summaryrefslogtreecommitdiff
path: root/frontend/beta/js/Clipperz/Base.js
Unidiff
Diffstat (limited to 'frontend/beta/js/Clipperz/Base.js') (more/less context) (ignore whitespace changes)
-rw-r--r--frontend/beta/js/Clipperz/Base.js28
1 files changed, 28 insertions, 0 deletions
diff --git a/frontend/beta/js/Clipperz/Base.js b/frontend/beta/js/Clipperz/Base.js
index cf40314..1c6faa1 100644
--- a/frontend/beta/js/Clipperz/Base.js
+++ b/frontend/beta/js/Clipperz/Base.js
@@ -153,151 +153,179 @@ MochiKit.Base.update(Clipperz.Base, {
153 } else { 153 } else {
154 result = typeof(anObject); 154 result = typeof(anObject);
155 155
156 if (result == "object") { 156 if (result == "object") {
157 if (anObject instanceof Array) { 157 if (anObject instanceof Array) {
158 result = 'array' 158 result = 'array'
159 } else if (anObject.constructor == Boolean) { 159 } else if (anObject.constructor == Boolean) {
160 result = 'boolean' 160 result = 'boolean'
161 } else if (anObject instanceof Date) { 161 } else if (anObject instanceof Date) {
162 result = 'date' 162 result = 'date'
163 } else if (anObject instanceof Error) { 163 } else if (anObject instanceof Error) {
164 result = 'error' 164 result = 'error'
165 } else if (anObject instanceof Function) { 165 } else if (anObject instanceof Function) {
166 result = 'function' 166 result = 'function'
167 } else if (anObject.constructor == Number) { 167 } else if (anObject.constructor == Number) {
168 result = 'number' 168 result = 'number'
169 } else if (anObject.constructor == String) { 169 } else if (anObject.constructor == String) {
170 result = 'string' 170 result = 'string'
171 } else if (anObject instanceof Object) { 171 } else if (anObject instanceof Object) {
172 result = 'object' 172 result = 'object'
173 } else { 173 } else {
174 throw Clipperz.Base.exception.UnknownType; 174 throw Clipperz.Base.exception.UnknownType;
175 } 175 }
176 } 176 }
177 } 177 }
178 178
179 return result; 179 return result;
180 }, 180 },
181 181
182 //------------------------------------------------------------------------- 182 //-------------------------------------------------------------------------
183 183
184 'escapeHTML': function(aValue) { 184 'escapeHTML': function(aValue) {
185 var result; 185 var result;
186 186
187 result = aValue; 187 result = aValue;
188 result = result.replace(/</g, "&lt;"); 188 result = result.replace(/</g, "&lt;");
189 result = result.replace(/>/g, "&gt;"); 189 result = result.replace(/>/g, "&gt;");
190 190
191 return result; 191 return result;
192 }, 192 },
193 193
194 //------------------------------------------------------------------------- 194 //-------------------------------------------------------------------------
195 195
196 'deepClone': function(anObject) { 196 'deepClone': function(anObject) {
197 var result; 197 var result;
198 198
199 result = Clipperz.Base.evalJSON(Clipperz.Base.serializeJSON(anObject)); 199 result = Clipperz.Base.evalJSON(Clipperz.Base.serializeJSON(anObject));
200 200
201 return result; 201 return result;
202 }, 202 },
203 203
204 //------------------------------------------------------------------------- 204 //-------------------------------------------------------------------------
205 205
206 'evalJSON': function(aString) { 206 'evalJSON': function(aString) {
207/* 207/*
208 var result; 208 var result;
209 209
210 //check for XSS injection 210 //check for XSS injection
211 if (/<script>/.test(aString)) { 211 if (/<script>/.test(aString)) {
212 throw "error"; 212 throw "error";
213 } 213 }
214 214
215 if (/<iframe>/.test(aString)) { 215 if (/<iframe>/.test(aString)) {
216 throw "error"; 216 throw "error";
217 } 217 }
218 218
219 result = MochiKit.Base.evalJSON(aString); 219 result = MochiKit.Base.evalJSON(aString);
220 220
221 return result; 221 return result;
222*/ 222*/
223 223
224 // return MochiKit.Base.evalJSON(aString); 224 // return MochiKit.Base.evalJSON(aString);
225 return JSON2.parse(aString); 225 return JSON2.parse(aString);
226 }, 226 },
227 227
228 'serializeJSON': function(anObject) { 228 'serializeJSON': function(anObject) {
229 // return MochiKit.Base.serializeJSON(anObject); 229 // return MochiKit.Base.serializeJSON(anObject);
230 return JSON2.stringify(anObject); 230 return JSON2.stringify(anObject);
231 }, 231 },
232 232
233 //------------------------------------------------------------------------- 233 //-------------------------------------------------------------------------
234 234
235 'sanitizeString': function(aValue) { 235 'sanitizeString': function(aValue) {
236 var result; 236 var result;
237 237
238 if (Clipperz.Base.objectType(aValue) == 'string') { 238 if (Clipperz.Base.objectType(aValue) == 'string') {
239 result = aValue; 239 result = aValue;
240 result = result.replace(/</img,"&lt;"); 240 result = result.replace(/</img,"&lt;");
