/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /*global configuration */ /** * @fileoverview * * Provides unified configuration for all features. * * This is a custom shindig library that has not yet been submitted for * standardization. It is designed to make developing of features for the * opensocial / gadgets platforms easier and is intended as a supplemental * tool to Shindig's standardized feature loading mechanism. * * Usage: * First, you must register a component that needs configuration: *

 *   var config = {
 *     name : gadgets.config.NonEmptyStringValidator,
 *     url : new gadgets.config.RegExValidator(/.+%mySpecialValue%.+/)
 *   };
 *   gadgets.config.register("my-feature", config, myCallback);
 *

* * This will register a component named "my-feature" that expects input config * containing a "name" field with a value that is a non-empty string, and a * "url" field with a value that matches the given regular expression. * * When gadgets.config.init is invoked by the container, it will automatically * validate your registered configuration and will throw an exception if * the provided configuration does not match what was required. * * Your callback will be invoked by passing all configuration data passed to * gadgets.config.init, which allows you to optionally inspect configuration * from other features, if present. * * Note that the container may optionally bypass configuration validation for * performance reasons. This does not mean that you should duplicate validation * code, it simply means that validation will likely only be performed in debug * builds, and you should assume that production builds always have valid * configuration. */ var gadgets = gadgets || {}; gadgets.config = function() { var components = []; return { /** * Registers a configurable component and its configuration parameters. * Multiple callbacks may be registered for a single component if needed. * * @param {String} component The name of the component to register. Should * be the same as the fully qualified name of the feature or * the name of a fully qualified javascript object reference * (e.g. "gadgets.io"). * @param {Object} opt_validators Mapping of option name to validation * functions that take the form function(data) {return isValid(data);} * @param {Function} opt_callback A function to be invoked when a * configuration is registered. If passed, this function will be invoked * immediately after a call to init has been made. Do not assume that * dependent libraries have been configured until after init is * complete. If you rely on this, it is better to defer calling * dependent libraries until you can be sure that configuration is * complete. Takes the form function(config), where config will be * all registered config data for all components. This allows your * component to read configuration from other components. */ register: function(component, opt_validators, opt_callback) { var registered = components[component]; if (!registered) { registered = []; components[component] = registered; } registered.push({ validators: opt_validators || {}, callback: opt_callback }); }, /** * Retrieves configuration data on demand. * * @param {String} opt_component The component to fetch. If not provided * all configuration will be returned. * @return {Object} The requested configuration, or an empty object if no * configuration has been registered for that component. */ get: function(opt_component) { if (opt_component) { return configuration[opt_component] || {}; } return configuration; }, /** * Initializes the configuration. * * @param {Object} config The full set of configuration data. * @param {Boolean} opt_noValidation True if you want to skip validation. * @throws {Error} If there is a configuration error. */ init: function(config, opt_noValidation) { configuration = config; for (var name in components) { if (components.hasOwnProperty(name)) { var componentList = components[name], conf = config[name]; for (var i = 0, j = componentList.length; i < j; ++i) { var component = componentList[i]; if (conf && !opt_noValidation) { var validators = component.validators; for (var v in validators) { if (validators.hasOwnProperty(v)) { if (!validators[v](conf[v])) { throw new Error('Invalid config value "' + conf[v] + '" for parameter "' + v + '" in component "' + name + '"'); } } } } if (component.callback) { component.callback(config); } } } } }, // Standard validators go here. /** * Ensures that data is one of a fixed set of items. * @param {Array.} list The list of valid values. * Also supports argument sytax: EnumValidator("Dog", "Cat", "Fish"); */ EnumValidator: function(list) { var listItems = []; if (arguments.length > 1) { for (var i = 0, arg; (arg = arguments[i]); ++i) { listItems.push(arg); } } else { listItems = list; } return function(data) { for (var i = 0, test; (test = listItems[i]); ++i) { if (data === listItems[i]) { return true; } } }; }, /** * Tests the value against a regular expression. */ RegExValidator: function(re) { return function(data) { return re.test(data); }; }, /** * Validates that a value was provided. */ ExistsValidator: function(data) { return typeof data !== "undefined"; }, /** * Validates that a value is a non-empty string. */ NonEmptyStringValidator: function(data) { return typeof data === "string" && data.length > 0; }, /** * Validates that the value is a boolean. */ BooleanValidator: function(data) { return typeof data === "boolean"; }, /** * Similar to the ECMAScript 4 virtual typing system, ensures that * whatever object was passed in is "like" the existing object. * Doesn't actually do type validation though, but instead relies * on other validators. * * example: * * var validator = new gadgets.config.LikeValidator( * "booleanField" : gadgets.config.BooleanValidator, * "regexField" : new gadgets.config.RegExValidator(/foo.+/); * ); * * This can be used recursively as well to validate sub-objects. * * @param {Object} test The object to test against. */ LikeValidator : function(test) { return function(data) { for (var member in test) { if (test.hasOwnProperty(member)) { var t = test[member]; if (!t(data[member])) { return false; } } } return true; }; } }; }(); ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ var gadgets = gadgets || {}; /** * @fileoverview General purpose utilities that gadgets can use. */ /** * @static * @class Provides general-purpose utility functions. * @name gadgets.util */ gadgets.util = function() { /** * Parses URL parameters into an object. * @return {Array.<String>} The parameters */ function parseUrlParams(url) { // Get settings from url, 'hash' takes precedence over 'search' component // don't use document.location.hash due to browser differences. var query; var l = url; var queryIdx = l.indexOf("?"); var hashIdx = l.indexOf("#"); if (hashIdx === -1) { query = l.substr(queryIdx + 1); } else { // essentially replaces "#" with "&" query = [l.substr(queryIdx + 1, hashIdx - queryIdx - 1), "&", l.substr(hashIdx + 1)].join(""); } return query.split("&"); } var parameters = null; var features = {}; var services = {}; var onLoadHandlers = []; // Maps code points to the value to replace them with. // If the value is "false", the character is removed entirely, otherwise // it will be replaced with an html entity. var escapeCodePoints = { // nul; most browsers truncate because they use c strings under the covers. 0 : false, // new line 10 : true, // carriage return 13 : true, // double quote 34 : true, // single quote 39 : true, // less than 60 : true, // greater than 62 : true, // Backslash 92 : true, // line separator 8232 : true, // paragraph separator 8233 : true }; /** * Regular expression callback that returns strings from unicode code points. * * @param {Array} match Ignored * @param {String} value The codepoint value to convert * @return {String} The character corresponding to value. */ function unescapeEntity(match, value) { return String.fromCharCode(value); } /** * Initializes feature parameters. */ function init(config) { features = config["core.util"] || {}; } if (gadgets.config) { gadgets.config.register("core.util", null, init); } return /** @scope gadgets.util */ { /** * Gets the URL parameters. * * @param {String} opt_url Optional URL whose parameters to parse. * Defaults to window's current URL. * @return {Object} Parameters passed into the query string * @member gadgets.util * @private Implementation detail. */ getUrlParameters : function (opt_url) { if (parameters !