summaryrefslogtreecommitdiff
path: root/frontend
Unidiff
Diffstat (limited to 'frontend') (more/less context) (ignore whitespace changes)
-rw-r--r--frontend/beta/js/Clipperz/Base.js28
-rw-r--r--frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js2
-rw-r--r--frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js4
-rw-r--r--frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js22
-rw-r--r--frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js2
5 files changed, 47 insertions, 11 deletions
diff --git a/frontend/beta/js/Clipperz/Base.js b/frontend/beta/js/Clipperz/Base.js
index cf40314..1c6faa1 100644
--- a/frontend/beta/js/Clipperz/Base.js
+++ b/frontend/beta/js/Clipperz/Base.js
@@ -237,24 +237,52 @@ MochiKit.Base.update(Clipperz.Base, {
237 237
238 if (Clipperz.Base.objectType(aValue) == 'string') { 238 if (Clipperz.Base.objectType(aValue) == 'string') {
239 result = aValue; 239 result = aValue;
240 result = result.replace(/</img,"&lt;"); 240 result = result.replace(/</img,"&lt;");
241 result = result.replace(/>/img,"&gt;"); 241 result = result.replace(/>/img,"&gt;");
242 } else { 242 } else {
243 result = aValue; 243 result = aValue;
244 } 244 }
245 245
246 return result; 246 return result;
247 }, 247 },
248 248
249 'javascriptInjectionPattern': new RegExp("javascript:\/\/\"", "g"),
250
251 'sanitizeUrl': function(aValue) {
252 varresult;
253
254 if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
255 result = aValue.replace(this.javascriptInjectionPattern, '');
256 console.log("sanitized url", aValue, result);
257 } else {
258 result = aValue;
259 }
260
261 return result;
262 },
263
264 'sanitizeFavicon': function(aValue) {
265 varresult;
266
267 if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
268 result = aValue.replace(this.javascriptInjectionPattern, '');
269 console.log("sanitized favicon", aValue, result);
270 } else {
271 result = aValue;
272 }
273
274 return result;
275 },
276
249 //------------------------------------------------------------------------- 277 //-------------------------------------------------------------------------
250 278
251 'exception': { 279 'exception': {
252 'AbstractMethod': new MochiKit.Base.NamedError("Clipperz.Base.exception.AbstractMethod"), 280 'AbstractMethod': new MochiKit.Base.NamedError("Clipperz.Base.exception.AbstractMethod"),
253 'UnknownType': new MochiKit.Base.NamedError("Clipperz.Base.exception.UnknownType"), 281 'UnknownType': new MochiKit.Base.NamedError("Clipperz.Base.exception.UnknownType"),
254 'VulnerabilityIssue':new MochiKit.Base.NamedError("Clipperz.Base.exception.VulnerabilityIssue") 282 'VulnerabilityIssue':new MochiKit.Base.NamedError("Clipperz.Base.exception.VulnerabilityIssue")
255 }, 283 },
256 284
257 //------------------------------------------------------------------------- 285 //-------------------------------------------------------------------------
258 __syntaxFix__: "syntax fix" 286 __syntaxFix__: "syntax fix"
259 287
260}); 288});
diff --git a/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js b/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js
index 2295d3f..369b9ce 100644
--- a/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js
+++ b/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js
@@ -129,25 +129,25 @@ Clipperz.PM.BookmarkletProcessor.prototype = MochiKit.Base.update(null, {
129 }, this.fields()) 129 }, this.fields())
130 } 130 }
131 131
132 return this._editableFields; 132 return this._editableFields;
133 }, 133 },
134 134
135 //------------------------------------------------------------------------- 135 //-------------------------------------------------------------------------
136 136
137 'hostname': function() { 137 'hostname': function() {
138 if (this._hostname == null) { 138 if (this._hostname == null) {
139 var actionUrl; 139 var actionUrl;
140 140
141 actionUrl = this.configuration()['form']['attributes']['action']; 141 actionUrl = Clipperz.Base.sanitizeUrl(this.configuration()['form']['attributes']['action']);
142//MochiKit.Logging.logDebug("+++ actionUrl: " + actionUrl); 142//MochiKit.Logging.logDebug("+++ actionUrl: " + actionUrl);
143 this._hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1'); 143 this._hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1');