241 result = result.replace(/>/img,"&gt;"); 241 result = result.replace(/>/img,"&gt;");
242 } else { 242 } else {
243 result = aValue; 243 result = aValue;
244 } 244 }
245 245
246 return result; 246 return result;
247 }, 247 },
248 248
249 'javascriptInjectionPattern': new RegExp("javascript:\/\/\"", "g"),
250
251 'sanitizeUrl': function(aValue) {
252 varresult;
253
254 if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
255 result = aValue.replace(this.javascriptInjectionPattern, '');
256 console.log("sanitized url", aValue, result);
257 } else {
258 result = aValue;
259 }
260
261 return result;
262 },
263
264 'sanitizeFavicon': function(aValue) {
265 varresult;
266
267 if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
268 result = aValue.replace(this.javascriptInjectionPattern, '');
269 console.log("sanitized favicon", aValue, result);
270 } else {
271 result = aValue;
272 }
273
274 return result;
275 },
276
249 //------------------------------------------------------------------------- 277 //-------------------------------------------------------------------------
250 278
251 'exception': { 279 'exception': {
252 'AbstractMethod': new MochiKit.Base.NamedError("Clipperz.Base.exception.AbstractMethod"), 280 'AbstractMethod': new MochiKit.Base.NamedError("Clipperz.Base.exception.AbstractMethod"),
253 'UnknownType': new MochiKit.Base.NamedError("Clipperz.Base.exception.UnknownType"), 281 'UnknownType': new MochiKit.Base.NamedError("Clipperz.Base.exception.UnknownType"),
254 'VulnerabilityIssue':new MochiKit.Base.NamedError("Clipperz.Base.exception.VulnerabilityIssue") 282 'VulnerabilityIssue':new MochiKit.Base.NamedError("Clipperz.Base.exception.VulnerabilityIssue")
255 }, 283 },
256 284
257 //------------------------------------------------------------------------- 285 //-------------------------------------------------------------------------
258 __syntaxFix__: "syntax fix" 286 __syntaxFix__: "syntax fix"
259 287
260}); 288});
261 289
262 290
263 291
264MochiKit.Base.registerComparator('Object dummy comparator', 292MochiKit.Base.registerComparator('Object dummy comparator',
265 function(a, b) { 293 function(a, b) {
266 return ((a.constructor == Object) && (b.constructor == Object)); 294 return ((a.constructor == Object) && (b.constructor == Object));
267 }, 295 },
268 function(a, b) { 296 function(a, b) {
269 var result; 297 var result;
270 var aKeys; 298 var aKeys;
271 var bKeys; 299 var bKeys;
272 300
273//MochiKit.Logging.logDebug(">>> comparator"); 301//MochiKit.Logging.logDebug(">>> comparator");
274//MochiKit.Logging.logDebug("- a: " + Clipperz.Base.serializeJSON(a)); 302//MochiKit.Logging.logDebug("- a: " + Clipperz.Base.serializeJSON(a));
275//MochiKit.Logging.logDebug("- b: " + Clipperz.Base.serializeJSON(a)); 303//MochiKit.Logging.logDebug("- b: " + Clipperz.Base.serializeJSON(a));
276 aKeys = MochiKit.Base.keys(a).sort(); 304 aKeys = MochiKit.Base.keys(a).sort();
277 bKeys = MochiKit.Base.keys(b).sort(); 305 bKeys = MochiKit.Base.keys(b).sort();
278 306
279 result = MochiKit.Base.compare(aKeys, bKeys); 307 result = MochiKit.Base.compare(aKeys, bKeys);
280//if (result != 0) { 308//if (result != 0) {
281 //MochiKit.Logging.logDebug("- comparator 'keys':"); 309 //MochiKit.Logging.logDebug("- comparator 'keys':");
282 //MochiKit.Logging.logDebug("- comparator aKeys: " + Clipperz.Base.serializeJSON(aKeys)); 310 //MochiKit.Logging.logDebug("- comparator aKeys: " + Clipperz.Base.serializeJSON(aKeys));
283 //MochiKit.Logging.logDebug("- comparator bKeys: " + Clipperz.Base.serializeJSON(bKeys)); 311 //MochiKit.Logging.logDebug("- comparator bKeys: " + Clipperz.Base.serializeJSON(bKeys));
284//} 312//}
285 if (result == 0) { 313 if (result == 0) {
286 vari, c; 314 vari, c;
287 315
288 c = aKeys.length; 316 c = aKeys.length;
289 for (i=0; (i<c) && (result == 0); i++) { 317 for (i=0; (i<c) && (result == 0); i++) {
290 result = MochiKit.Base.compare(a[aKeys[i]], b[bKeys[i]]); 318 result = MochiKit.Base.compare(a[aKeys[i]], b[bKeys[i]]);
291//if (result != 0) { 319//if (result != 0) {
292 //MochiKit.Logging.logDebug("- comparator 'values':"); 320 //MochiKit.Logging.logDebug("- comparator 'values':");
293 //MochiKit.Logging.logDebug("- comparator a[aKeys[i]]: " + Clipperz.Base.serializeJSON(a[aKeys[i]])); 321 //MochiKit.Logging.logDebug("- comparator a[aKeys[i]]: " + Clipperz.Base.serializeJSON(a[aKeys[i]]));
294 //MochiKit.Logging.logDebug("- comparator b[bKeys[i]]: " + Clipperz.Base.serializeJSON(b[bKeys[i]])); 322 //MochiKit.Logging.logDebug("- comparator b[bKeys[i]]: " + Clipperz.Base.serializeJSON(b[bKeys[i]]));
295//} 323//}
296 } 324 }
297 } 325 }
298 326
299//MochiKit.Logging.logDebug("<<< comparator - result: " + result); 327//MochiKit.Logging.logDebug("<<< comparator - result: " + result);
300 return result; 328 return result;
301 }, 329 },
302 true 330 true
303); 331);