Project

General

Profile

Statistics
| Revision:

root / trunk / web / dojo / dojox / secure / sandbox.js

History | View | Annotate | Download (5.11 KB)

1
/*
2
        Copyright (c) 2004-2010, The Dojo Foundation All Rights Reserved.
3
        Available via Academic Free License >= 2.1 OR the modified BSD license.
4
        see: http://dojotoolkit.org/license for details
5
*/
6

    
7

    
8
if(!dojo._hasResource["dojox.secure.sandbox"]){
9
dojo._hasResource["dojox.secure.sandbox"]=true;
10
dojo.provide("dojox.secure.sandbox");
11
dojo.require("dojox.secure.DOM");
12
dojo.require("dojox.secure.capability");
13
dojo.require("dojo.NodeList-fx");
14
(function(){
15
var _1=setTimeout;
16
var _2=setInterval;
17
if({}.__proto__){
18
var _3=function(_4){
19
var _5=Array.prototype[_4];
20
if(_5&&!_5.fixed){
21
(Array.prototype[_4]=function(){
22
if(this==window){
23
throw new TypeError("Called with wrong this");
24
}
25
return _5.apply(this,arguments);
26
}).fixed=true;
27
}
28
};
29
_3("concat");
30
_3("reverse");
31
_3("sort");
32
_3("slice");
33
_3("forEach");
34
_3("filter");
35
_3("reduce");
36
_3("reduceRight");
37
_3("every");
38
_3("map");
39
_3("some");
40
}
41
var _6=function(){
42
return dojo.xhrGet.apply(dojo,arguments);
43
};
44
dojox.secure.sandbox=function(_7){
45
var _8=dojox.secure.DOM(_7);
46
_7=_8(_7);
47
var _9=_7.ownerDocument;
48
var _a,_b=dojox.secure._safeDojoFunctions(_7,_8);
49
var _c=[];
50
var _d=["isNaN","isFinite","parseInt","parseFloat","escape","unescape","encodeURI","encodeURIComponent","decodeURI","decodeURIComponent","alert","confirm","prompt","Error","EvalError","RangeError","ReferenceError","SyntaxError","TypeError","Date","RegExp","Number","Object","Array","String","Math","setTimeout","setInterval","clearTimeout","clearInterval","dojo","get","set","forEach","load","evaluate"];
51
for(var i in _b){
52
_d.push(i);
53
_c.push("var "+i+"=dojo."+i);
54
}
55
eval(_c.join(";"));
56
function _e(_f,_10){
57
_10=""+_10;
58
if(dojox.secure.badProps.test(_10)){
59
throw new Error("bad property access");
60
}
61
if(_f.__get__){
62
return _f.__get__(_10);
63
}
64
return _f[_10];
65
};
66
function set(obj,_11,_12){
67
_11=""+_11;
68
_e(obj,_11);
69
if(obj.__set){
70
return obj.__set(_11);
71
}
72
obj[_11]=_12;
73
return _12;
74
};
75
function _13(obj,fun){
76
if(typeof fun!="function"){
77
throw new TypeError();
78
}
79
if("length" in obj){
80
if(obj.__get__){
81
var len=obj.__get__("length");
82
for(var i=0;i<len;i++){
83
if(i in obj){
84
fun.call(obj,obj.__get__(i),i,obj);
85
}
86
}
87
}else{
88
len=obj.length;
89
for(i=0;i<len;i++){
90
if(i in obj){
91
fun.call(obj,obj[i],i,obj);
92
}
93
}
94
}
95
}else{
96
for(i in obj){
97
fun.call(obj,_e(obj,i),i,obj);
98
}
99
}
100
};
101
function _14(_15,_16,_17){
102
var _18,_19,_1a;
103
var arg;
104
for(var i=0,l=arguments.length;typeof (arg=arguments[i])=="function"&&i<l;i++){
105
if(_18){
106
_a(_18,arg.prototype);
107
}else{
108
_19=arg;
109
var F=function(){
110
};
111
F.prototype=arg.prototype;
112
_18=new F;
113
}
114
}
115
if(arg){
116
for(var j in arg){
117
var _1b=arg[j];
118
if(typeof _1b=="function"){
