Diffstat (limited to 'frontend/beta/js/Clipperz/Base.js') (more/less context) (ignore whitespace changes)
| -rw-r--r-- | frontend/beta/js/Clipperz/Base.js | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/frontend/beta/js/Clipperz/Base.js b/frontend/beta/js/Clipperz/Base.js index cf40314..1c6faa1 100644 --- a/frontend/beta/js/Clipperz/Base.js +++ b/frontend/beta/js/Clipperz/Base.js | |||
| @@ -201,96 +201,124 @@ MochiKit.Base.update(Clipperz.Base, { | |||
| 201 | return result; | 201 | return result; |
| 202 | }, | 202 | }, |
| 203 | 203 | ||
| 204 | //------------------------------------------------------------------------- | 204 | //------------------------------------------------------------------------- |
| 205 | 205 | ||
| 206 | 'evalJSON': function(aString) { | 206 | 'evalJSON': function(aString) { |
| 207 | /* | 207 | /* |
| 208 | var result; | 208 | var result; |
| 209 | 209 | ||
| 210 | //check for XSS injection | 210 | //check for XSS injection |
| 211 | if (/<script>/.test(aString)) { | 211 | if (/<script>/.test(aString)) { |
| 212 | throw "error"; | 212 | throw "error"; |
| 213 | } | 213 | } |
| 214 | 214 | ||
| 215 | if (/<iframe>/.test(aString)) { | 215 | if (/<iframe>/.test(aString)) { |
| 216 | throw "error"; | 216 | throw "error"; |
| 217 | } | 217 | } |
| 218 | 218 | ||
| 219 | result = MochiKit.Base.evalJSON(aString); | 219 | result = MochiKit.Base.evalJSON(aString); |
| 220 | 220 | ||
| 221 | return result; | 221 | return result; |
| 222 | */ | 222 | */ |
| 223 | 223 | ||
| 224 | // return MochiKit.Base.evalJSON(aString); | 224 | // return MochiKit.Base.evalJSON(aString); |
| 225 | return JSON2.parse(aString); | 225 | return JSON2.parse(aString); |
| 226 | }, | 226 | }, |
| 227 | 227 | ||
| 228 | 'serializeJSON': function(anObject) { | 228 | 'serializeJSON': function(anObject) { |
| 229 | // return MochiKit.Base.serializeJSON(anObject); | 229 | // return MochiKit.Base.serializeJSON(anObject); |
| 230 | return JSON2.stringify(anObject); | 230 | return JSON2.stringify(anObject); |
| 231 | }, | 231 | }, |
| 232 | 232 | ||
| 233 | //------------------------------------------------------------------------- | 233 | //------------------------------------------------------------------------- |
| 234 | 234 | ||
| 235 | 'sanitizeString': function(aValue) { | 235 | 'sanitizeString': function(aValue) { |
| 236 | var result; | 236 | var result; |
| 237 | 237 | ||
| 238 | if (Clipperz.Base.objectType(aValue) == 'string') { | 238 | if (Clipperz.Base.objectType(aValue) == 'string') { |
| 239 | result = aValue; | 239 | result = aValue; |
| 240 | result = result.replace(/</img,"<"); | 240 | result = result.replace(/</img,"<"); |
| 241 | result = result.replace(/>/img,">"); | 241 | result = result.replace(/>/img,">"); |
| 242 | } else { | 242 | } else { |
| 243 | result = aValue; | 243 | result = aValue; |
| 244 | } | 244 | } |
| 245 | 245 | ||
| 246 | return result; | 246 | return result; |
| 247 | }, | 247 | }, |
| 248 | 248 | ||
| 249 | 'javascriptInjectionPattern': new RegExp("javascript:\/\/\"", "g"), | ||
| 250 | |||
| 251 | 'sanitizeUrl': function(aValue) { | ||
| 252 | varresult; | ||
| 253 | |||
| 254 | if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) { | ||
| 255 | result = aValue.replace(this.javascriptInjectionPattern, ''); | ||
| 256 | console.log("sanitized url", aValue, result); | ||
| 257 | } else { | ||
| 258 | result = aValue; | ||
| 259 | } | ||
| 260 | |||
| 261 | return result; | ||
| 262 | }, | ||
| 263 | |||
| 264 | 'sanitizeFavicon': function(aValue) { | ||
| 265 | varresult; | ||
| 266 | |||
| 267 | if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) { | ||
| 268 | result = aValue.replace(this.javascriptInjectionPattern, ''); | ||
| 269 | console.log("sanitized favicon", aValue, result); | ||
| 270 | } else { | ||
| 271 | result = aValue; | ||
| 272 | } | ||
| 273 | |||
| 274 | return result; | ||
| 275 | }, | ||
| 276 | |||
| 249 | //------------------------------------------------------------------------- | 277 | //------------------------------------------------------------------------- |
