| author | Michael Krelin <hacker@klever.net> | 2014-06-30 18:20:13 (UTC) |
|---|---|---|
| committer | Michael Krelin <hacker@klever.net> | 2014-06-30 18:20:13 (UTC) |
| commit | c392fe28606eefa0c814e5c25d641f5ffe623186 (patch) (side-by-side diff) | |
| tree | da03fe13ca09fadbebbad9b5d38750757270bae8 /frontend/beta/js/Clipperz/Base.js | |
| parent | d341307d346dee62ee36b27f0f93b8f000748a96 (diff) | |
| parent | 6dd16d9359e3a4dc306802588b09acd43947a606 (diff) | |
| download | clipperz-c392fe28606eefa0c814e5c25d641f5ffe623186.zip clipperz-c392fe28606eefa0c814e5c25d641f5ffe623186.tar.gz clipperz-c392fe28606eefa0c814e5c25d641f5ffe623186.tar.bz2 | |
Merge remote-tracking branch 'github/master' into nmaster
Diffstat (limited to 'frontend/beta/js/Clipperz/Base.js') (more/less context) (ignore whitespace changes)
| -rw-r--r-- | frontend/beta/js/Clipperz/Base.js | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/frontend/beta/js/Clipperz/Base.js b/frontend/beta/js/Clipperz/Base.js index cf40314..1c6faa1 100644 --- a/frontend/beta/js/Clipperz/Base.js +++ b/frontend/beta/js/Clipperz/Base.js @@ -57,247 +57,275 @@ MochiKit.Base.update(Clipperz.Base, { c = aValue.length; for (i=0; i<c; i++) { result[i] = aValue.charCodeAt(i); } return result; }, //......................................................................... 'byteArrayToString': function (anArrayOfBytes) { var result; var i, c; result = ""; c = anArrayOfBytes.length; for (i=0; i<c; i++) { result += String.fromCharCode(anArrayOfBytes[i]); } return result; }, //------------------------------------------------------------------------- 'getValueForKeyInFormContent': function (aFormContent, aKey) { return aFormContent[1][MochiKit.Base.find(aFormContent[0], aKey)]; }, //------------------------------------------------------------------------- 'indexOfObjectInArray': function(anObject, anArray) { var result; var i, c; result = -1; c = anArray.length; for (i=0; ((i<c) && (result < 0)); i++) { if (anArray[i] === anObject) { result = i; } } return result; }, 'removeObjectAtIndexFromArray': function(anIndex, anArray) { anArray.splice(anIndex, 1); }, 'removeObjectFromArray': function(anObject, anArray) { var objectIndex; objectIndex = Clipperz.Base.indexOfObjectInArray(anObject, anArray); if (objectIndex > -1) { Clipperz.Base.removeObjectAtIndexFromArray(objectIndex, anArray); } else { // jslog.error("Trying to remove an object not present in the array"); // TODO: raise an exception } }, 'removeFromArray': function(anArray, anObject) { return Clipperz.Base.removeObjectFromArray(anObject, anArray); }, //------------------------------------------------------------------------- 'splitStringAtFixedTokenSize': function(aString, aTokenSize) { var result; var stringToProcess; stringToProcess = aString; result = []; if (stringToProcess != null) { while (stringToProcess.length > aTokenSize) { result.push(stringToProcess.substring(0, aTokenSize)); stringToProcess = stringToProcess.substring(aTokenSize); } result.push(stringToProcess); } return result; }, //------------------------------------------------------------------------- 'objectType': function(anObject) { var result; if (anObject == null) { result = null; } else { result = typeof(anObject); if (result == "object") { if (anObject instanceof Array) { result = 'array' } else if (anObject.constructor == Boolean) { result = 'boolean' } else if (anObject instanceof Date) { result = 'date' } else if (anObject instanceof Error) { result = 'error' } else if (anObject instanceof Function) { result = 'function' } else if (anObject.constructor == Number) { result = 'number' } else if (anObject.constructor == String) { result = 'string' } else if (anObject instanceof Object) { result = 'object' } else { throw Clipperz.Base.exception.UnknownType; } } } return result; }, //------------------------------------------------------------------------- 'escapeHTML': function(aValue) { var result; result = aValue; result = result.replace(/</g, "<"); result = result.replace(/>/g, ">"); return result; }, //------------------------------------------------------------------------- 'deepClone': function(anObject) { var result; result = Clipperz.Base.evalJSON(Clipperz.Base.serializeJSON(anObject)); return result; }, //------------------------------------------------------------------------- 'evalJSON': function(aString) { /* var result; // check for XSS injection if (/<script>/.test(aString)) { throw "error"; } if (/<iframe>/.test(aString)) { throw "error"; } result = MochiKit.Base.evalJSON(aString); return result; */ // return MochiKit.Base.evalJSON(aString); return JSON2.parse(aString); }, 'serializeJSON': function(anObject) { // return MochiKit.Base.serializeJSON(anObject); return JSON2.stringify(anObject); }, //------------------------------------------------------------------------- 'sanitizeString': function(aValue) { var result; if (Clipperz.Base.objectType(aValue) == 'string') { result = aValue; result = result.replace(/</img,"<"); result = result.replace(/>/img,">"); } else { result = aValue; } return result; }, + 'javascriptInjectionPattern': new RegExp("javascript:\/\/\"", "g"), + + 'sanitizeUrl': function(aValue) { + var result; + + if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) { + result = aValue.replace(this.javascriptInjectionPattern, ''); + console.log("sanitized url", aValue, result); + } else { + result = aValue; + } + + return result; + }, + + 'sanitizeFavicon': function(aValue) { + var result; + + if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) { + result = aValue.replace(this.javascriptInjectionPattern, ''); + console.log("sanitized favicon", aValue, result); + } else { + result = aValue; + } + + return result; + }, + //------------------------------------------------------------------------- 'exception': { 'AbstractMethod': new MochiKit.Base.NamedError("Clipperz.Base.exception.AbstractMethod"), 'UnknownType': new MochiKit.Base.NamedError("Clipperz.Base.exception.UnknownType"), 'VulnerabilityIssue': new MochiKit.Base.NamedError("Clipperz.Base.exception.VulnerabilityIssue") }, //------------------------------------------------------------------------- __syntaxFix__: "syntax fix" }); MochiKit.Base.registerComparator('Object dummy comparator', function(a, b) { return ((a.constructor == Object) && (b.constructor == Object)); }, function(a, b) { var result; var aKeys; var bKeys; //MochiKit.Logging.logDebug(">>> comparator"); //MochiKit.Logging.logDebug("- a: " + Clipperz.Base.serializeJSON(a)); //MochiKit.Logging.logDebug("- b: " + Clipperz.Base.serializeJSON(a)); aKeys = MochiKit.Base.keys(a).sort(); bKeys = MochiKit.Base.keys(b).sort(); result = MochiKit.Base.compare(aKeys, bKeys); //if (result != 0) { // MochiKit.Logging.logDebug("- comparator 'keys':"); // MochiKit.Logging.logDebug("- comparator aKeys: " + Clipperz.Base.serializeJSON(aKeys)); // MochiKit.Logging.logDebug("- comparator bKeys: " + Clipperz.Base.serializeJSON(bKeys)); //} if (result == 0) { var i, c; c = aKeys.length; for (i=0; (i<c) && (result == 0); i++) { result = MochiKit.Base.compare(a[aKeys[i]], b[bKeys[i]]); //if (result != 0) { // MochiKit.Logging.logDebug("- comparator 'values':"); // MochiKit.Logging.logDebug("- comparator a[aKeys[i]]: " + Clipperz.Base.serializeJSON(a[aKeys[i]])); // MochiKit.Logging.logDebug("- comparator b[bKeys[i]]: " + Clipperz.Base.serializeJSON(b[bKeys[i]])); //} } } //MochiKit.Logging.logDebug("<<< comparator - result: " + result); return result; }, true ); |