144 } 144 }
145 145
146 return this._hostname; 146 return this._hostname;
147 }, 147 },
148 148
149 'favicon': function() { 149 'favicon': function() {
150 if (this._favicon == null) { 150 if (this._favicon == null) {
151 this._favicon = "http://" + this.hostname() + "/favicon.ico"; 151 this._favicon = "http://" + this.hostname() + "/favicon.ico";
152//MochiKit.Logging.logDebug("+++ favicon: " + this._favicon); 152//MochiKit.Logging.logDebug("+++ favicon: " + this._favicon);
153 } 153 }
diff --git a/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js b/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js
index 0e4640e..a5a4697 100644
--- a/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js
+++ b/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js
@@ -91,25 +91,25 @@ YAHOO.extendX(Clipperz.PM.Components.RecordDetail.DirectLoginBindingComponent, C
91 varresult; 91 varresult;
92 var option; 92 var option;
93 varrecordFieldKey; 93 varrecordFieldKey;
94 varrecordFields; 94 varrecordFields;
95 95
96//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.recordFieldOptions"); 96//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.recordFieldOptions");
97 recordFields = this.directLoginBinding().directLogin().record().currentVersion().fields(); 97 recordFields = this.directLoginBinding().directLogin().record().currentVersion().fields();
98 result = []; 98 result = [];
99 option = {tag:'option', value:null, html:'---'}; 99 option = {tag:'option', value:null, html:'---'};
100 result.push(option); 100 result.push(option);
101 for (recordFieldKey in recordFields) { 101 for (recordFieldKey in recordFields) {
102 //TODO: remove the value: field and replace it with element.dom.value = <some value> 102 //TODO: remove the value: field and replace it with element.dom.value = <some value>
103 option = {tag:'option', value:recordFieldKey, html:recordFields[recordFieldKey].label()} 103 option = {tag:'option', value:recordFieldKey, html:Clipperz.Base.sanitizeString(recordFields[recordFieldKey].label())}
104 if (recordFieldKey == this.directLoginBinding().fieldKey()) { 104 if (recordFieldKey == this.directLoginBinding().fieldKey()) {
105 option['selected'] = true; 105 option['selected'] = true;
106 } 106 }
107 result.push(option); 107 result.push(option);
108 } 108 }
109//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.recordFieldOptions"); 109//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.recordFieldOptions");
110 110
111 return result; 111 return result;
112 }, 112 },
113 113
114 //------------------------------------------------------------------------- 114 //-------------------------------------------------------------------------
115 115
@@ -141,25 +141,25 @@ YAHOO.extendX(Clipperz.PM.Components.RecordDetail.DirectLoginBindingComponent, C
141 141
142 this.getElement('editModeBox').show(); 142 this.getElement('editModeBox').show();
143//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateEditMode"); 143//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateEditMode");
144 }, 144 },
145 145
146 //------------------------------------------------------------------------- 146 //-------------------------------------------------------------------------
147 147
148 'updateViewMode': function() { 148 'updateViewMode': function() {
149//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.updateViewMode"); 149//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.updateViewMode");
150 this.getElement('editModeBox').hide(); 150 this.getElement('editModeBox').hide();
151 this.getElement('viewModeBox').show(); 151 this.getElement('viewModeBox').show();
152 152
153 this.getElement('viewValue').update(this.directLoginBinding().field().label()); 153 this.getElement('viewValue').update(Clipperz.Base.sanitizeString(this.directLoginBinding().field().label()));
154//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateViewMode"); 154//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateViewMode");
155 }, 155 },
156 156
157 //------------------------------------------------------------------------- 157 //-------------------------------------------------------------------------
158 158
159 'synchronizeComponentValues': function() { 159 'synchronizeComponentValues': function() {