== null && typeof opt_url === "undefined") { // "parameters" is a cache of current window params only. return parameters; } var parsed = {}; parameters = {}; var pairs = parseUrlParams(opt_url || document.location.href); var unesc = window.decodeURIComponent ? decodeURIComponent : unescape; for (var i = 0, j = pairs.length; i < j; ++i) { var pos = pairs[i].indexOf('='); if (pos === -1) { continue; } var argName = pairs[i].substring(0, pos); var value = pairs[i].substring(pos + 1); // difference to IG_Prefs, is that args doesn't replace spaces in // argname. Unclear on if it should do: // argname = argname.replace(/\+/g, " "); value = value.replace(/\+/g, " "); parsed[argName] = unesc(value); } if (typeof opt_url === "undefined") { // Cache current-window params in parameters var. parameters = parsed; } return parsed; }, /** * Creates a closure that is suitable for passing as a callback. * Any number of arguments * may be passed to the callback; * they will be received in the order they are passed in. * * @param {Object} scope The execution scope; may be null if there is no * need to associate a specific instance of an object with this * callback * @param {Function} callback The callback to invoke when this is run; * any arguments passed in will be passed after your initial arguments * @param {Object} var_args Initial arguments to be passed to the callback * * @member gadgets.util * @private Implementation detail. */ makeClosure : function (scope, callback, var_args) { // arguments isn't a real array, so we copy it into one. var baseArgs = []; for (var i = 2, j = arguments.length; i < j; ++i) { baseArgs.push(arguments[i]); } return function() { // append new arguments. var tmpArgs = baseArgs.slice(); for (var i = 0, j = arguments.length; i < j; ++i) { tmpArgs.push(arguments[i]); } return callback.apply(scope, tmpArgs); }; }, /** * Utility function for generating an "enum" from an array. * * @param {Array.} values The values to generate. * @return {Map<String,String>} An object with member fields to handle * the enum. * * @private Implementation detail. */ makeEnum : function (values) { var obj = {}; for (var i = 0, v; (v = values[i]); ++i) { obj[v] = v; } return obj; }, /** * Gets the feature parameters. * * @param {String} feature The feature to get parameters for * @return {Object} The parameters for the given feature, or null * * @member gadgets.util */ getFeatureParameters : function (feature) { return typeof features[feature] === "undefined" ? null : features[feature]; }, /** * Returns whether the current feature is supported. * * @param {String} feature The feature to test for * @return {Boolean} True if the feature is supported * * @member gadgets.util */ hasFeature : function (feature) { return typeof features[feature] !== "undefined"; }, /** * Returns the list of services supported by the server * serving this gadget. * * @return {Object} List of Services that enumerate their methods * * @member gadgets.util */ getServices : function () { return services; }, /** * Registers an onload handler. * @param {Function} callback The handler to run * * @member gadgets.util */ registerOnLoadHandler : function (callback) { onLoadHandlers.push(callback); }, /** * Runs all functions registered via registerOnLoadHandler. * @private Only to be used by the container, not gadgets. */ runOnLoadHandlers : function () { for (var i = 0, j = onLoadHandlers.length; i < j; ++i) { onLoadHandlers[i](); } }, /** * Escapes the input using html entities to make it safer. * * If the input is a string, uses gadgets.util.escapeString. * If it is an array, calls escape on each of the array elements * if it is an object, will only escape all the mapped keys and values if * the opt_escapeObjects flag is set. This operation involves creating an * entirely new object so only set the flag when the input is a simple * string to string map. * Otherwise, does not attempt to modify the input. * * @param {Object} input The object to escape * @param {Boolean} opt_escapeObjects Whether to escape objects. * @return {Object} The escaped object * @private Only to be used by the container, not gadgets. */ escape : function(input, opt_escapeObjects) { if (!input) { return input; } else if (typeof input === "string") { return gadgets.util.escapeString(input); } else if (typeof input === "array") { for (var i = 0, j = input.length; i < j; ++i) { input[i] = gadgets.util.escape(input[i]); } } else if (typeof input === "object" && opt_escapeObjects) { var newObject = {}; for (var field in input) { if (input.hasOwnProperty(field)) { newObject[gadgets.util.escapeString(field)] = gadgets.util.escape(input[field], true); } } return newObject; } return input; }, /** * Escapes the input using html entities to make it safer. * * Currently not in the spec -- future proposals may change * how this is handled. * * TODO: Parsing the string would probably be more accurate and faster than * a bunch of regular expressions. * * @param {String} str The string to escape * @return {String} The escaped string */ escapeString : function(str) { if (!str) return str; var out = [], ch, shouldEscape; for (var i = 0, j = str.length; i < j; ++i) { ch = str.charCodeAt(i); shouldEscape = escapeCodePoints[ch]; if (shouldEscape === true) { out.push("&#", ch, ";"); } else if (shouldEscape !== false) { // undefined or null are OK. out.push(str.charAt(i)); } } return out.join(""); }, /** * Reverses escapeString * * @param {String} str The string to unescape. */ unescapeString : function(str) { if (!str) return str; return str.replace(/&#([0-9]+);/g, unescapeEntity); } }; }(); // Initialize url parameters so that hash data is pulled in before it can be // altered by a click. gadgets.util.getUrlParameters(); ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * @class * Tame and expose core gadgets.* API to cajoled gadgets */ var tamings___ = tamings___ || []; tamings___.push(function(imports) { caja___.whitelistFuncs([ [gadgets.util, 'escapeString'], [gadgets.util, 'getFeatureParameters'], [gadgets.util, 'hasFeature'], [gadgets.util, 'registerOnLoadHandler'], [gadgets.util, 'unescapeString'] ]); }); ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /*global gadgets */ /** * @fileoverview * * Manages the gadget security token AKA the gadget auth token AKA the * social token. Also provides an API for the container server to * efficiently pass authenticated data to the gadget at render time. * * The shindig.auth package is not part of the opensocial or gadgets spec, * and gadget authors should never use these functions or the security token * directly. These APIs are an implementation detail and are for shindig * internal use only. * * Passing authenticated data into the gadget at render time: * * The gadget auth token is the only way for the container to allow the * gadget access to authenticated data. gadgets.io.makeRequest for SIGNED * or OAUTH requests relies on the authentication token. Access to social data * also relies on the authentication token. * * The authentication token is normally passed into the gadget on the URL * fragment (after the #), and so is not visible to the gadget rendering * server. This keeps the token from being leaked in referer headers, but at * the same time limits the amount of authenticated data the gadget can view * quickly: fetching authenticated data requires an extra round trip. * * If the authentication token is passed to the gadget as a query parameter, * the gadget rendering server gets an opportunity to view the token during * the rendering process. This allows the rendering server to quickly inject * authenticated data into the gadget, at the price of potentially leaking * the authentication token in referer headers. That risk can be mitigated * by using a short-lived authentication token on the query string, which * the gadget server can swap for a longer lived token at render time. * * If the rendering server injects authenticated data into the gadget in the * form of a JSON string, the resulting javascript object can be accessed via * shindig.auth.getTrustedData. * * To access the security token: * var st = shindig.auth.getSecurityToken(); * * To update the security token with new data from the gadget server: * shindig.auth.updateSecurityToken(newToken); * * To quickly access a javascript object that has been authenticated by the * container and the rendering server: * var trusted = shindig.auth.getTrustedData(); * doSomething(trusted.foo.bar); */ var shindig = shindig || {}; /** * Class used to mange the gadget auth token. Singleton initialized from * auth-init.js. * * @constructor */ shindig.Auth = function() { /** * The authentication token. */ var authToken = null; /** * Trusted object from container. */ var trusted = null; /** * Copy URL parameters into the auth token * * The initial auth token can look like this: * t=abcd&url=$&foo= * * If any of the values in the token are '$', a matching parameter * from the URL will be inserted, for example: * t=abcd&url=http%3A%2F%2Fsome.gadget.com&foo= * * Why do this at all? The only currently known use case for this is * efficiently including the gadget URL in the auth token. If you embed * the entire URL in the security token, you effectively double the size * of the URL passed on the gadget rendering request: * /gadgets/ifr?url=#st= * * This can push the gadget render URL beyond the max length supported * by browsers, and then things break. To work around this, the * security token can include only a (much shorter) hash of the gadget-url: * /gadgets/ifr?url=#st= * * However, we still want the proxy that handles gadgets.io.makeRequest * to be able to look up the gadget URL efficiently, without requring * a database hit. To do that, we modify the auth token here to fill * in any blank values. The auth token then becomes: * t=&url= * * We send the expanded auth token in the body of post requests, so we * don't run into problems with length there. (But people who put * several hundred characters in their gadget URLs are still lame.) */ function addParamsToToken(urlParams) { var args = authToken.split('&'); for (var i = 0; i < args.length; i++) { var nameAndValue = args[i].split('='); if (nameAndValue.length === 2) { var name = nameAndValue[0]; var value = nameAndValue[1]; if (value === '$') { value = encodeURIComponent(urlParams[name]); args[i] = name + '=' + value; } } } authToken = args.join('&'); } function init (configuration) { var urlParams = gadgets.util.getUrlParameters(); var config = configuration["shindig.auth"] || {}; // Auth token - might be injected into the gadget directly, or might // be on the URL (hopefully on the fragment). if (config.authToken) { authToken = config.authToken; } else if (urlParams.st) { authToken = urlParams.st; } if (authToken !== null) { addParamsToToken(urlParams); } // Trusted JSON. We use eval directly because this was injected by the // container server and json parsing is slow in IE. if (config.trustedJson) { trusted = eval("(" + config.trustedJson + ")"); } } gadgets.config.register("shindig.auth", null, init); return /** @scope shindig.auth */ { /** * Gets the auth token. * * @return {String} the gadget authentication token * * @member shindig.auth */ getSecurityToken : function() { return authToken; }, /** * Updates the security token with new data from the gadget server. * * @param {String} newToken the new auth token data. * * @member shindig.auth */ updateSecurityToken : function(newToken) { authToken = newToken; }, /** * Quickly retrieves data that is known to have been injected by * a trusted container server. */ getTrustedData : function() { return trusted; } }; }; ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * @fileoverview * * Bootstraps auth.js. */ var shindig = shindig || {}; shindig.auth = new shindig.Auth(); ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * @fileoverview * The global object gadgets.json contains two methods. * * gadgets.json.stringify(value) takes a JavaScript value and produces a JSON * text. The value must not be cyclical. * * gadgets.json.parse(text) takes a JSON text and produces a JavaScript value. * It will return false if there is an error. */ var gadgets = gadgets || {}; /** * @static * @class Provides operations for translating objects to and from JSON. * @name gadgets.json */ /** * Port of the public domain JSON library by Douglas Crockford. * See: http://www.json.org/json2.js */ if (window.JSON && window.JSON.parse && window.JSON.stringify) { // HTML5 implementation, or already defined. // Not a direct alias as the opensocial specification disagrees with the HTML5 JSON spec. // JSON says to throw on parse errors and to support filtering functions. OS does not. gadgets.json = { parse: function(str) { try { return window.JSON.parse(str); } catch (e) { return false; } }, stringify: function(obj) { try { return window.JSON.stringify(obj); } catch (e) { return null; } } }; } else { gadgets.json = function () { /** * Formats integers to 2 digits. * @param {Number} n */ function f(n) { return n < 10 ? '0' + n : n; } Date.prototype.toJSON = function () { return [this.getUTCFullYear(), '-', f(this.getUTCMonth() + 1), '-', f(this.getUTCDate()), 'T', f(this.getUTCHours()), ':', f(this.getUTCMinutes()), ':', f(this.getUTCSeconds()), 'Z'].join(""); }; // table of character substitutions var m = { '\b': '\\b', '\t': '\\t', '\n': '\\n', '\f': '\\f', '\r': '\\r', '"' : '\\"', '\\': '\\\\' }; /** * Converts a json object into a string. */ function stringify(value) { var a, // The array holding the partial texts. i, // The loop counter. k, // The member key. l, // Length. r = /["\\\x00-\x1f\x7f-\x9f]/g, v; // The member value. switch (typeof value) { case 'string': // If the string contains no control characters, no quote characters, and no // backslash characters, then we can safely slap some quotes around it. // Otherwise we must also replace the offending characters with safe ones. return r.test(value) ? '"' + value.replace(r, function (a) { var c = m[a]; if (c) { return c; } c = a.charCodeAt(); return '\\u00' + Math.floor(c / 16).toString(16) + (c % 16).toString(16); }) + '"' : '"' + value + '"'; case 'number': // JSON numbers must be finite. Encode non-finite numbers as null. return isFinite(value) ? String(value) : 'null'; case 'boolean': case 'null': return String(value); case 'object': // Due to a specification blunder in ECMAScript, // typeof null is 'object', so watch out for that case. if (!value) { return 'null'; } // toJSON check removed; re-implement when it doesn't break other libs. a = []; if (typeof value.length === 'number' && !value.propertyIsEnumerable('length')) { // The object is an array. Stringify every element. Use null as a // placeholder for non-JSON values. l = value.length; for (i = 0; i < l; i += 1) { a.push(stringify(value[i]) || 'null'); } // Join all of the elements together and wrap them in brackets. return '[' + a.join(',') + ']'; } // Otherwise, iterate through all of the keys in the object. for (k in value) { if (k.match('___$')) continue; if (value.hasOwnProperty(k)) { if (typeof k === 'string') { v = stringify(value[k]); if (v) { a.push(stringify(k) + ':' + v); } } } } // Join all of the member texts together and wrap them in braces. return '{' + a.join(',') + '}'; } } return { stringify: stringify, parse: function (text) { // Parsing happens in three stages. In the first stage, we run the text against // regular expressions that look for non-JSON patterns. We are especially // concerned with '()' and 'new' because they can cause invocation, and '=' // because it can cause mutation. But just to be safe, we want to reject all // unexpected forms. // We split the first stage into 4 regexp operations in order to work around // crippling inefficiencies in IE's and Safari's regexp engines. First we // replace all backslash pairs with '@' (a non-JSON character). Second, we // replace all simple value tokens with ']' characters. Third, we delete all // open brackets that follow a colon or comma or that begin the text. Finally, // we look to see that the remaining characters are only whitespace or ']' or // ',' or ':' or '{' or '}'. If that is so, then the text is safe for eval. if (/^[\],:{}\s]*$/.test(text.replace(/\\["\\\/b-u]/g, '@'). replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, ']'). replace(/(?:^|:|,)(?:\s*\[)+/g, ''))) { return eval('(' + text + ')'); } // If the text is not JSON parseable, then return false. return false; } }; }(); } ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * @class * Tame and expose core gadgets.* API to cajoled gadgets */ var tamings___ = tamings___ || []; tamings___.push(function(imports) { caja___.whitelistFuncs([ [gadgets.json, 'parse'], [gadgets.json, 'stringify'] ]); }); ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /*global ActiveXObject, DOMParser */ /*global shindig */ var gadgets = gadgets || {}; /** * @fileoverview Provides remote content retrieval facilities. * Available to every gadget. */ /** * @static * @class Provides remote content retrieval functions. * @name gadgets.io */ gadgets.io = function() { /** * Holds configuration-related data such as proxy urls. */ var config = {}; /** * Holds state for OAuth. */ var oauthState; /** * Internal facility to create an xhr request. */ function makeXhr() { var x; if (window.ActiveXObject) { x = new ActiveXObject("Msxml2.XMLHTTP"); if (!x) { x = new ActiveXObject("Microsoft.XMLHTTP"); } return x; } else if (window.XMLHttpRequest) { return new window.XMLHttpRequest(); } } /** * Checks the xobj for errors, may call the callback with an error response * if the error is fatal. * * @param {Object} xobj The XHR object to check * @param {Function} callback The callback to call if the error is fatal * @return true if the xobj is not ready to be processed */ function hadError(xobj, callback) { if (xobj.readyState !== 4) { return true; } try { if (xobj.status !