displayValue);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/message.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/message.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/message.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/message.js Mon Feb 25
11:55:25 2008
@@ -135,7 +135,7 @@
* @member opensocial.Message
*/
opensocial.Message.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/name.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/name.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/name.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/name.js Mon Feb 25
11:55:25 2008
@@ -103,5 +103,5 @@
* @return {String} The data
*/
opensocial.Name.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/organization.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/organization.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/organization.js
(original)
+++ incubator/shindig/trunk/features/opensocial-reference/organization.js Mon
Feb 25 11:55:25 2008
@@ -140,5 +140,5 @@
* @return {String} The data
*/
opensocial.Organization.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/person.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/person.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/person.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/person.js Mon Feb 25
11:55:25 2008
@@ -527,7 +527,7 @@
* @return {String} The data
*/
opensocial.Person.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/phone.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/phone.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/phone.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/phone.js Mon Feb 25
11:55:25 2008
@@ -76,5 +76,5 @@
* @return {String} The data
*/
opensocial.Phone.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified: incubator/shindig/trunk/features/opensocial-reference/url.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-reference/url.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
--- incubator/shindig/trunk/features/opensocial-reference/url.js (original)
+++ incubator/shindig/trunk/features/opensocial-reference/url.js Mon Feb 25
11:55:25 2008
@@ -83,5 +83,5 @@
* @return {String} The data
*/
opensocial.Url.prototype.getField = function(key) {
- return gadgets.util.escapeString(this.fields_[key]);
+ return gadgets.util.escape(this.fields_[key]);
};
Modified:
incubator/shindig/trunk/features/opensocial-samplecontainer/samplecontainer.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/opensocial-samplecontainer/samplecontainer.js?rev=630971&r1=630970&r2=630971&view=diff
==============================================================================
---
incubator/shindig/trunk/features/opensocial-samplecontainer/samplecontainer.js
(original)
+++
incubator/shindig/trunk/features/opensocial-samplecontainer/samplecontainer.js
Mon Feb 25 11:55:25 2008
@@ -273,7 +273,7 @@
}
}
}
- requestedValue = values;
+ requestedValue = gadgets.util.escape(values, true);
break;
case 'UPDATE_PERSON_APP_DATA' :
@@ -290,7 +290,7 @@
|| userId == this.viewer.getId()) {
userId = this.viewer.getId();
this.personAppData[userId] = this.personAppData[userId] || {};
- this.personAppData[userId][request.key] = request.value;
+ this.personAppData[userId][request.key] = String(request.value);
} else {
errorCode = opensocial.ResponseItem.Error.FORBIDDEN;
errorMessage = 'gadgets can only edit viewer app data';