160//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.synchronizeComponentValues") 160//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.synchronizeComponentValues")
161//MochiKit.Logging.logDebug("--- DirectLoginBindingComponent.synchronizeComponentValues - 1 - " + this.getId('select')); 161//MochiKit.Logging.logDebug("--- DirectLoginBindingComponent.synchronizeComponentValues - 1 - " + this.getId('select'));
162 this.directLoginBinding().setFieldKey(this.getDom('select').value); 162 this.directLoginBinding().setFieldKey(this.getDom('select').value);
163//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.synchronizeComponentValues"); 163//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.synchronizeComponentValues");
164 }, 164 },
165 165
diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js
index c0cfa3c..56d9d59 100644
--- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js
+++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js
@@ -29,25 +29,25 @@ if (typeof(Clipperz.PM.DataModel) == 'undefined') { Clipperz.PM.DataModel = {};
29//############################################################################# 29//#############################################################################
30 30
31Clipperz.PM.DataModel.DirectLogin = function(args) { 31Clipperz.PM.DataModel.DirectLogin = function(args) {
32//MochiKit.Logging.logDebug(">>> new Clipperz.PM.DataModel.DirectLogin"); 32//MochiKit.Logging.logDebug(">>> new Clipperz.PM.DataModel.DirectLogin");
33//console.log(">>> new Clipperz.PM.DataModel.DirectLogin - args: %o", args); 33//console.log(">>> new Clipperz.PM.DataModel.DirectLogin - args: %o", args);
34//console.log("--- formData: %s", Clipperz.Base.serializeJSON(args.formData)); 34//console.log("--- formData: %s", Clipperz.Base.serializeJSON(args.formData));
35 args = args || {}; 35 args = args || {};
36 36
37//MochiKit.Logging.logDebug("--- new Clipperz.PM.DataModel.DirectLogin - args: " + Clipperz.Base.serializeJSON(MochiKit.Base.keys(args))); 37//MochiKit.Logging.logDebug("--- new Clipperz.PM.DataModel.DirectLogin - args: " + Clipperz.Base.serializeJSON(MochiKit.Base.keys(args)));
38 this._record = args.record || null; 38 this._record = args.record || null;
39 this._label = args.label || "unnamed record" 39 this._label = args.label || "unnamed record"
40 this._reference = args.reference || Clipperz.PM.Crypto.randomKey(); 40 this._reference = args.reference || Clipperz.PM.Crypto.randomKey();
41 this._favicon = args.favicon || null; 41 this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null;
42 this._bookmarkletVersion = args.bookmarkletVersion || "0.1"; 42 this._bookmarkletVersion = args.bookmarkletVersion || "0.1";
43 43
44 this._directLoginInputs = null; 44 this._directLoginInputs = null;
45 45
46 this._formValues = args.formValues || {}; 46 this._formValues = args.formValues || {};
47 this.setFormData(args.formData || null); 47 this.setFormData(args.formData || null);
48//console.log("=== formData: %o", this.formData()); 48//console.log("=== formData: %o", this.formData());
49 49
50 if (args.legacyBindingData == null) { 50 if (args.legacyBindingData == null) {
51 this.setBindingData(args.bindingData || null); 51 this.setBindingData(args.bindingData || null);
52 } else { 52 } else {
53 this.setLegacyBindingData(args.legacyBindingData); 53 this.setLegacyBindingData(args.legacyBindingData);
@@ -93,27 +93,27 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
93 93
94 'setLabel': function(aValue) { 94 'setLabel': function(aValue) {
95 this._label = aValue; 95 this._label = aValue;
96 }, 96 },
97 97
98 //------------------------------------------------------------------------- 98 //-------------------------------------------------------------------------
99 99
100 'favicon': function() { 100 'favicon': function() {
101 if (this._favicon == null) { 101 if (this._favicon == null) {
102 varactionUrl; 102 varactionUrl;
103 var hostname; 103 var hostname;
104 104
105 actionUrl = this.formData()['attributes']['action']; 105 actionUrl = this.action();
106 hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1'); 106 hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1');
107 this._favicon = "http://" + hostname + "/favicon.ico"; 107 this._favicon = Clipperz.Base.sanitizeFavicon("http://" + hostname + "/favicon.ico");
