root / trunk / web / dojo / dojox / secure / DOM.js
History | View | Annotate | Download (4.71 KB)
1 |
/*
|
---|---|
2 |
Copyright (c) 2004-2010, The Dojo Foundation All Rights Reserved.
|
3 |
Available via Academic Free License >= 2.1 OR the modified BSD license.
|
4 |
see: http://dojotoolkit.org/license for details
|
5 |
*/
|
6 |
|
7 |
|
8 |
if(!dojo._hasResource["dojox.secure.DOM"]){ |
9 |
dojo._hasResource["dojox.secure.DOM"]=true; |
10 |
dojo.provide("dojox.secure.DOM");
|
11 |
dojo.require("dojox.lang.observable");
|
12 |
dojox.secure.DOM=function(_1){ |
13 |
function _2(_3){ |
14 |
if(!_3){
|
15 |
return _3;
|
16 |
} |
17 |
var _4=_3;
|
18 |
do{
|
19 |
if(_4==_1){
|
20 |
return _5(_3);
|
21 |
} |
22 |
}while((_4=_4.parentNode));
|
23 |
return null; |
24 |
}; |
25 |
function _5(_6){ |
26 |
if(_6){
|
27 |
if(_6.nodeType){
|
28 |
var _7=_8(_6);
|
29 |
if(_6.nodeType==1&&typeof _7.style=="function"){ |
30 |
_7.style=_9(_6.style); |
31 |
_7.ownerDocument=_a; |
32 |
_7.childNodes={__get__:function(i){ |
33 |
return _5(_6.childNodes[i]);
|
34 |
},length:0}; |
35 |
} |
36 |
return _7;
|
37 |
} |
38 |
if(_6&&typeof _6=="object"){ |
39 |
if(_6.__observable){
|
40 |
return _6.__observable;
|
41 |
} |
42 |
_7=_6 instanceof Array?[]:{};
|
43 |
_6.__observable=_7; |
44 |
for(var i in _6){ |
45 |
if(i!="__observable"){ |
46 |
_7[i]=_5(_6[i]); |
47 |
} |
48 |
} |
49 |
_7.data__=_6; |
50 |
return _7;
|
51 |
} |
52 |
if(typeof _6=="function"){ |
53 |
var _b=function(_c){ |
54 |
if(typeof _c=="function"){ |
55 |
return function(){ |
56 |
for(var i=0;i<arguments.length;i++){ |
57 |
arguments[i]=_5(arguments[i]); |
58 |
} |
59 |
return _b(_c.apply(_5(this),arguments)); |
60 |
}; |
61 |
} |
62 |
return dojox.secure.unwrap(_c);
|
63 |
}; |
64 |
return function(){ |
65 |
if(_6.safetyCheck){
|
66 |
_6.safetyCheck.apply(_b(this),arguments); |
67 |
} |
68 |
for(var i=0;i<arguments.length;i++){ |
69 |
arguments[i]=_b(arguments[i]); |
70 |
} |
71 |
return _5(_6.apply(_b(this),arguments)); |
72 |
}; |
73 |
} |
74 |
} |
75 |
return _6;
|
76 |
}; |
77 |
unwrap=dojox.secure.unwrap; |
78 |
function _d(_e){ |
79 |
_e+="";
|
80 |
if(_e.match(/behavior:|content:|javascript:|binding|expression|\@import/)){ |
81 |
throw new Error("Illegal CSS"); |
82 |
} |
83 |
var id=_1.id||(_1.id="safe"+(""+Math.random()).substring(2)); |
84 |
return _e.replace(/(\}|^)\s*([^\{]*\{)/g,function(t,a,b){ |
85 |
return a+" #"+id+" "+b; |
86 |
}); |
87 |
}; |
88 |
function _f(url){ |
89 |
if(url.match(/:/)&&!url.match(/^(http|ftp|mailto)/)){ |
90 |
throw new Error("Unsafe URL "+url); |
91 |
} |
92 |
}; |
93 |
function _10(el){ |
94 |
if(el&&el.nodeType==1){ |
95 |
if(el.tagName.match(/script/i)){ |
96 |
var src=el.src;
|
97 |
if(src&&src!=""){ |
98 |
el.parentNode.removeChild(el); |
99 |
dojo.xhrGet({url:src,secure:true}).addCallback(function(_11){ |
100 |
_a.evaluate(_11); |
101 |
}); |
102 |
}else{
|
103 |
var _12=el.innerHTML;
|
104 |
el.parentNode.removeChild(el); |
105 |
_5.evaluate(_12); |
106 |
} |
107 |
} |
108 |
if(el.tagName.match(/link/i)){ |
109 |
throw new Error("illegal tag"); |
110 |
} |
111 |
if(el.tagName.match(/style/i)){ |
112 |
var _13=function(_14){ |
113 |
if(el.styleSheet){
|
114 |
el.styleSheet.cssText=_14; |
115 |
}else{
|
116 |
var _15=doc.createTextNode(_14);
|
117 |
if(el.childNodes[0]){ |
118 |