119
arg[j]=function(){
120
if(this instanceof _14){
121
return arguments.callee.__rawMethod__.apply(this,arguments);
122
}
123
throw new Error("Method called on wrong object");
124
};
125
arg[j].__rawMethod__=_1b;
126
}
127
}
128
if(arg.hasOwnProperty("constructor")){
129
_1a=arg.constructor;
130
}
131
}
132
_18=_18?_a(_18,arg):arg;
133
function _14(){
134
if(_19){
135
_19.apply(this,arguments);
136
}
137
if(_1a){
138
_1a.apply(this,arguments);
139
}
140
};
141
_a(_14,arguments[i]);
142
_18.constructor=_14;
143
_14.prototype=_18;
144
return _14;
145
};
146
function _1c(_1d){
147
if(typeof _1d!="function"){
148
throw new Error("String is not allowed in setTimeout/setInterval");
149
}
150
};
151
function _1e(_1f,_20){
152
_1c(_1f);
153
return _1(_1f,_20);
154
};
155
function _21(_22,_23){
156
_1c(_22);
157
return _2(_22,_23);
158
};
159
function _24(_25){
160
return _8.evaluate(_25);
161
};
162
var _26=_8.load=function(url){
163
if(url.match(/^[\w\s]*:/)){
164
throw new Error("Access denied to cross-site requests");
165
}
166
return _6({url:(new _b._Url(_8.rootUrl,url))+"",secure:true});
167
};
168
_8.evaluate=function(_27){
169
dojox.secure.capability.validate(_27,_d,{document:1,element:1});
170
if(_27.match(/^\s*[\[\{]/)){
171
var _28=eval("("+_27+")");
172
}else{
173
eval(_27);
174
}
175
};
176
return {loadJS:function(url){
177
_8.rootUrl=url;
178
return _6({url:url,secure:true}).addCallback(function(_29){
179
_24(_29,_7);
180
});
181
},loadHTML:function(url){
182
_8.rootUrl=url;
183
return _6({url:url,secure:true}).addCallback(function(_2a){
184
_7.innerHTML=_2a;
185
});
186
},evaluate:function(_2b){
187
return _8.evaluate(_2b);
188
}};
189
};
190
})();
191
dojox.secure._safeDojoFunctions=function(_2c,_2d){
192
var _2e=["mixin","require","isString","isArray","isFunction","isObject","isArrayLike","isAlien","hitch","delegate","partial","trim","disconnect","subscribe","unsubscribe","Deferred","toJson","style","attr"];
193
var doc=_2c.ownerDocument;
194
var _2f=dojox.secure.unwrap;
195
dojo.NodeList.prototype.addContent.safetyCheck=function(_30){
196
_2d.safeHTML(_30);
197
};
198
dojo.NodeList.prototype.style.safetyCheck=function(_31,_32){
199
if(_31=="behavior"){
200
throw new Error("Can not set behavior");
201
}
202
_2d.safeCSS(_32);
203
};
204
dojo.NodeList.prototype.attr.safetyCheck=function(_33,_34){
205
if(_34&&(_33=="src"||_33=="href"||_33=="style")){
206
throw new Error("Illegal to set "+_33);
207
}
208
};
209
var _35={query:function(_36,_37){
210
return _2d(dojo.query(_36,_2f(_37||_2c)));
211
},connect:function(el,_38){
212
var obj=el;
213
arguments[0]=_2f(el);
214
if(obj!=arguments[0]&&_38.substring(0,2)!="on"){
215
throw new Error("Invalid event name for element");
216
}
217
return dojo.connect.apply(dojo,arguments);
218
},body:function(){
219
return _2c;
220
},byId:function(id){
221
return _2c.ownerDocument.getElementById(id);
222
},fromJson:function(str){
223
dojox.secure.capability.validate(str,[],{});
224
return dojo.fromJson(str);
225
}};
226
for(var i=0;i<_2e.length;i++){
227
_35[_2e[i]]=dojo[_2e[i]];
228
}
229
return _35;
230
};
231
}