root / trunk / web / dojo / dojox / secure / sandbox.js @ 12
History | View | Annotate | Download (5.11 KB)
| 1 |
/*
|
|---|---|
| 2 |
Copyright (c) 2004-2010, The Dojo Foundation All Rights Reserved.
|
| 3 |
Available via Academic Free License >= 2.1 OR the modified BSD license.
|
| 4 |
see: http://dojotoolkit.org/license for details
|
| 5 |
*/
|
| 6 |
|
| 7 |
|
| 8 |
if(!dojo._hasResource["dojox.secure.sandbox"]){ |
| 9 |
dojo._hasResource["dojox.secure.sandbox"]=true; |
| 10 |
dojo.provide("dojox.secure.sandbox");
|
| 11 |
dojo.require("dojox.secure.DOM");
|
| 12 |
dojo.require("dojox.secure.capability");
|
| 13 |
dojo.require("dojo.NodeList-fx");
|
| 14 |
(function(){
|
| 15 |
var _1=setTimeout;
|
| 16 |
var _2=setInterval;
|
| 17 |
if({}.__proto__){
|
| 18 |
var _3=function(_4){ |
| 19 |
var _5=Array.prototype[_4];
|
| 20 |
if(_5&&!_5.fixed){
|
| 21 |
(Array.prototype[_4]=function(){
|
| 22 |
if(this==window){ |
| 23 |
throw new TypeError("Called with wrong this"); |
| 24 |
} |
| 25 |
return _5.apply(this,arguments); |
| 26 |
}).fixed=true;
|
| 27 |
} |
| 28 |
}; |
| 29 |
_3("concat");
|
| 30 |
_3("reverse");
|
| 31 |
_3("sort");
|
| 32 |
_3("slice");
|
| 33 |
_3("forEach");
|
| 34 |
_3("filter");
|
| 35 |
_3("reduce");
|
| 36 |
_3("reduceRight");
|
| 37 |
_3("every");
|
| 38 |
_3("map");
|
| 39 |
_3("some");
|
| 40 |
} |
| 41 |
var _6=function(){ |
| 42 |
return dojo.xhrGet.apply(dojo,arguments); |
| 43 |
}; |
| 44 |
dojox.secure.sandbox=function(_7){ |
| 45 |
var _8=dojox.secure.DOM(_7);
|
| 46 |
_7=_8(_7); |
| 47 |
var _9=_7.ownerDocument;
|
| 48 |
var _a,_b=dojox.secure._safeDojoFunctions(_7,_8);
|
| 49 |
var _c=[];
|
| 50 |
var _d=["isNaN","isFinite","parseInt","parseFloat","escape","unescape","encodeURI","encodeURIComponent","decodeURI","decodeURIComponent","alert","confirm","prompt","Error","EvalError","RangeError","ReferenceError","SyntaxError","TypeError","Date","RegExp","Number","Object","Array","String","Math","setTimeout","setInterval","clearTimeout","clearInterval","dojo","get","set","forEach","load","evaluate"]; |
| 51 |
for(var i in _b){ |
| 52 |
_d.push(i); |
| 53 |
_c.push("var "+i+"=dojo."+i); |
| 54 |
} |
| 55 |
eval(_c.join(";"));
|
| 56 |
function _e(_f,_10){ |
| 57 |
_10=""+_10;
|
| 58 |
if(dojox.secure.badProps.test(_10)){
|
| 59 |
throw new Error("bad property access"); |
| 60 |
} |
| 61 |
if(_f.__get__){
|
| 62 |
return _f.__get__(_10);
|
| 63 |
} |
| 64 |
return _f[_10];
|
| 65 |
}; |
| 66 |
function set(obj,_11,_12){ |
| 67 |
_11=""+_11;
|
| 68 |
_e(obj,_11); |
| 69 |
if(obj.__set){
|
| 70 |
return obj.__set(_11);
|
| 71 |
} |
| 72 |
obj[_11]=_12; |
| 73 |
return _12;
|
| 74 |
}; |
| 75 |
function _13(obj,fun){ |
| 76 |
if(typeof fun!="function"){ |
| 77 |
throw new TypeError(); |
| 78 |
} |
| 79 |
if("length" in obj){ |
| 80 |
if(obj.__get__){
|
| 81 |
var len=obj.__get__("length"); |
| 82 |
for(var i=0;i<len;i++){ |
| 83 |
if(i in obj){ |
| 84 |
fun.call(obj,obj.__get__(i),i,obj); |
| 85 |
} |
| 86 |
} |
| 87 |
}else{
|
| 88 |
len=obj.length; |
| 89 |
for(i=0;i<len;i++){ |
| 90 |
if(i in obj){ |
| 91 |
fun.call(obj,obj[i],i,obj); |
| 92 |
} |
| 93 |
} |
| 94 |
} |
| 95 |
}else{
|
| 96 |
for(i in obj){ |
| 97 |
fun.call(obj,_e(obj,i),i,obj); |
| 98 |
} |
| 99 |
} |
| 100 |
}; |
| 101 |
function _14(_15,_16,_17){ |
| 102 |
var _18,_19,_1a;
|
| 103 |
var arg;
|
| 104 |
for(var i=0,l=arguments.length;typeof (arg=arguments[i])=="function"&&i<l;i++){ |
| 105 |
if(_18){
|
| 106 |
_a(_18,arg.prototype); |
| 107 |
}else{
|
| 108 |
_19=arg; |
| 109 |
var F=function(){ |
| 110 |
}; |
| 111 |
F.prototype=arg.prototype; |
| 112 |
_18=new F;
|
| 113 |
} |
| 114 |
} |
| 115 |
if(arg){
|
| 116 |
for(var j in arg){ |
| 117 |
var _1b=arg[j];
|
| 118 |
if(typeof _1b=="function"){ |
| 119 |
