root / trunk / web / dojo / dojox / secure / DOM.js @ 12
History | View | Annotate | Download (4.71 KB)
| 1 |
/*
|
|---|---|
| 2 |
Copyright (c) 2004-2010, The Dojo Foundation All Rights Reserved.
|
| 3 |
Available via Academic Free License >= 2.1 OR the modified BSD license.
|
| 4 |
see: http://dojotoolkit.org/license for details
|
| 5 |
*/
|
| 6 |
|
| 7 |
|
| 8 |
if(!dojo._hasResource["dojox.secure.DOM"]){ |
| 9 |
dojo._hasResource["dojox.secure.DOM"]=true; |
| 10 |
dojo.provide("dojox.secure.DOM");
|
| 11 |
dojo.require("dojox.lang.observable");
|
| 12 |
dojox.secure.DOM=function(_1){ |
| 13 |
function _2(_3){ |
| 14 |
if(!_3){
|
| 15 |
return _3;
|
| 16 |
} |
| 17 |
var _4=_3;
|
| 18 |
do{
|
| 19 |
if(_4==_1){
|
| 20 |
return _5(_3);
|
| 21 |
} |
| 22 |
}while((_4=_4.parentNode));
|
| 23 |
return null; |
| 24 |
}; |
| 25 |
function _5(_6){ |
| 26 |
if(_6){
|
| 27 |
if(_6.nodeType){
|
| 28 |
var _7=_8(_6);
|
| 29 |
if(_6.nodeType==1&&typeof _7.style=="function"){ |
| 30 |
_7.style=_9(_6.style); |
| 31 |
_7.ownerDocument=_a; |
| 32 |
_7.childNodes={__get__:function(i){
|
| 33 |
return _5(_6.childNodes[i]);
|
| 34 |
},length:0}; |
| 35 |
} |
| 36 |
return _7;
|
| 37 |
} |
| 38 |
if(_6&&typeof _6=="object"){ |
| 39 |
if(_6.__observable){
|
| 40 |
return _6.__observable;
|
| 41 |
} |
| 42 |
_7=_6 instanceof Array?[]:{};
|
| 43 |
_6.__observable=_7; |
| 44 |
for(var i in _6){ |
| 45 |
if(i!="__observable"){ |
| 46 |
_7[i]=_5(_6[i]); |
| 47 |
} |
| 48 |
} |
| 49 |
_7.data__=_6; |
| 50 |
return _7;
|
| 51 |
} |
| 52 |
if(typeof _6=="function"){ |
| 53 |
var _b=function(_c){ |
| 54 |
if(typeof _c=="function"){ |
| 55 |
return function(){ |
| 56 |
for(var i=0;i<arguments.length;i++){ |
| 57 |
arguments[i]=_5(arguments[i]); |
| 58 |
} |
| 59 |
return _b(_c.apply(_5(this),arguments)); |
| 60 |
}; |
| 61 |
} |
| 62 |
return dojox.secure.unwrap(_c);
|
| 63 |
}; |
| 64 |
return function(){ |
| 65 |
if(_6.safetyCheck){
|
| 66 |
_6.safetyCheck.apply(_b(this),arguments); |
| 67 |
} |
| 68 |
for(var i=0;i<arguments.length;i++){ |
| 69 |
arguments[i]=_b(arguments[i]); |
| 70 |
} |
| 71 |
return _5(_6.apply(_b(this),arguments)); |
| 72 |
}; |
| 73 |
} |
| 74 |
} |
| 75 |
return _6;
|
| 76 |
}; |
| 77 |
unwrap=dojox.secure.unwrap; |
| 78 |
function _d(_e){ |
| 79 |
_e+="";
|
| 80 |
if(_e.match(/behavior:|content:|javascript:|binding|expression|\@import/)){ |
| 81 |
throw new Error("Illegal CSS"); |
| 82 |
} |
| 83 |
var id=_1.id||(_1.id="safe"+(""+Math.random()).substring(2)); |
| 84 |
return _e.replace(/(\}|^)\s*([^\{]*\{)/g,function(t,a,b){ |
| 85 |
return a+" #"+id+" "+b; |
| 86 |
}); |
| 87 |
}; |
| 88 |
function _f(url){ |
| 89 |
if(url.match(/:/)&&!url.match(/^(http|ftp|mailto)/)){ |
| 90 |
throw new Error("Unsafe URL "+url); |
| 91 |
} |
| 92 |
}; |
| 93 |
function _10(el){ |
| 94 |
if(el&&el.nodeType==1){ |
| 95 |
if(el.tagName.match(/script/i)){ |
| 96 |
var src=el.src;
|
| 97 |
if(src&&src!=""){ |
| 98 |
el.parentNode.removeChild(el); |
| 99 |
dojo.xhrGet({url:src,secure:true}).addCallback(function(_11){
|
| 100 |
_a.evaluate(_11); |
| 101 |
}); |
| 102 |
}else{
|
| 103 |
var _12=el.innerHTML;
|
| 104 |
el.parentNode.removeChild(el); |
| 105 |
_5.evaluate(_12); |
| 106 |
} |
| 107 |
} |
| 108 |
if(el.tagName.match(/link/i)){ |
| 109 |
throw new Error("illegal tag"); |
| 110 |
} |
| 111 |
if(el.tagName.match(/style/i)){ |
| 112 |
var _13=function(_14){ |
| 113 |
if(el.styleSheet){
|
| 114 |
el.styleSheet.cssText=_14; |
| 115 |
}else{
|
| 116 |
var _15=doc.createTextNode(_14);
|
| 117 |
if(el.childNodes[0]){ |
| 118 |