== 200) { var error = ("" + xobj.status); if(xobj.responseText) { error = error + " " + xobj.responseText; } callback({ errors : [error], rc : xobj.status, text : xobj.responseText }); return true; } } catch(e) { callback({ errors : [e.number + " Error not specified"], rc : e.number, text : e.description }); return true; } return false; } /** * Handles non-proxied XHR callback processing. * * @param {String} url * @param {Function} callback * @param {Object} params * @param {Object} xobj */ function processNonProxiedResponse(url, callback, params, xobj) { if (hadError(xobj, callback)) { return; } var data = { body: xobj.responseText }; callback(transformResponseData(params, data)); } var UNPARSEABLE_CRUFT = "throw 1; < don't be evil' >"; /** * Handles XHR callback processing. * * @param {String} url * @param {Function} callback * @param {Object} params * @param {Object} xobj */ function processResponse(url, callback, params, xobj) { if (hadError(xobj, callback)) { return; } var txt = xobj.responseText; // remove unparseable cruft used to prevent cross-site script inclusion txt = txt.substr(UNPARSEABLE_CRUFT.length); // We are using eval directly here because the outer response comes from a // trusted source, and json parsing is slow in IE. var data = eval("(" + txt + ")"); data = data[url]; // Save off any transient OAuth state the server wants back later. if (data.oauthState) { oauthState = data.oauthState; } // Update the security token if the server sent us a new one if (data.st) { shindig.auth.updateSecurityToken(data.st); } callback(transformResponseData(params, data)); } function transformResponseData(params, data) { // Sometimes rc is not present, generally when used // by jsonrpccontainer, so assume 200 in its absence. var resp = { text: data.body, rc: data.rc || 200, headers: data.headers, oauthApprovalUrl: data.oauthApprovalUrl, oauthError: data.oauthError, oauthErrorText: data.oauthErrorText, errors: [] }; if (resp.rc < 200 || resp.rc >= 400){ resp.errors = [resp.rc + " Error"] } else if (resp.text) { if (resp.rc >= 300 && resp.rc < 400) { // Redirect pages will usually contain arbitrary // HTML which will fail during parsing, inadvertently // causing a 500 response. Thus we treat as text. params.CONTENT_TYPE = "TEXT"; } switch (params.CONTENT_TYPE) { case "JSON": case "FEED": resp.data = gadgets.json.parse(resp.text); if (!resp.data) { resp.errors.push("500 Failed to parse JSON"); resp.rc = 500; resp.data = null; } break; case "DOM": var dom; if (window.ActiveXObject) { dom = new ActiveXObject("Microsoft.XMLDOM"); dom.async = false; dom.validateOnParse = false; dom.resolveExternals = false; if (!dom.loadXML(resp.text)) { resp.errors.push("500 Failed to parse XML"); resp.rc = 500; } else { resp.data = dom; } } else { var parser = new DOMParser(); dom = parser.parseFromString(resp.text, "text/xml"); if ("parsererror" === dom.documentElement.nodeName) { resp.errors.push("500 Failed to parse XML"); resp.rc = 500; } else { resp.data = dom; } } break; default: resp.data = resp.text; break; } } return resp; } /** * Sends an XHR post or get request * * @param realUrl The url to fetch data from that was requested by the gadget * @param proxyUrl The url to proxy through * @param callback The function to call once the data is fetched * @param postData The data to post to the proxyUrl * @param params The params to use when processing the response * @param processResponseFunction The function that should process the * response from the sever before calling the callback */ function makeXhrRequest(realUrl, proxyUrl, callback, paramData, method, params, processResponseFunction, opt_contentType) { var xhr = makeXhr(); if (proxyUrl.indexOf('//') == 0) { proxyUrl = document.location.protocol + proxyUrl; } xhr.open(method, proxyUrl, true); if (callback) { xhr.onreadystatechange = gadgets.util.makeClosure( null, processResponseFunction, realUrl, callback, params, xhr); } if (paramData !== null) { xhr.setRequestHeader('Content-Type', opt_contentType || 'application/x-www-form-urlencoded'); xhr.send(paramData); } else { xhr.send(null); } } /** * Satisfy a request with data that is prefetched as per the gadget Preload * directive. The preloader will only satisfy a request for a specific piece * of content once. * * @param postData The definition of the request to be executed by the proxy * @param params The params to use when processing the response * @param callback The function to call once the data is fetched * @return true if the request can be satisfied by the preloaded content * false otherwise */ function respondWithPreload(postData, params, callback) { if (gadgets.io.preloaded_ && postData.httpMethod === "GET") { for (var i = 0; i < gadgets.io.preloaded_.length; i++) { var preload = gadgets.io.preloaded_[i]; if (preload && (preload.id === postData.url)) { // Only satisfy once delete gadgets.io.preloaded_[i]; if (preload.rc !== 200) { callback({rc: preload.rc, errors : [preload.rc + " Error"]}); } else { if (preload.oauthState) { oauthState = preload.oauthState; } var resp = { body: preload.body, rc: preload.rc, headers: preload.headers, oauthApprovalUrl: preload.oauthApprovalUrl, oauthError: preload.oauthError, oauthErrorText: preload.oauthErrorText, errors: [] }; callback(transformResponseData(params, resp)); } return true; } } } return false; } /** * @param {Object} configuration Configuration settings * @private */ function init (configuration) { config = configuration["core.io"] || {}; } var requiredConfig = { proxyUrl: new gadgets.config.RegExValidator(/.*%(raw)?url%.*/), jsonProxyUrl: gadgets.config.NonEmptyStringValidator }; gadgets.config.register("core.io", requiredConfig, init); return /** @scope gadgets.io */ { /** * Fetches content from the provided URL and feeds that content into the * callback function. * * Example: *

     * gadgets.io.makeRequest(url, fn,
     *    {contentType: gadgets.io.ContentType.FEED});
     *

* * @param {String} url The URL where the content is located * @param {Function} callback The function to call with the data from the * URL once it is fetched * @param {Map.<gadgets.io.RequestParameters, Object>} opt_params * Additional * parameters * to pass to the request * * @member gadgets.io */ makeRequest : function (url, callback, opt_params) { // TODO: This method also needs to respect all members of // gadgets.io.RequestParameters, and validate them. var params = opt_params || {}; var httpMethod = params.METHOD || "GET"; var refreshInterval = params.REFRESH_INTERVAL; // Check if authorization is requested var auth, st; if (params.AUTHORIZATION && params.AUTHORIZATION !== "NONE") { auth = params.AUTHORIZATION.toLowerCase(); st = shindig.auth.getSecurityToken(); } else { // Unauthenticated GET requests are cacheable if (httpMethod === "GET" && refreshInterval === undefined) { refreshInterval = 3600; } } // Include owner information? var signOwner = true; if (typeof params.OWNER_SIGNED !== "undefined") { signOwner = params.OWNER_SIGNED; } // Include viewer information? var signViewer = true; if (typeof params.VIEWER_SIGNED !== "undefined") { signViewer = params.VIEWER_SIGNED; } var headers = params.HEADERS || {}; if (httpMethod === "POST" && !headers["Content-Type"]) { headers["Content-Type"] = "application/x-www-form-urlencoded"; } var urlParams = gadgets.util.getUrlParameters(); var paramData = { url: url, httpMethod : httpMethod, headers: gadgets.io.encodeValues(headers, false), postData : params.POST_DATA || "", authz : auth || "", st : st || "", contentType : params.CONTENT_TYPE || "TEXT", numEntries : params.NUM_ENTRIES || "3", getSummaries : !!params.GET_SUMMARIES, signOwner : signOwner, signViewer : signViewer, gadget : urlParams.url, container : urlParams.container || urlParams.synd || "default", // should we bypass gadget spec cache (e.g. to read OAuth provider URLs) bypassSpecCache : gadgets.util.getUrlParameters().nocache || "" }; // OAuth goodies if (auth === "oauth" || auth === "signed") { if (gadgets.io.oauthReceivedCallbackUrl_) { paramData.OAUTH_RECEIVED_CALLBACK = gadgets.io.oauthReceivedCallbackUrl_; gadgets.io.oauthReceivedCallbackUrl_ = null; } paramData.oauthState = oauthState || ""; // Just copy the OAuth parameters into the req to the server for (opt in params) { if (params.hasOwnProperty(opt)) { if (opt.indexOf("OAUTH_") === 0) { paramData[opt] = params[opt]; } } } } var proxyUrl = config.jsonProxyUrl.replace("%host%", document.location.host); if (!respondWithPreload(paramData, params, callback, processResponse)) { if (httpMethod === "GET" && refreshInterval > 0) { // this content should be cached // Add paramData to the URL var extraparams = "?refresh=" + refreshInterval + '&' + gadgets.io.encodeValues(paramData); makeXhrRequest(url, proxyUrl + extraparams, callback, null, "GET", params, processResponse); } else { makeXhrRequest(url, proxyUrl, callback, gadgets.io.encodeValues(paramData), "POST", params, processResponse); } } }, /** * @private */ makeNonProxiedRequest : function (relativeUrl, callback, opt_params, opt_contentType) { var params = opt_params || {}; makeXhrRequest(relativeUrl, relativeUrl, callback, params.POST_DATA, params.METHOD, params, processNonProxiedResponse, opt_contentType); }, /** * Used to clear out the oauthState, for testing only. * * @private */ clearOAuthState : function () { oauthState = undefined; }, /** * Converts an input object into a URL-encoded data string. * (key=value&...) * * @param {Object} fields The post fields you wish to encode * @param {Boolean} opt_noEscaping An optional parameter specifying whether * to turn off escaping of the parameters. Defaults to false. * @return {String} The processed post data in www-form-urlencoded format. * * @member gadgets.io */ encodeValues : function (fields, opt_noEscaping) { var escape = !opt_noEscaping; var buf = []; var first = false; for (var i in fields) { if (fields.hasOwnProperty(i)) { if (!first) { first = true; } else { buf.push("&"); } buf.push(escape ? encodeURIComponent(i) : i); buf.push("="); buf.push(escape ? encodeURIComponent(fields[i]) : fields[i]); } } return buf.join(""); }, /** * Gets the proxy version of the passed-in URL. * * @param {String} url The URL to get the proxy URL for * @param {Object} opt_params Optional Parameter Object. * The following properties are supported: * .REFRESH_INTERVAL The number of seconds that this * content should be cached. Defaults to 3600. * * @return {String} The proxied version of the URL * * @member gadgets.io */ getProxyUrl : function (url, opt_params) { var params = opt_params || {}; var refresh = params.REFRESH_INTERVAL; if (refresh === undefined) { refresh = "3600"; } var urlParams = gadgets.util.getUrlParameters(); var rewriteMimeParam = params.rewriteMime ? "&rewriteMime=" + encodeURIComponent(params.rewriteMime) : ""; return config.proxyUrl.replace("%url%", encodeURIComponent(url)). replace("%host%", document.location.host). replace("%rawurl%", url). replace("%refresh%", encodeURIComponent(refresh)). replace("%gadget%", encodeURIComponent(urlParams.url)). replace("%container%", encodeURIComponent(urlParams.container || urlParams.synd)). replace("%rewriteMime%", rewriteMimeParam); } }; }(); gadgets.io.RequestParameters = gadgets.util.makeEnum([ "METHOD", "CONTENT_TYPE", "POST_DATA", "HEADERS", "AUTHORIZATION", "NUM_ENTRIES", "GET_SUMMARIES", "REFRESH_INTERVAL", "OAUTH_SERVICE_NAME", "OAUTH_USE_TOKEN", "OAUTH_TOKEN_NAME", "OAUTH_REQUEST_TOKEN", "OAUTH_REQUEST_TOKEN_SECRET", "OAUTH_RECEIVED_CALLBACK" ]); gadgets.io.MethodType = gadgets.util.makeEnum([ "GET", "POST", "PUT", "DELETE", "HEAD" ]); gadgets.io.ContentType = gadgets.util.makeEnum([ "TEXT", "DOM", "JSON", "FEED" ]); gadgets.io.AuthorizationType = gadgets.util.makeEnum([ "NONE", "SIGNED", "OAUTH" ]); ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * @class * Tame and expose core gadgets.io.* API to cajoled gadgets */ var tamings___ = tamings___ || []; tamings___.push(function(imports) { caja___.whitelistFuncs([ [gadgets.io, 'encodeValues'], [gadgets.io, 'getProxyUrl'], [gadgets.io, 'makeRequest'] ]); }); ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * @fileoverview * * Provides access to user prefs, module dimensions, and messages. * * Clients can access their preferences by constructing an instance of * gadgets.Prefs and passing in their module id. Example: * * var prefs = new gadgets.Prefs(); * var name = prefs.getString("name"); * var lang = prefs.getLang(); * * Modules with type=url can also use this library to parse arguments passed * by URL, but this is not the common case: * * <script src="http://apache.org/shindig/prefs.js"></script> * <script> * gadgets.Prefs.parseUrl(); * var prefs = new gadgets.Prefs(); * var name = prefs.getString("name"); * </script≶ */ var gadgets = gadgets || {}; (function() { var instance = null; var prefs = {}; var esc = gadgets.util.escapeString; var messages = {}; var defaultPrefs = {}; var language = "en"; var country = "US"; var moduleId = 0; /** * Parses all parameters from the url and stores them * for later use when creating a new gadgets.Prefs object. */ function parseUrl() { var params = gadgets.util.getUrlParameters(); for (var i in params) { if (params.hasOwnProperty(i)) { if (i.indexOf("up_") === 0 && i.length > 3) { prefs[i.substr(3)] = String(params[i]); } else if (i === "country") { country = params[i]; } else if (i === "lang") { language = params[i]; } else if (i === "mid") { moduleId = params[i]; } } } } /** * Sets default pref values for values left unspecified in the * rendering call, but with default_value provided in the spec. */ function mergeDefaults() { for (var name in defaultPrefs) { if (typeof prefs[name] === 'undefined') { prefs[name] = defaultPrefs[name]; } } } /** * @class * Provides access to user preferences, module dimensions, and messages. * * Clients can access their preferences by constructing an instance of * gadgets.Prefs and passing in their module id. Example: *

var prefs = new gadgets.Prefs();
var name = prefs.getString("name");
var lang = prefs.getLang();

* * @description Creates a new Prefs object. * * Note: this is actually a singleton. All prefs are linked. If you're wondering * why this is a singleton and not just a collection of package functions, the * simple answer is that it's how the spec is written. The spec is written this * way for legacy compatibility with igoogle. */ gadgets.Prefs = function() { if (!instance) { parseUrl(); mergeDefaults(); instance = this; } return instance; }; /** * Sets internal values * @return {Boolean} True if the prefs is modified. */ gadgets.Prefs.setInternal_ = function(key, value) { var wasModified = false; if (typeof key === "string") { if (!prefs.hasOwnProperty(key) || prefs[key] !== value) { wasModified = true; } prefs[key] = value; } else { for (var k in key) { if (key.hasOwnProperty(k)) { var v = key[k]; if (!prefs.hasOwnProperty(k) || prefs[k] !== v) { wasModified = true; } prefs[k] = v; } } } return wasModified; }; /** * Initializes message bundles. */ gadgets.Prefs.setMessages_ = function(msgs) { messages = msgs; }; /** * Initializes default user prefs values. */ gadgets.Prefs.setDefaultPrefs_ = function(defprefs) { defaultPrefs = defprefs; }; /** * Retrieves a preference as a string. * Returned value will be html entity escaped. * * @param {String} key The preference to fetch * @return {String} The preference; if not set, an empty string */ gadgets.Prefs.prototype.getString = function(key) { if (key === ".lang") { key = "lang"; } return prefs[key] ? esc(prefs[key]) : ""; }; /* * Indicates not to escape string values when retrieving them. * This is an internal detail used by _IG_Prefs for backward compatibility. */ gadgets.Prefs.prototype.setDontEscape_ = function() { esc = function(k) { return k; }; }; /** * Retrieves a preference as an integer. * @param {String} key The preference to fetch * @return {Number} The preference; if not set, 0 */ gadgets.Prefs.prototype.getInt = function(key) { var val = parseInt(prefs[key], 10); return isNaN(val) ? 0 : val; }; /** * Retrieves a preference as a floating-point value. * @param {String} key The preference to fetch * @return {Number} The preference; if not set, 0 */ gadgets.Prefs.prototype.getFloat = function(key) { var val = parseFloat(prefs[key]); return isNaN(val) ? 0 : val; }; /** * Retrieves a preference as a boolean. * @param {String} key The preference to fetch * @return {Boolean} The preference; if not set, false */ gadgets.Prefs.prototype.getBool = function(key) { var val = prefs[key]; if (val) { return val === "true" || val === true || !!parseInt(val, 10); } return false; }; /** * Stores a preference. * To use this call, * the gadget must require the feature setprefs. * *

* Note: * If the gadget needs to store an Array it should use setArray instead of * this call. *

* * @param {String} key The pref to store * @param {Object} val The values to store */ gadgets.Prefs.prototype.set = function(key, value) { throw new Error("setprefs feature required to make this call."); }; /** * Retrieves a preference as an array. * UserPref values that were not declared as lists are treated as * one-element arrays. * * @param {String} key The preference to fetch * @return {Array.<String>} The preference; if not set, an empty array */ gadgets.Prefs.prototype.getArray = function(key) { var val = prefs[key]; if (val) { var arr = val.split("|"); // Decode pipe characters. for (var i = 0, j = arr.length; i < j; ++i) { arr[i] = esc(arr[i].replace(/%7C/g, "|")); } return arr; } return []; }; /** * Stores an array preference. * To use this call, * the gadget must require the feature setprefs. * * @param {String} key The pref to store * @param {Array} val The values to store */ gadgets.Prefs.prototype.setArray = function(key, val) { throw new Error("setprefs feature required to make this call."); }; /** * Fetches an unformatted message. * @param {String} key The message to fetch * @return {String} The message */ gadgets.Prefs.prototype.getMsg = function(key) { return messages[key] || ""; }; /** * Gets the current country, returned as ISO 3166-1 alpha-2 code. * * @return {String} The country for this module instance */ gadgets.Prefs.prototype.getCountry = function() { return country; }; /** * Gets the current language the gadget should use when rendering, returned as a * ISO 639-1 language code. * * @return {String} The language for this module instance */ gadgets.Prefs.prototype.getLang = function() { return language; }; /** * Gets the module id for the current instance. * * @return {String | Number} The module id for this module instance */ gadgets.Prefs.prototype.getModuleId = function() { return moduleId; }; })(); ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * @class * Tame and expose core gadgets.