Issue 104067: Allow features other than opensocial to tame their own libraries

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 104067: Allow features other than opensocial to tame their own libraries (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
16 years, 6 months ago by Jasvir

Modified:
16 years, 4 months ago

Reviewers:
Paul Lindner, louiscryan

CC:
shindig.remailer_gmail.com, google-caja-discuss_googlegroups.com

Base URL:
http://svn.apache.org/repos/asf/incubator/shindig/trunk/

Visibility:
Public.

Description

New feature library developers need the ability to tame their own libraries. This change exposes functions for a library to register a function which is run after caja is loaded to tame and expose their library to a cajoled gadget.

Patch Set 1 #

Patch Set 2 : Fixes a minor regression with samplecontainer #

Patch Set 3 : Snapshot to latest #

Patch Set 4 : Allow javascript:void(0) urls #

Total comments: 3

Created: 16 years, 5 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+125 lines, -94 lines)			Patch
M	features/src/main/javascript/features/caja/taming.js	View	1 2	7 chunks	+111 lines, -90 lines	0 comments	Download
M	features/src/main/javascript/features/core/json.js	View		1 chunk	+2 lines, -0 lines	1 comment	Download
M	java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java	View	1 2 3	2 chunks	+11 lines, -3 lines	2 comments	Download
M	javascript/samplecontainer/samplecontainer.js	View	2	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 3

Expand All Messages | Collapse All Messages

Jasvir

On 2009/08/08 21:12:09, jasvir wrote: > Ping! Can I do something to help get this ...

16 years, 6 months ago (2009-08-17 04:16:24 UTC) #2

louiscryan

16 years, 5 months ago (2009-08-21 18:20:45 UTC) #3

http://codereview.appspot.com/104067/diff/4005/4008
File features/src/main/javascript/features/core/json.js (right):

http://codereview.appspot.com/104067/diff/4005/4008#newcode147
Line 147: if (k.match('___$'))
this restriction wont be respected if window.JSON is defined. See above. While
this isnt strictly a security issue it it will put content you dont want in the
JSON output. Can you test this on Firefox 3.5/ Safari 4?

http://codereview.appspot.com/104067/diff/4005/4006
File
java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java
(right):

http://codereview.appspot.com/104067/diff/4005/4006#newcode85
Line 85: if (uri.getScheme().matches("^https?$")) {
no need for regex, case insensitive direct comparison is sufficient.

http://codereview.appspot.com/104067/diff/4005/4006#newcode87
Line 87: } else if ("javascript".equals(uri.getScheme())) {
should be case-insensitive.

Expand All Messages | Collapse All Messages