| 250 | 278 | ||
| 251 | 'exception': { | 279 | 'exception': { |
| 252 | 'AbstractMethod': new MochiKit.Base.NamedError("Clipperz.Base.exception.AbstractMethod"), | 280 | 'AbstractMethod': new MochiKit.Base.NamedError("Clipperz.Base.exception.AbstractMethod"), |
| 253 | 'UnknownType': new MochiKit.Base.NamedError("Clipperz.Base.exception.UnknownType"), | 281 | 'UnknownType': new MochiKit.Base.NamedError("Clipperz.Base.exception.UnknownType"), |
| 254 | 'VulnerabilityIssue':new MochiKit.Base.NamedError("Clipperz.Base.exception.VulnerabilityIssue") | 282 | 'VulnerabilityIssue':new MochiKit.Base.NamedError("Clipperz.Base.exception.VulnerabilityIssue") |
| 255 | }, | 283 | }, |
| 256 | 284 | ||
| 257 | //------------------------------------------------------------------------- | 285 | //------------------------------------------------------------------------- |
| 258 | __syntaxFix__: "syntax fix" | 286 | __syntaxFix__: "syntax fix" |
| 259 | 287 | ||
| 260 | }); | 288 | }); |
| 261 | 289 | ||
| 262 | 290 | ||
| 263 | 291 | ||
| 264 | MochiKit.Base.registerComparator('Object dummy comparator', | 292 | MochiKit.Base.registerComparator('Object dummy comparator', |
| 265 | function(a, b) { | 293 | function(a, b) { |
| 266 | return ((a.constructor == Object) && (b.constructor == Object)); | 294 | return ((a.constructor == Object) && (b.constructor == Object)); |
| 267 | }, | 295 | }, |
| 268 | function(a, b) { | 296 | function(a, b) { |
| 269 | var result; | 297 | var result; |
| 270 | var aKeys; | 298 | var aKeys; |
| 271 | var bKeys; | 299 | var bKeys; |
| 272 | 300 | ||
| 273 | //MochiKit.Logging.logDebug(">>> comparator"); | 301 | //MochiKit.Logging.logDebug(">>> comparator"); |
| 274 | //MochiKit.Logging.logDebug("- a: " + Clipperz.Base.serializeJSON(a)); | 302 | //MochiKit.Logging.logDebug("- a: " + Clipperz.Base.serializeJSON(a)); |
| 275 | //MochiKit.Logging.logDebug("- b: " + Clipperz.Base.serializeJSON(a)); | 303 | //MochiKit.Logging.logDebug("- b: " + Clipperz.Base.serializeJSON(a)); |
| 276 | aKeys = MochiKit.Base.keys(a).sort(); | 304 | aKeys = MochiKit.Base.keys(a).sort(); |
| 277 | bKeys = MochiKit.Base.keys(b).sort(); | 305 | bKeys = MochiKit.Base.keys(b).sort(); |
| 278 | 306 | ||
| 279 | result = MochiKit.Base.compare(aKeys, bKeys); | 307 | result = MochiKit.Base.compare(aKeys, bKeys); |
| 280 | //if (result != 0) { | 308 | //if (result != 0) { |
| 281 | //MochiKit.Logging.logDebug("- comparator 'keys':"); | 309 | //MochiKit.Logging.logDebug("- comparator 'keys':"); |
| 282 | //MochiKit.Logging.logDebug("- comparator aKeys: " + Clipperz.Base.serializeJSON(aKeys)); | 310 | //MochiKit.Logging.logDebug("- comparator aKeys: " + Clipperz.Base.serializeJSON(aKeys)); |
| 283 | //MochiKit.Logging.logDebug("- comparator bKeys: " + Clipperz.Base.serializeJSON(bKeys)); | 311 | //MochiKit.Logging.logDebug("- comparator bKeys: " + Clipperz.Base.serializeJSON(bKeys)); |
| 284 | //} | 312 | //} |
| 285 | if (result == 0) { | 313 | if (result == 0) { |
| 286 | vari, c; | 314 | vari, c; |
| 287 | 315 | ||
| 288 | c = aKeys.length; | 316 | c = aKeys.length; |
| 289 | for (i=0; (i<c) && (result == 0); i++) { | 317 | for (i=0; (i<c) && (result == 0); i++) { |
| 290 | result = MochiKit.Base.compare(a[aKeys[i]], b[bKeys[i]]); | 318 | result = MochiKit.Base.compare(a[aKeys[i]], b[bKeys[i]]); |
| 291 | //if (result != 0) { | 319 | //if (result != 0) { |
| 292 | //MochiKit.Logging.logDebug("- comparator 'values':"); | 320 | //MochiKit.Logging.logDebug("- comparator 'values':"); |
| 293 | //MochiKit.Logging.logDebug("- comparator a[aKeys[i]]: " + Clipperz.Base.serializeJSON(a[aKeys[i]])); | 321 | //MochiKit.Logging.logDebug("- comparator a[aKeys[i]]: " + Clipperz.Base.serializeJSON(a[aKeys[i]])); |
| 294 | //MochiKit.Logging.logDebug("- comparator b[bKeys[i]]: " + Clipperz.Base.serializeJSON(b[bKeys[i]])); | 322 | //MochiKit.Logging.logDebug("- comparator b[bKeys[i]]: " + Clipperz.Base.serializeJSON(b[bKeys[i]])); |
| 295 | //} | 323 | //} |
| 296 | } | 324 | } |