108 } 108 }
109 109
110 return this._favicon; 110 return this._favicon;
111 }, 111 },
112 112
113 //------------------------------------------------------------------------- 113 //-------------------------------------------------------------------------
114 114
115 'fixedFavicon': function() { 115 'fixedFavicon': function() {
116 var result; 116 var result;
117 117
118 if (this._fixedFavicon == null) { 118 if (this._fixedFavicon == null) {
119 result = this.favicon(); 119 result = this.favicon();
@@ -128,24 +128,32 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
128 } 128 }
129 } else { 129 } else {
130 result = this._fixedFavicon; 130 result = this._fixedFavicon;
131 } 131 }
132 132
133 return result; 133 return result;
134 }, 134 },
135 135
136 'setFixedFavicon': function(aValue) { 136 'setFixedFavicon': function(aValue) {
137 this._fixedFavicon = aValue; 137 this._fixedFavicon = aValue;
138 }, 138 },
139 139
140 'action': function () {
141 varresult;
142
143 result = Clipperz.Base.sanitizeUrl(this.formData()['attributes']['action']);
144
145 return result;
146 },
147
140 //------------------------------------------------------------------------- 148 //-------------------------------------------------------------------------
141 149
142 'bookmarkletVersion': function() { 150 'bookmarkletVersion': function() {
143 return this._bookmarkletVersion; 151 return this._bookmarkletVersion;
144 }, 152 },
145 153
146 'setBookmarkletVersion': function(aValue) { 154 'setBookmarkletVersion': function(aValue) {
147 this._bookmarkletVersion = aValue; 155 this._bookmarkletVersion = aValue;
148 }, 156 },
149 157
150 //------------------------------------------------------------------------- 158 //-------------------------------------------------------------------------
151 159
@@ -433,25 +441,25 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
433 MochiKit.DOM.withWindow(aWindow, MochiKit.Base.bind(function() { 441 MochiKit.DOM.withWindow(aWindow, MochiKit.Base.bind(function() {
434 var formElement; 442 var formElement;
435 varformSubmitFunction; 443 varformSubmitFunction;
436 var submitButtons; 444 var submitButtons;
437 445
438//MochiKit.Logging.logDebug("### runDirectLogin - 3"); 446//MochiKit.Logging.logDebug("### runDirectLogin - 3");
439 // MochiKit.DOM.currentDocument().write('<html><head><title>' + this.label() + '</title><META http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body></body></html>') 447 // MochiKit.DOM.currentDocument().write('<html><head><title>' + this.label() + '</title><META http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body></body></html>')
440//MochiKit.Logging.logDebug("### runDirectLogin - 3.1"); 448//MochiKit.Logging.logDebug("### runDirectLogin - 3.1");
441 MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.H3(null, "Loading " + this.label() + " ...")); 449 MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.H3(null, "Loading " + this.label() + " ..."));
442//MochiKit.Logging.logDebug("### runDirectLogin - 4"); 450//MochiKit.Logging.logDebug("### runDirectLogin - 4");
443//console.log(this.formData()['attributes']); 451//console.log(this.formData()['attributes']);
444 formElement = MochiKit.DOM.FORM(MochiKit.Base.update({id:'directLoginForm'}, {'method':this.formData()['attributes']['method'], 452 formElement = MochiKit.DOM.FORM(MochiKit.Base.update({id:'directLoginForm'}, {'method':this.formData()['attributes']['method'],
445 'action':this.formData()['attributes']['action']})); 453 'action': this.action()}));
446//MochiKit.Logging.logDebug("### runDirectLogin - 5"); 454//MochiKit.Logging.logDebug("### runDirectLogin - 5");
447 formSubmitFunction = MochiKit.Base.method(formElement, 'submit'); 455 formSubmitFunction = MochiKit.Base.method(formElement, 'submit');
448//MochiKit.Logging.logDebug("### runDirectLogin - 6"); 456//MochiKit.Logging.logDebug("### runDirectLogin - 6");
449 457
450 MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, 458 MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body,
451 MochiKit.DOM.DIV({style:'display:none; visibility:hidden;'}, formElement) 459 MochiKit.DOM.DIV({style:'display:none; visibility:hidden;'}, formElement)
452 ); 460 );