* API to cajoled gadgets */ var tamings___ = tamings___ || []; tamings___.push(function(imports) { caja___.whitelistCtors([ [gadgets, 'Prefs', Object] ]); caja___.whitelistMeths([ [gadgets.Prefs, 'getArray'], [gadgets.Prefs, 'getBool'], [gadgets.Prefs, 'getCountry'], [gadgets.Prefs, 'getFloat'], [gadgets.Prefs, 'getInt'], [gadgets.Prefs, 'getLang'], [gadgets.Prefs, 'getMsg'], [gadgets.Prefs, 'getString'], [gadgets.Prefs, 'set'], [gadgets.Prefs, 'setArray'] ]); }); ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /*global gadgets */ // All functions in this file should be treated as deprecated legacy routines. // Gadget authors are explicitly discouraged from using any of them. var JSON = window.JSON || gadgets.json; var _IG_Prefs = (function() { var instance = null; var _IG_Prefs = function() { if (!instance) { instance = new gadgets.Prefs(); instance.setDontEscape_(); } return instance; }; _IG_Prefs._parseURL = gadgets.Prefs.parseUrl; return _IG_Prefs; })(); function _IG_Fetch_wrapper(callback, obj) { callback(obj.data ? obj.data : ""); } function _IG_FetchContent(url, callback, opt_params) { var params = opt_params || {}; // This is really the only legacy parameter documented // at http://code.google.com/apis/gadgets/docs/remote-content.html#Params if (params.refreshInterval) { params['REFRESH_INTERVAL'] = params.refreshInterval; } else { params['REFRESH_INTERVAL'] = 3600; } // Other params, such as POST_DATA, were supported in lower case. // Upper-case all param keys as a convenience, since all valid values // are uppercased. for (var param in params) { var pvalue = params[param]; delete params[param]; params[param.toUpperCase()] = pvalue; } var cb = gadgets.util.makeClosure(null, _IG_Fetch_wrapper, callback); gadgets.io.makeRequest(url, cb, params); } function _IG_FetchXmlContent(url, callback, opt_params) { var params = opt_params || {}; if (params.refreshInterval) { params['REFRESH_INTERVAL'] = params.refreshInterval; } else { params['REFRESH_INTERVAL'] = 3600; } params.CONTENT_TYPE = "DOM"; var cb = gadgets.util.makeClosure(null, _IG_Fetch_wrapper, callback); gadgets.io.makeRequest(url, cb, params); } function _IG_FetchFeedAsJSON(url, callback, numItems, getDescriptions, opt_params) { var params = opt_params || {}; params.CONTENT_TYPE = "FEED"; params.NUM_ENTRIES = numItems; params.GET_SUMMARIES = getDescriptions; gadgets.io.makeRequest(url, function(resp) { // special case error reporting for back-compatibility // see http://code.google.com/apis/gadgets/docs/legacy/remote-content.html#Fetch_JSON resp.data = resp.data || {}; if (resp.errors && resp.errors.length > 0) { resp.data.ErrorMsg = resp.errors[0]; } if (resp.data.link) { resp.data.URL = url; } if (resp.data.title) { resp.data.Title = resp.data.title; } if (resp.data.description) { resp.data.Description = resp.data.description; } if (resp.data.link) { resp.data.Link = resp.data.link; } if (resp.data.items && resp.data.items.length > 0) { resp.data.Entry = resp.data.items; for (var index = 0; index < resp.data.Entry.length; ++index) { var entry = resp.data.Entry[index]; entry.Title = entry.title; entry.Link = entry.link; entry.Summary = entry.summary || entry.description; entry.Date = entry.pubDate; } } for (var ix = 0; ix < resp.data.Entry.length; ++ix) { var entry = resp.data.Entry[ix]; entry.Date = (entry.Date / 1000); // response in sec, not ms } // for Gadgets back-compatibility, return the feed obj directly callback(resp.data); }, params); } function _IG_GetCachedUrl(url, opt_params) { var params = opt_params || {}; params['REFRESH_INTERVAL'] = 3600; if (params.refreshInterval) { params['REFRESH_INTERVAL'] = params.refreshInterval; } return gadgets.io.getProxyUrl(url, params); } function _IG_GetImageUrl(url, opt_params) { return _IG_GetCachedUrl(url, opt_params); } function _IG_GetImage(url) { var img = document.createElement('img'); img.src = _IG_GetCachedUrl(url); return img; } function _IG_RegisterOnloadHandler(callback) { gadgets.util.registerOnLoadHandler(callback); } // _IG_Callback takes the arguments in the scope the callback is executed and // places them first in the argument array. MakeClosure takes the arguments // from the scope at callback construction and pushes them first in the array function _IG_Callback(handler_func, var_args) { var orig_args = arguments; return function() { var combined_args = Array.prototype.slice.call(arguments); // call the handler with all args combined handler_func.apply(null, combined_args.concat(Array.prototype.slice.call(orig_args, 1))); }; } var _args = gadgets.util.getUrlParameters; /** * Fetches an object by document id. * * @param {String | Object} el The element you wish to fetch. You may pass * an object in which allows this to be called regardless of whether or * not the type of the input is known. * @return {HTMLElement} The element, if it exists in the document, or null. */ function _gel(el) { return document.getElementById ? document.getElementById(el) : null; } /** * Fetches elements by tag name. * This is functionally identical to document.getElementsByTagName() * * @param {String} tag The tag to match elements against. * @return {Array.} All elements of this tag type. */ function _gelstn(tag) { if (tag === "*" && document.all) { return document.all; } return document.getElementsByTagName ? document.getElementsByTagName(tag) : []; } /** * Fetches elements with ids matching a given regular expression. * * @param {tagName} tag The tag to match elements against. * @param {RegEx} regex The expression to match. * @return {Array.} All elements of this tag type that match * regex. */ function _gelsbyregex(tagName, regex) { var matchingTags = _gelstn(tagName); var matchingRegex = []; for (var i = 0, j = matchingTags.length; i < j; ++i) { if (regex.test(matchingTags[i].id)) { matchingRegex.push(matchingTags[i]); } } return matchingRegex; } /** * URI escapes the given string. * @param {String} str The string to escape. * @return {String} The escaped string. */ function _esc(str) { return window.encodeURIComponent ? encodeURIComponent(str) : escape(str); } /** * URI unescapes the given string. * @param {String} str The string to unescape. * @return {String} The unescaped string. */ function _unesc(str) { return window.decodeURIComponent ? decodeURIComponent(str) : unescape(str); } /** * Encodes HTML entities such as <, " and >. * * @param {String} str The string to escape. * @return The escaped string. */ function _hesc(str) { return gadgets.util.escapeString(str); } /** * Removes HTML tags from the given input string. * * @param {String} str The string to strip. * @return The stripped string. */ function _striptags(str) { return str.replace(/<\/?[^>]+>/g, ""); } /** * Trims leading & trailing whitespace from the given string. * * @param {String} str The string to trim. * @return {String} The trimmed string. */ function _trim(str) { return str.replace(/^\s+|\s+$/g, ""); } /** * Toggles the given element between being shown and block-style display. * * @param {String | HTMLElement} el The element to toggle. */ function _toggle(el) { el = (typeof el === "string") ? _gel(el) : el; if (el !== null) { if (el.style.display.length === 0 || el.style.display === "block") { el.style.display = "none"; } else if (el.style.display === "none") { el.style.display = "block"; } } } /** * {Number} A counter used by uniqueId(). */ var _global_legacy_uidCounter = 0; /** * @return a unique number. */ function _uid() { return _global_legacy_uidCounter++; } /** * @param {Number} a * @param {Number} b * @return The lesser of a or b. */ function _min(a, b) { return (a < b ? a : b); } /** * @param {Number} a * @param {Number} b * @return The greater of a or b. */ function _max(a, b) { return (a > b ? a : b); } /** * @param {String} name * @param {Array.