Change signature of URI policy.

See the comments in UriPolicy.java.

This changes the signature to use two enum values instead of a
mime-type so that we can make finer grained distinctions.

After this, next steps towards configurable UriPolicies
specified in JS are
  (1) Make the loader type and uri effect visible from JS code.
  (2) Define a utility UriPolicy that is specified in terms of a JS
      object.
  (3) Change the command line runner and the sandbox so that there
      is a way to specify JS for one of these policies.

Open questions:
  What in the sandbox proxy needs to change to deal with the new
  URL parameters.


Submitted @4133

[MikeSamuel, 2010-05-25 21:56:53]

ping

[Jasvir, 2010-06-01 22:46:51]

http://codereview.appspot.com/1229046/diff/3001/4023
File src/com/google/caja/demos/playground/server/GWTCajolingServiceImpl.java
(right):

http://codereview.appspot.com/1229046/diff/3001/4023#newcode74
src/com/google/caja/demos/playground/server/GWTCajolingServiceImpl.java:74: +
"&loader=" + loader + "&effect=" + effect);
Are you deprecating mime-type or augmenting support for it with this change? 
Either way, please add loader and effect to CajaArguments.java

http://codereview.appspot.com/1229046/diff/3001/4017
File src/com/google/caja/plugin/UriPolicy.java (right):

http://codereview.appspot.com/1229046/diff/3001/4017#newcode92
src/com/google/caja/plugin/UriPolicy.java:92: INTERPRETER,
Its not clear what the interaction between uri effect and loader type is.  For
example, what does loader type mean for UriEffect.NOT_LOADED?

[Jasvir, 2010-06-01 23:12:20]

My concern with this CL is the expressiveness of the uri policy language we're
providing to a developer.  Ideally the policy language should be one which makes
it easy to capture the common cases but possible to express other more
sophisticated URL policies.  For example, the current CL no longer includes
mime-type information which makes it difficult to whitelist images from a
directory and videos from another.

Your offline suggestion to generate some commonly useful policies and see how
expressible they are with the API here would be useful.

[MikeSamuel, 2010-06-01 23:24:11]

I created http://code.google.com/p/google-caja/wiki/UriPolicyExamples to capture
examples.

[Jasvir, 2010-06-04 20:29:36]

From the offline discussion, for future compatibility especially for the
javascript API, the suggested api would use a hashmap with well known key names
instead of freeform string for hints.  This is to avoid existing clients
breaking after coming to depend on a specific format of hints.

[MikeSamuel, 2010-06-09 21:56:14]

On 2010/06/04 20:29:36, jasvir wrote:
> From the offline discussion, for future compatibility especially for the
> javascript API, the suggested api would use a hashmap with well known key
names
> instead of freeform string for hints.  This is to avoid existing clients
> breaking after coming to depend on a specific format of hints.

Done and snapshotted.

[Jasvir, 2010-06-14 19:15:24]

LGTM

http://codereview.appspot.com/1229046/diff/24001/25019
File src/com/google/caja/plugin/PluginMeta.java (right):

http://codereview.appspot.com/1229046/diff/24001/25019#newcode33
src/com/google/caja/plugin/PluginMeta.java:33: this(UriFetcher.NULL_NETWORK,
UriPolicy.BLANKET_DENY);
DENY_ALL?

http://codereview.appspot.com/1229046/diff/24001/25016
File src/com/google/caja/plugin/UriPolicy.java (right):

http://codereview.appspot.com/1229046/diff/24001/25016#newcode95
src/com/google/caja/plugin/UriPolicy.java:95: INTERPRETER,
The distinction between the loader types is not well captured by the names MEDIA
and INTERPRETER.  Media is loaded by an interpreter too - the critical thing is
whether that interpreter can affect the state of the current interpreter.  Would
NO_EFFECT, SAME_INTERPRETER and NEW_INTERPRETER (to mirror UriEffect) be better?

[MikeSamuel, 2010-06-16 03:26:10]

http://codereview.appspot.com/1229046/diff/24001/25019
File src/com/google/caja/plugin/PluginMeta.java (right):

http://codereview.appspot.com/1229046/diff/24001/25019#newcode33
src/com/google/caja/plugin/PluginMeta.java:33: this(UriFetcher.NULL_NETWORK,
UriPolicy.BLANKET_DENY);
On 2010/06/14 19:15:25, jasvir wrote:
> DENY_ALL?

Done.

http://codereview.appspot.com/1229046/diff/24001/25016
File src/com/google/caja/plugin/UriPolicy.java (right):

http://codereview.appspot.com/1229046/diff/24001/25016#newcode95
src/com/google/caja/plugin/UriPolicy.java:95: INTERPRETER,
renamed (INTERPRETER, MEDIA) to (UNSANDBOXED, SANDBOXED) and fleshed out the
comments.