el.replaceChild(_15,el.childNodes[0]);
|
119 |
}else{
|
120 |
el.appendChild(_15); |
121 |
} |
122 |
} |
123 |
}; |
124 |
src=el.src; |
125 |
if(src&&src!=""){ |
126 |
alert("src"+src);
|
127 |
el.src=null;
|
128 |
dojo.xhrGet({url:src,secure:true}).addCallback(function(_16){ |
129 |
_13(_d(_16)); |
130 |
}); |
131 |
} |
132 |
_13(_d(el.innerHTML)); |
133 |
} |
134 |
if(el.style){
|
135 |
_d(el.style.cssText); |
136 |
} |
137 |
if(el.href){
|
138 |
_f(el.href); |
139 |
} |
140 |
if(el.src){
|
141 |
_f(el.src); |
142 |
} |
143 |
var _17,i=0; |
144 |
while((_17=el.attributes[i++])){
|
145 |
if(_17.name.substring(0,2)=="on"&&_17.value!="null"&&_17.value!=""){ |
146 |
throw new Error("event handlers not allowed in the HTML, they must be set with element.addEventListener"); |
147 |
} |
148 |
} |
149 |
var _18=el.childNodes;
|
150 |
for(var i=0,l=_18.length;i<l;i++){ |
151 |
_10(_18[i]); |
152 |
} |
153 |
} |
154 |
}; |
155 |
function _19(_1a){ |
156 |
var div=document.createElement("div"); |
157 |
if(_1a.match(/<object/i)){ |
158 |
throw new Error("The object tag is not allowed"); |
159 |
} |
160 |
div.innerHTML=_1a; |
161 |
_10(div); |
162 |
return div;
|
163 |
}; |
164 |
var doc=_1.ownerDocument;
|
165 |
var _a={getElementById:function(id){ |
166 |
return _2(doc.getElementById(id));
|
167 |
},createElement:function(_1b){ |
168 |
return _5(doc.createElement(_1b));
|
169 |
},createTextNode:function(_1c){ |
170 |
return _5(doc.createTextNode(_1c));
|
171 |
},write:function(str){ |
172 |
var div=_19(str);
|
173 |
while(div.childNodes.length){
|
174 |
_1.appendChild(div.childNodes[0]);
|
175 |
} |
176 |
}}; |
177 |
_a.open=_a.close=function(){ |
178 |
}; |
179 |
var _1d={innerHTML:function(_1e,_1f){ |
180 |
_1e.innerHTML=_19(_1f).innerHTML; |
181 |
}}; |
182 |
_1d.outerHTML=function(_20,_21){ |
183 |
throw new Error("Can not set this property"); |
184 |
}; |
185 |
function _22(_23,_24){ |
186 |
return function(_25,_26){ |
187 |
_10(_26[_24]); |
188 |
return _25[_23](_26[0]); |
189 |
}; |
190 |
}; |
191 |
var _27={appendChild:_22("appendChild",0),insertBefore:_22("insertBefore",0),replaceChild:_22("replaceChild",1),cloneNode:function(_28,_29){ |
192 |
return _28.cloneNode(_29[0]); |
193 |
},addEventListener:function(_2a,_2b){ |
194 |
dojo.connect(_2a,"on"+_2b[0],this,function(_2c){ |
195 |
_2c=_8(_2c||window.event); |
196 |
_2b[1].call(this,_2c); |
197 |
}); |
198 |
}}; |
199 |
_27.childNodes=_27.style=_27.ownerDocument=function(){ |
200 |
}; |
201 |
function _2d(_2e){ |
202 |
return dojox.lang.makeObservable(function(_2f,_30){ |
203 |
var _31;
|
204 |
return _2f[_30];
|
205 |
},_2e,function(_32,_33,_34,_35){
|
206 |
for(var i=0;i<_35.length;i++){ |
207 |
_35[i]=unwrap(_35[i]); |
208 |
} |
209 |
if(_27[_34]){
|
210 |
return _5(_27[_34].call(_32,_33,_35));
|
211 |
} |
212 |
return _5(_33[_34].apply(_33,_35));
|
213 |
},_27); |
214 |
}; |
215 |
var _8=_2d(function(_36,_37,_38){ |
216 |
if(_1d[_37]){
|
217 |
_1d[_37](_36,_38); |
218 |
} |
219 |
_36[_37]=_38; |
220 |
}); |
221 |
var _39={behavior:1,MozBinding:1}; |
222 |
var _9=_2d(function(_3a,_3b,_3c){ |
223 |
if(!_39[_3b]){
|
224 |
_3a[_3b]=_d(_3c); |
225 |
} |
226 |
}); |
227 |
_5.safeHTML=_19; |
228 |
_5.safeCSS=_d; |
229 |
return _5;
|
230 |
}; |
231 |
dojox.secure.unwrap=function unwrap(_3d){ |
232 |
return (_3d&&_3d.data__)||_3d;
|
233 |
}; |
234 |
} |