} sym */ function _exportSymbols(name, sym) { var attach = window; var parts = name.split("."); for (var i = 0, j = parts.length; i < j; i++) { var part = parts[i]; attach[part] = attach[part] || {}; attach = attach[part]; } for (var k = 0, l = sym.length; k < l; k += 2) { attach[sym[k]] = sym[k + 1]; } } ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * @fileoverview * Support for basic logging capability for gadgets, meant to replace * alert(msg) and window.console.log(msg). * * Currently only works on browsers with a console (WebKit based browsers * or Firefox with Firebug extension). * * API is designed to be equivalent to existing console.log | warn | error * logging APIs supported by Firebug and WebKit based browsers. The only * addition is the ability to call gadgets.setLogLevel(). */ var gadgets = gadgets || {}; /** * Log an informational message */ gadgets.log = function(message) { gadgets.log.logAtLevel(gadgets.log.INFO, message); }; /** * Log a warning */ gadgets.warn = function(message) { gadgets.log.logAtLevel(gadgets.log.WARNING, message); }; /** * Log an error */ gadgets.error = function(message) { gadgets.log.logAtLevel(gadgets.log.ERROR, message); }; /** * Sets the log level threshold. * @param {Number} logLevel - New log level threshold. * @static */ gadgets.setLogLevel = function(logLevel) { gadgets.log.logLevelThreshold_ = logLevel; }; /** * Logs a log message if output console is available, and log threshold is met. * @param {Number} level - the level to log with. Optional, defaults to * @param {Object} message - The message to log * gadgets.log.INFO. * @static */ gadgets.log.logAtLevel = function(level, message) { if (level < gadgets.log.logLevelThreshold_ || !gadgets.log._console) { return; } var logger; var gadgetconsole = gadgets.log._console; if (level == gadgets.log.WARNING && gadgetconsole.warn) { gadgetconsole.warn(message) } else if (level == gadgets.log.ERROR && gadgetconsole.error) { gadgetconsole.error(message); } else if (gadgetconsole.log) { gadgetconsole.log(message); } }; /** * Log level for informational logging. * @static */ gadgets.log.INFO = 1; /** * Log level for warning logging. * @static */ gadgets.log.WARNING = 2; /** * Log level for error logging. * @static */ /** * Log level for no logging * @static */ gadgets.log.NONE = 4; /** * Current log level threshold. * @type Number * @private * @static */ gadgets.log.logLevelThreshold_ = gadgets.log.INFO; /** * Console to log to * @private * @static */ gadgets.log._console = window.console ? window.console : window.opera ? window.opera.postError : undefined; ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * @class * Tame and expose core gadgets.* API to cajoled gadgets */ var tamings___ = tamings___ || []; tamings___.push(function(imports) { ___.grantRead(gadgets.log, 'INFO'); ___.grantRead(gadgets.log, 'WARNING'); ___.grantRead(gadgets.log, 'ERROR'); ___.grantRead(gadgets.log, 'NONE'); caja___.whitelistFuncs([ [gadgets, 'log'], [gadgets, 'warn'], [gadgets, 'error'], [gadgets, 'setLogLevel'], [gadgets.log, 'logAtLevel'], ]); }); ; {var css={'properties':(function(){var c=[/^\s*0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+(?:0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+)?$/i,/^\s*(?:(?:(?:thin|medium|thick|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|none|hidden|dotted|dashed|solid|double|groove|ridge|inset|outset|#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow|transparent|inherit)\s+)+|inherit\s+)$/i,/^\s*(?:#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow|transparent|inherit)\s+$/i,/^\s*(?:none|hidden|dotted|dashed|solid|double|groove|ridge|inset|outset|inherit)\s+$/i,/^\s*(?:thin|medium|thick|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|inherit)\s+$/i,/^\s*(?:none|inherit)\s+$/i,/^\s*(?:url$"[^\($\\\"\r\n]+"\)|none|inherit)\s+$/i,/^\s*(?:0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|0|(?:\d+(?:\.\d+)?)%|auto|inherit)\s+$/i,/^\s*(?:0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)|0|[+-]?\d+(?:\.\d+)?%|none|inherit)\s+$/i,/^\s*(?:0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)|0|[+-]?\d+(?:\.\d+)?%|inherit)\s+$/i,/^\s*(?:(?:0(?:\.[0-9]+)?|\.[0-9]+|1(?:\.0+)?)|inherit)\s+$/i,/^\s*(?:(?:(?:#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow|invert|inherit|none|hidden|dotted|dashed|solid|double|groove|ridge|inset|outset|thin|medium|thick|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc))\s+)+|inherit\s+)$/i,/^\s*(?:#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow|invert|inherit)\s+$/i,/^\s*(?:visible|hidden|scroll|auto|no-display|no-content)\s+$/i,/^\s*(?:auto|always|avoid|left|right|inherit)\s+$/i,/^\s*(?:0|[+-]?\d+(?:\.\d+)?m?s|0|(?:\d+(?:\.\d+)?)%|inherit)\s+$/i,/^\s*(?:0|[+-]?\d+(?:\.\d+)?|inherit)\s+$/i,/^\s*(?:clip|ellipsis)\s+$/i,/^\s*(?:normal|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|inherit)\s+$/i];return{'-moz-border-radius':c[0],'-moz-opacity':c[10],'-moz-outline':c[11],'-moz-outline-color':c[12],'-moz-outline-style':c[3],'-moz-outline-width':c[4],'-o-text-overflow':c[17],'-webkit-border-radius':c[0],'azimuth':/^\s*(?:0|[+-]?\d+(?:\.\d+)?(?:deg|g?rad)\s+|(?:(?:left-side|far-left|left|center-left|center|center-right|right|far-right|right-side|behind)\s+)+|leftwards\s+|rightwards\s+|inherit\s+)$/i,'background':/^\s*(?:(?:(?:(?:#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow|transparent|inherit)\s+|(?:url$"[^\($\\\"\r\n]+"\)|none|inherit)\s+|(?:repeat|repeat-x|repeat-y|no-repeat|inherit)\s+|(?:scroll|fixed|inherit)\s+|(?:0|(?:\d+(?:\.\d+)?)%|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|left|center|right)\s+(?:(?:0|(?:\d+(?:\.\d+)?)%|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|top|center|bottom)\s+)?|(?:(?:left|center|right|top|bottom)\s+)+|inherit\s+))+|inherit\s+)$/i,'background-attachment':/^\s*(?:scroll|fixed|inherit)\s+$/i,'background-color':c[2],'background-image':c[6],'background-position':/^\s*(?:(?:0|(?:\d+(?:\.\d+)?)%|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|left|center|right)\s+(?:(?:0|(?:\d+(?:\.\d+)?)%|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|top|center|bottom)\s+)?|(?:(?:left|center|right|top|bottom)\s+)+|inherit\s+)$/i,'background-repeat':/^\s*(?:repeat|repeat-x|repeat-y|no-repeat|inherit)\s+$/i,'border':c[1],'border-bottom':c[1],'border-bottom-color':c[2],'border-bottom-style':c[3],'border-bottom-width':c[4],'border-collapse':/^\s*(?:collapse|separate|inherit)\s+$/i,'border-color':/^\s*(?:(?:(?:#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow|transparent)\s+){1,4}|inherit\s+)$/i,'border-left':c[1],'border-left-color':c[2],'border-left-style':c[3],'border-left-width':c[4],'border-radius':c[0],'border-right':c[1],'border-right-color':c[2],'border-right-style':c[3],'border-right-width':c[4],'border-spacing':/^\s*(?:0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+(?:0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+)?|inherit\s+)$/i,'border-style':/^\s*(?:(?:(?:none|hidden|dotted|dashed|solid|double|groove|ridge|inset|outset)\s+){1,4}|inherit\s+)$/i,'border-top':c[1],'border-top-color':c[2],'border-top-style':c[3],'border-top-width':c[4],'border-width':/^\s*(?:(?:(?:thin|medium|thick|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc))\s+){1,4}|inherit\s+)$/i,'bottom':c[7],'caption-side':/^\s*(?:top|bottom|inherit)\s+$/i,'clear':/^\s*(?:none|left|right|both|inherit)\s+$/i,'clip':/^\s*(?:auto|inherit)\s+$/i,'color':/^\s*(?:#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow|inherit)\s+$/i,'counter-increment':c[5],'counter-reset':c[5],'cue':/^\s*(?:(?:(?:url$"[^\($\\\"\r\n]+"\)|none|inherit)\s+)+|inherit\s+)$/i,'cue-after':c[6],'cue-before':c[6],'cursor':/^\s*(?:(?:url$"[^\($\\\"\r\n]+"\)\s+,\s+)*(?:auto|crosshair|default|pointer|move|e-resize|ne-resize|nw-resize|n-resize|se-resize|sw-resize|s-resize|w-resize|text|wait|help|progress|all-scroll|col-resize|hand|no-drop|not-allowed|row-resize|vertical-text)|inherit)\s+$/i,'direction':/^\s*(?:ltr|rtl|inherit)\s+$/i,'display':/^\s*(?:inline|block|list-item|run-in|inline-block|table|inline-table|table-row-group|table-header-group|table-footer-group|table-row|table-column-group|table-column|table-cell|table-caption|none|inherit|-moz-inline-box|-moz-inline-stack)\s+$/i,'elevation':/^\s*(?:0|[+-]?\d+(?:\.\d+)?(?:deg|g?rad)|below|level|above|higher|lower|inherit)\s+$/i,'empty-cells':/^\s*(?:show|hide|inherit)\s+$/i,'float':/^\s*(?:left|right|none|inherit)\s+$/i,'font':/^\s*(?:(?:(?:normal|italic|oblique|inherit|small-caps|bold|bolder|lighter|100|200|300|400|500|600|700|800|900)\s+)+(?:xx-small|x-small|small|medium|large|x-large|xx-large|(?:small|larg)er|0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)|0|[+-]?\d+(?:\.\d+)?%|inherit)\s+(?:\/\s+(?:normal|0|(?:\d+(?:\.\d+)?)|0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)|0|[+-]?\d+(?:\.\d+)?%|inherit)\s+)?(?:(?:"\w(?:[\w-]*\w)(?:\s+\w([\w-]*\w))*"|serif|sans-serif|cursive|fantasy|monospace)\s+(?:,\s+(?:"\w(?:[\w-]*\w)(?:\s+\w([\w-]*\w))*"|serif|sans-serif|cursive|fantasy|monospace)\s+)*|inherit\s+)|caption\s+|icon\s+|menu\s+|message-box\s+|small-caption\s+|status-bar\s+|inherit\s+)$/i,'font-family':/^\s*(?:(?:"\w(?:[\w-]*\w)(?:\s+\w([\w-]*\w))*"|serif|sans-serif|cursive|fantasy|monospace)\s+(?:,\s+(?:"\w(?:[\w-]*\w)(?:\s+\w([\w-]*\w))*"|serif|sans-serif|cursive|fantasy|monospace)\s+)*|inherit\s+)$/i,'font-size':/^\s*(?:xx-small|x-small|small|medium|large|x-large|xx-large|(?:small|larg)er|0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)|0|[+-]?\d+(?:\.\d+)?