453//MochiKit.Logging.logDebug("### runDirectLogin - 7"); 461//MochiKit.Logging.logDebug("### runDirectLogin - 7");
454 MochiKit.DOM.appendChildNodes(formElement, MochiKit.Base.map(MochiKit.Base.methodcaller("formConfiguration"), 462 MochiKit.DOM.appendChildNodes(formElement, MochiKit.Base.map(MochiKit.Base.methodcaller("formConfiguration"),
455 this.directLoginInputs())); 463 this.directLoginInputs()));
456//MochiKit.Logging.logDebug("### runDirectLogin - 8"); 464//MochiKit.Logging.logDebug("### runDirectLogin - 8");
457 465
@@ -478,27 +486,27 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
478 } 486 }
479 487
480 }, this)); 488 }, this));
481 }, 489 },
482 490
483 //------------------------------------------------------------------------- 491 //-------------------------------------------------------------------------
484 492
485 'runDirectLogin': function(aNewWindow) { 493 'runDirectLogin': function(aNewWindow) {
486 varnewWindow; 494 varnewWindow;
487 495
488//console.log("formData.attributes", this.formData()['attributes']); 496//console.log("formData.attributes", this.formData()['attributes']);
489 // if (/^javascript/.test(this.formData()['attributes']['action'])) { 497 // if (/^javascript/.test(this.formData()['attributes']['action'])) {
490 if ((/^(https?|webdav|ftp)\:/.test(this.formData()['attributes']['action']) == false) && 498 if ((/^(https?|webdav|ftp)\:/.test(this.action()) == false) &&
491 (this.formData()['attributes']['type'] != 'http_auth')) 499 (this.formData()['attributes']['type'] != 'http_auth')
492 { 500 ) {
493 var messageBoxConfiguration; 501 var messageBoxConfiguration;
494 502
495 if (typeof(aNewWindow) != 'undefined') { 503 if (typeof(aNewWindow) != 'undefined') {
496 aNewWindow.close(); 504 aNewWindow.close();
497 } 505 }
498 506
499 messageBoxConfiguration = {}; 507 messageBoxConfiguration = {};
500 messageBoxConfiguration.title = Clipperz.PM.Strings['VulnerabilityWarning_Panel_title']; 508 messageBoxConfiguration.title = Clipperz.PM.Strings['VulnerabilityWarning_Panel_title'];
501 messageBoxConfiguration.msg = Clipperz.PM.Strings['VulnerabilityWarning_Panel_message']; 509 messageBoxConfiguration.msg = Clipperz.PM.Strings['VulnerabilityWarning_Panel_message'];
502 messageBoxConfiguration.animEl = YAHOO.ext.Element.get("mainDiv"); 510 messageBoxConfiguration.animEl = YAHOO.ext.Element.get("mainDiv");
503 messageBoxConfiguration.progress = false; 511 messageBoxConfiguration.progress = false;
504 messageBoxConfiguration.closable = false; 512 messageBoxConfiguration.closable = false;
diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js
index 236d7c9..ba302da 100644
--- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js
+++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js
@@ -38,25 +38,25 @@ Clipperz.PM.DataModel.DirectLoginReference = function(args) {
38 if (args.directLogin != null) { 38 if (args.directLogin != null) {
39 this._reference = args.directLogin.reference(); 39 this._reference = args.directLogin.reference();
40 this._recordReference = args.directLogin.record().reference(); 40 this._recordReference = args.directLogin.record().reference();
41 this._label = args.directLogin.label(); 41 this._label = args.directLogin.label();
42 this._favicon = args.directLogin.favicon() || null; 42 this._favicon = args.directLogin.favicon() || null;
43 43
44 this._directLogin = args.directLogin; 44 this._directLogin = args.directLogin;
45 this._record = args.directLogin.record(); 45 this._record = args.directLogin.record();
46 } else { 46 } else {
47 this._reference = args.reference; 47 this._reference = args.reference;
48 this._recordReference = args.record; 48 this._recordReference = args.record;
49 this._label = args.label; 49 this._label = args.label;
50 this._favicon = args.favicon || null; 50 this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null;
51 51
52 this._directLogin = null; 52 this._directLogin = null;
53 this._record = null; 53 this._record = null;
54 } 54 }
55 55
56 this._fixedFavicon = null; 56 this._fixedFavicon = null;
57 57
58 return this; 58 return this;
59} 59}
60 60
61Clipperz.PM.DataModel.DirectLoginReference.prototype = MochiKit.Base.update(null, { 61Clipperz.PM.DataModel.DirectLoginReference.prototype = MochiKit.Base.update(null, {
62 62