el.replaceChild(_15,el.childNodes[0]);
|
| 119 |
}else{
|
| 120 |
el.appendChild(_15); |
| 121 |
} |
| 122 |
} |
| 123 |
}; |
| 124 |
src=el.src; |
| 125 |
if(src&&src!=""){ |
| 126 |
alert("src"+src);
|
| 127 |
el.src=null;
|
| 128 |
dojo.xhrGet({url:src,secure:true}).addCallback(function(_16){
|
| 129 |
_13(_d(_16)); |
| 130 |
}); |
| 131 |
} |
| 132 |
_13(_d(el.innerHTML)); |
| 133 |
} |
| 134 |
if(el.style){
|
| 135 |
_d(el.style.cssText); |
| 136 |
} |
| 137 |
if(el.href){
|
| 138 |
_f(el.href); |
| 139 |
} |
| 140 |
if(el.src){
|
| 141 |
_f(el.src); |
| 142 |
} |
| 143 |
var _17,i=0; |
| 144 |
while((_17=el.attributes[i++])){
|
| 145 |
if(_17.name.substring(0,2)=="on"&&_17.value!="null"&&_17.value!=""){ |
| 146 |
throw new Error("event handlers not allowed in the HTML, they must be set with element.addEventListener"); |
| 147 |
} |
| 148 |
} |
| 149 |
var _18=el.childNodes;
|
| 150 |
for(var i=0,l=_18.length;i<l;i++){ |
| 151 |
_10(_18[i]); |
| 152 |
} |
| 153 |
} |
| 154 |
}; |
| 155 |
function _19(_1a){ |
| 156 |
var div=document.createElement("div"); |
| 157 |
if(_1a.match(/<object/i)){ |
| 158 |
throw new Error("The object tag is not allowed"); |
| 159 |
} |
| 160 |
div.innerHTML=_1a; |
| 161 |
_10(div); |
| 162 |
return div;
|
| 163 |
}; |
| 164 |
var doc=_1.ownerDocument;
|
| 165 |
var _a={getElementById:function(id){ |
| 166 |
return _2(doc.getElementById(id));
|
| 167 |
},createElement:function(_1b){ |
| 168 |
return _5(doc.createElement(_1b));
|
| 169 |
},createTextNode:function(_1c){ |
| 170 |
return _5(doc.createTextNode(_1c));
|
| 171 |
},write:function(str){ |
| 172 |
var div=_19(str);
|
| 173 |
while(div.childNodes.length){
|
| 174 |
_1.appendChild(div.childNodes[0]);
|
| 175 |
} |
| 176 |
}}; |
| 177 |
_a.open=_a.close=function(){ |
| 178 |
}; |
| 179 |
var _1d={innerHTML:function(_1e,_1f){ |
| 180 |
_1e.innerHTML=_19(_1f).innerHTML; |
| 181 |
}}; |
| 182 |
_1d.outerHTML=function(_20,_21){ |
| 183 |
throw new Error("Can not set this property"); |
| 184 |
}; |
| 185 |
function _22(_23,_24){ |
| 186 |
return function(_25,_26){ |
| 187 |
_10(_26[_24]); |
| 188 |
return _25[_23](_26[0]); |
| 189 |
}; |
| 190 |
}; |
| 191 |
var _27={appendChild:_22("appendChild",0),insertBefore:_22("insertBefore",0),replaceChild:_22("replaceChild",1),cloneNode:function(_28,_29){ |
| 192 |
return _28.cloneNode(_29[0]); |
| 193 |
},addEventListener:function(_2a,_2b){ |
| 194 |
dojo.connect(_2a,"on"+_2b[0],this,function(_2c){ |
| 195 |
_2c=_8(_2c||window.event); |
| 196 |
_2b[1].call(this,_2c); |
| 197 |
}); |
| 198 |
}}; |
| 199 |
_27.childNodes=_27.style=_27.ownerDocument=function(){ |
| 200 |
}; |
| 201 |
function _2d(_2e){ |
| 202 |
return dojox.lang.makeObservable(function(_2f,_30){ |
| 203 |
var _31;
|
| 204 |
return _2f[_30];
|
| 205 |
},_2e,function(_32,_33,_34,_35){
|
| 206 |
for(var i=0;i<_35.length;i++){ |
| 207 |
_35[i]=unwrap(_35[i]); |
| 208 |
} |
| 209 |
if(_27[_34]){
|
| 210 |
return _5(_27[_34].call(_32,_33,_35));
|
| 211 |
} |
| 212 |
return _5(_33[_34].apply(_33,_35));
|
| 213 |
},_27); |
| 214 |
}; |
| 215 |
var _8=_2d(function(_36,_37,_38){ |
| 216 |
if(_1d[_37]){
|
| 217 |
_1d[_37](_36,_38); |
| 218 |
} |
| 219 |
_36[_37]=_38; |
| 220 |
}); |
| 221 |
var _39={behavior:1,MozBinding:1}; |
| 222 |
var _9=_2d(function(_3a,_3b,_3c){ |
| 223 |
if(!_39[_3b]){
|
| 224 |
_3a[_3b]=_d(_3c); |
| 225 |
} |
| 226 |
}); |
| 227 |
_5.safeHTML=_19; |
| 228 |
_5.safeCSS=_d; |
| 229 |
return _5;
|
| 230 |
}; |
| 231 |
dojox.secure.unwrap=function unwrap(_3d){ |
| 232 |
return (_3d&&_3d.data__)||_3d;
|
| 233 |
}; |
| 234 |
} |