arg[j]=function(){
|
| 120 |
if(this instanceof _14){ |
| 121 |
return arguments.callee.__rawMethod__.apply(this,arguments); |
| 122 |
} |
| 123 |
throw new Error("Method called on wrong object"); |
| 124 |
}; |
| 125 |
arg[j].__rawMethod__=_1b; |
| 126 |
} |
| 127 |
} |
| 128 |
if(arg.hasOwnProperty("constructor")){ |
| 129 |
_1a=arg.constructor; |
| 130 |
} |
| 131 |
} |
| 132 |
_18=_18?_a(_18,arg):arg; |
| 133 |
function _14(){ |
| 134 |
if(_19){
|
| 135 |
_19.apply(this,arguments); |
| 136 |
} |
| 137 |
if(_1a){
|
| 138 |
_1a.apply(this,arguments); |
| 139 |
} |
| 140 |
}; |
| 141 |
_a(_14,arguments[i]);
|
| 142 |
_18.constructor=_14; |
| 143 |
_14.prototype=_18; |
| 144 |
return _14;
|
| 145 |
}; |
| 146 |
function _1c(_1d){ |
| 147 |
if(typeof _1d!="function"){ |
| 148 |
throw new Error("String is not allowed in setTimeout/setInterval"); |
| 149 |
} |
| 150 |
}; |
| 151 |
function _1e(_1f,_20){ |
| 152 |
_1c(_1f); |
| 153 |
return _1(_1f,_20);
|
| 154 |
}; |
| 155 |
function _21(_22,_23){ |
| 156 |
_1c(_22); |
| 157 |
return _2(_22,_23);
|
| 158 |
}; |
| 159 |
function _24(_25){ |
| 160 |
return _8.evaluate(_25);
|
| 161 |
}; |
| 162 |
var _26=_8.load=function(url){ |
| 163 |
if(url.match(/^[\w\s]*:/)){ |
| 164 |
throw new Error("Access denied to cross-site requests"); |
| 165 |
} |
| 166 |
return _6({url:(new _b._Url(_8.rootUrl,url))+"",secure:true}); |
| 167 |
}; |
| 168 |
_8.evaluate=function(_27){ |
| 169 |
dojox.secure.capability.validate(_27,_d,{document:1,element:1});
|
| 170 |
if(_27.match(/^\s*[\[\{]/)){ |
| 171 |
var _28=eval("("+_27+")"); |
| 172 |
}else{
|
| 173 |
eval(_27); |
| 174 |
} |
| 175 |
}; |
| 176 |
return {loadJS:function(url){ |
| 177 |
_8.rootUrl=url; |
| 178 |
return _6({url:url,secure:true}).addCallback(function(_29){ |
| 179 |
_24(_29,_7); |
| 180 |
}); |
| 181 |
},loadHTML:function(url){ |
| 182 |
_8.rootUrl=url; |
| 183 |
return _6({url:url,secure:true}).addCallback(function(_2a){ |
| 184 |
_7.innerHTML=_2a; |
| 185 |
}); |
| 186 |
},evaluate:function(_2b){ |
| 187 |
return _8.evaluate(_2b);
|
| 188 |
}}; |
| 189 |
}; |
| 190 |
})(); |
| 191 |
dojox.secure._safeDojoFunctions=function(_2c,_2d){ |
| 192 |
var _2e=["mixin","require","isString","isArray","isFunction","isObject","isArrayLike","isAlien","hitch","delegate","partial","trim","disconnect","subscribe","unsubscribe","Deferred","toJson","style","attr"]; |
| 193 |
var doc=_2c.ownerDocument;
|
| 194 |
var _2f=dojox.secure.unwrap;
|
| 195 |
dojo.NodeList.prototype.addContent.safetyCheck=function(_30){ |
| 196 |
_2d.safeHTML(_30); |
| 197 |
}; |
| 198 |
dojo.NodeList.prototype.style.safetyCheck=function(_31,_32){ |
| 199 |
if(_31=="behavior"){ |
| 200 |
throw new Error("Can not set behavior"); |
| 201 |
} |
| 202 |
_2d.safeCSS(_32); |
| 203 |
}; |
| 204 |
dojo.NodeList.prototype.attr.safetyCheck=function(_33,_34){ |
| 205 |
if(_34&&(_33=="src"||_33=="href"||_33=="style")){ |
| 206 |
throw new Error("Illegal to set "+_33); |
| 207 |
} |
| 208 |
}; |
| 209 |
var _35={query:function(_36,_37){ |
| 210 |
return _2d(dojo.query(_36,_2f(_37||_2c)));
|
| 211 |
},connect:function(el,_38){ |
| 212 |
var obj=el;
|
| 213 |
arguments[0]=_2f(el); |
| 214 |
if(obj!=arguments[0]&&_38.substring(0,2)!="on"){ |
| 215 |
throw new Error("Invalid event name for element"); |
| 216 |
} |
| 217 |
return dojo.connect.apply(dojo,arguments); |
| 218 |
},body:function(){ |
| 219 |
return _2c;
|
| 220 |
},byId:function(id){ |
| 221 |
return _2c.ownerDocument.getElementById(id);
|
| 222 |
},fromJson:function(str){ |
| 223 |
dojox.secure.capability.validate(str,[],{});
|
| 224 |
return dojo.fromJson(str);
|
| 225 |
}}; |
| 226 |
for(var i=0;i<_2e.length;i++){ |
| 227 |
_35[_2e[i]]=dojo[_2e[i]]; |
| 228 |
} |
| 229 |
return _35;
|
| 230 |
}; |
| 231 |
} |