%|inherit)\s+$/i,'font-stretch':/^\s*(?:normal|wider|narrower|ultra-condensed|extra-condensed|condensed|semi-condensed|semi-expanded|expanded|extra-expanded|ultra-expanded)\s+$/i,'font-style':/^\s*(?:normal|italic|oblique|inherit)\s+$/i,'font-variant':/^\s*(?:normal|small-caps|inherit)\s+$/i,'font-weight':/^\s*(?:normal|bold|bolder|lighter|100|200|300|400|500|600|700|800|900|inherit)\s+$/i,'height':c[7],'left':c[7],'letter-spacing':c[18],'line-height':/^\s*(?:normal|0|(?:\d+(?:\.\d+)?)|0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)|0|[+-]?\d+(?:\.\d+)?%|inherit)\s+$/i,'list-style':/^\s*(?:(?:(?:disc|circle|square|decimal|decimal-leading-zero|lower-roman|upper-roman|lower-greek|lower-latin|upper-latin|armenian|georgian|lower-alpha|upper-alpha|none|inherit|inside|outside|url$"[^\($\\\"\r\n]+"\))\s+)+|inherit\s+)$/i,'list-style-image':c[6],'list-style-position':/^\s*(?:inside|outside|inherit)\s+$/i,'list-style-type':/^\s*(?:disc|circle|square|decimal|decimal-leading-zero|lower-roman|upper-roman|lower-greek|lower-latin|upper-latin|armenian|georgian|lower-alpha|upper-alpha|none|inherit)\s+$/i,'margin':/^\s*(?:(?:(?:0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|0|(?:\d+(?:\.\d+)?)%|auto)\s+){1,4}|inherit\s+)$/i,'margin-bottom':c[7],'margin-left':c[7],'margin-right':c[7],'margin-top':c[7],'max-height':c[8],'max-width':c[8],'min-height':c[9],'min-width':c[9],'opacity':c[10],'outline':c[11],'outline-color':c[12],'outline-style':c[3],'outline-width':c[4],'overflow':/^\s*(?:visible|hidden|scroll|auto|inherit)\s+$/i,'overflow-x':c[13],'overflow-y':c[13],'padding':/^\s*(?:(?:(?:0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)|0|[+-]?\d+(?:\.\d+)?%)\s+){1,4}|inherit\s+)$/i,'padding-bottom':c[9],'padding-left':c[9],'padding-right':c[9],'padding-top':c[9],'page-break-after':c[14],'page-break-before':c[14],'page-break-inside':/^\s*(?:avoid|auto|inherit)\s+$/i,'pause':/^\s*(?:(?:(?:0|[+-]?\d+(?:\.\d+)?m?s|0|(?:\d+(?:\.\d+)?)%)\s+){1,2}|inherit\s+)$/i,'pause-after':c[15],'pause-before':c[15],'pitch':/^\s*(?:0|(?:\d+(?:\.\d+)?)k?Hz|x-low|low|medium|high|x-high|inherit)\s+$/i,'pitch-range':c[16],'play-during':/^\s*(?:url$"[^\($\\\"\r\n]+"\)\s+(?:(?:mix|repeat)\s+)+|auto\s+|none\s+|inherit\s+)$/i,'position':/^\s*(?:static|relative|absolute|fixed|inherit)\s+$/i,'quotes':c[5],'richness':c[16],'right':c[7],'speak':/^\s*(?:normal|none|spell-out|inherit)\s+$/i,'speak-header':/^\s*(?:once|always|inherit)\s+$/i,'speak-numeral':/^\s*(?:digits|continuous|inherit)\s+$/i,'speak-punctuation':/^\s*(?:code|none|inherit)\s+$/i,'speech-rate':/^\s*(?:0|[+-]?\d+(?:\.\d+)?|x-slow|slow|medium|fast|x-fast|faster|slower|inherit)\s+$/i,'stress':c[16],'table-layout':/^\s*(?:auto|fixed|inherit)\s+$/i,'text-align':/^\s*(?:left|right|center|justify|inherit)\s+$/i,'text-decoration':/^\s*(?:none\s+|(?:(?:underline|overline|line-through|blink)\s+)+|inherit\s+)$/i,'text-indent':/^\s*(?:0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|0|(?:\d+(?:\.\d+)?)%|inherit)\s+$/i,'text-overflow':c[17],'text-shadow':/^\s*(?:none\s+|(?:(?:(?:#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow)\s+0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+(?:0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)\s+)?|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+(?:0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)\s+)?(?:(?:#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow)\s+)?),\s+)*(?:(?:#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow)\s+0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+(?:0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)\s+)?|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)\s+(?:0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)\s+)?(?:(?:#(?:[0-9a-f]{3}){1,2}|aqua|black|blue|fuchsia|gray|green|lime|maroon|navy|olive|orange|purple|red|silver|teal|white|yellow)\s+)?))$/i,'text-transform':/^\s*(?:capitalize|uppercase|lowercase|none|inherit)\s+$/i,'text-wrap':/^\s*(?:normal|unrestricted|none|suppress)\s+$/i,'top':c[7],'unicode-bidi':/^\s*(?:normal|embed|bidi-override|inherit)\s+$/i,'vertical-align':/^\s*(?:baseline|sub|super|top|text-top|middle|bottom|text-bottom|0|(?:\d+(?:\.\d+)?)%|0|[+-]?\d+(?:\.\d+)?(?:em|ex|px|in|cm|mm|pt|pc)|inherit)\s+$/i,'visibility':/^\s*(?:visible|hidden|collapse|inherit)\s+$/i,'voice-family':/^\s*(?:(?:(?:"\w(?:[\w-]*\w)(?:\s+\w([\w-]*\w))*"|male|female|child)\s+,\s+)*(?:"\w(?:[\w-]*\w)(?:\s+\w([\w-]*\w))*"|male|female|child)|inherit)\s+$/i,'volume':/^\s*(?:0|(?:\d+(?:\.\d+)?)|0|[+-]?\d+(?:\.\d+)?%|silent|x-soft|soft|medium|loud|x-loud|inherit)\s+$/i,'white-space':/^\s*(?:normal|pre|nowrap|pre-wrap|pre-line|inherit|-o-pre-wrap|-moz-pre-wrap|-pre-wrap)\s+$/i,'width':/^\s*(?:0|(?:\d+(?:\.\d+)?)(?:em|ex|px|in|cm|mm|pt|pc)|0|[+-]?\d+(?:\.\d+)?%|auto|inherit)\s+$/i,'word-spacing':c[18],'word-wrap':/^\s*(?:normal|break-word)\s+$/i,'z-index':/^\s*(?:auto|-?\d+|inherit)\s+$/i,'zoom':/^\s*(?:normal|0|(?:\d+(?:\.\d+)?)|0|[+-]?\d+(?:\.\d+)?%)\s+$/i}})(),'alternates':{'float':['cssFloat','styleFloat']},'HISTORY_INSENSITIVE_STYLE_WHITELIST':{'display':true,'filter':true,'float':true,'height':true,'left':true,'opacity':true,'overflow':true,'position':true,'right':true,'top':true,'visibility':true,'width':true,'padding-left':true,'padding-right':true,'padding-top':true,'padding-bottom':true}},html,html4;html4={},html4 .atype={'NONE':0,'URI':1,'URI_FRAGMENT':11,'SCRIPT':2,'STYLE':3,'ID':4,'IDREF':5,'IDREFS':6,'GLOBAL_NAME':7,'LOCAL_NAME':8,'CLASSES':9,'FRAME_TARGET':10},html4 .ATTRIBS={'*::class':9,'*::dir':0,'*::id':4,'*::lang':0,'*::onclick':2,'*::ondblclick':2,'*::onkeydown':2,'*::onkeypress':2,'*::onkeyup':2,'*::onload':2,'*::onmousedown':2,'*::onmousemove':2,'*::onmouseout':2,'*::onmouseover':2,'*::onmouseup':2,'*::style':3,'*::title':0,'a::accesskey':0,'a::coords':0,'a::href':1,'a::hreflang':0,'a::name':7,'a::onblur':2,'a::onfocus':2,'a::rel':0,'a::rev':0,'a::shape':0,'a::tabindex':0,'a::target':10,'a::type':0,'area::accesskey':0,'area::alt':0,'area::coords':0,'area::href':1,'area::nohref':0,'area::onblur':2,'area::onfocus':2,'area::shape':0,'area::tabindex':0,'area::target':10,'bdo::dir':0,'blockquote::cite':1,'br::clear':0,'button::accesskey':0,'button::disabled':0,'button::name':8,'button::onblur':2,'button::onfocus':2,'button::tabindex':0,'button::type':0,'button::value':0,'caption::align':0,'col::align':0,'col::char':0,'col::charoff':0,'col::span':0,'col::valign':0,'col::width':0,'colgroup::align':0,'colgroup::char':0,'colgroup::charoff':0,'colgroup::span':0,'colgroup::valign':0,'colgroup::width':0,'del::cite':1,'del::datetime':0,'dir::compact':0,'div::align':0,'dl::compact':0,'font::color':0,'font::face':0,'font::size':0,'form::accept':0,'form::action':1,'form::enctype':0,'form::method':0,'form::name':7,'form::onreset':2,'form::onsubmit':2,'form::target':10,'h1::align':0,'h2::align':0,'h3::align':0,'h4::align':0,'h5::align':0,'h6::align':0,'hr::align':0,'hr::noshade':0,'hr::size':0,'hr::width':0,'iframe::align':0,'iframe::frameborder':0,'iframe::height':0,'iframe::longdesc':1,'iframe::marginheight':0,'iframe::marginwidth':0,'iframe::width':0,'img::align':0,'img::alt':0,'img::border':0,'img::height':0,'img::hspace':0,'img::ismap':0,'img::longdesc':1,'img::name':7,'img::src':1,'img::usemap':11,'img::vspace':0,'img::width':0,'input::accept':0,'input::accesskey':0,'input::align':0,'input::alt':0,'input::checked':0,'input::disabled':0,'input::ismap':0,'input::maxlength':0,'input::name':8,'input::onblur':2,'input::onchange':2,'input::onfocus':2,'input::onselect':2,'input::readonly':0,'input::size':0,'input::src':1,'input::tabindex':0,'input::type':0,'input::usemap':11,'input::value':0,'ins::cite':1,'ins::datetime':0,'label::accesskey':0,'label::for':5,'label::onblur':2,'label::onfocus':2,'legend::accesskey':0,'legend::align':0,'li::type':0,'li::value':0,'map::name':7,'menu::compact':0,'ol::compact':0,'ol::start':0,'ol::type':0,'optgroup::disabled':0,'optgroup::label':0,'option::disabled':0,'option::label':0,'option::selected':0,'option::value':0,'p::align':0,'pre::width':0,'q::cite':1,'select::disabled':0,'select::multiple':0,'select::name':8,'select::onblur':2,'select::onchange':2,'select::onfocus':2,'select::size':0,'select::tabindex':0,'table::align':0,'table::bgcolor':0,'table::border':0,'table::cellpadding':0,'table::cellspacing':0,'table::frame':0,'table::rules':0,'table::summary':0,'table::width':0,'tbody::align':0,'tbody::char':0,'tbody::charoff':0,'tbody::valign':0,'td::abbr':0,'td::align':0,'td::axis':0,'td::bgcolor':0,'td::char':0,'td::charoff':0,'td::colspan':0,'td::headers':6,'td::height':0,'td::nowrap':0,'td::rowspan':0,'td::scope':0,'td::valign':0,'td::width':0,'textarea::accesskey':0,'textarea::cols':0,'textarea::disabled':0,'textarea::name':8,'textarea::onblur':2,'textarea::onchange':2,'textarea::onfocus':2,'textarea::onselect':2,'textarea::readonly':0,'textarea::rows':0,'textarea::tabindex':0,'tfoot::align':0,'tfoot::char':0,'tfoot::charoff':0,'tfoot::valign':0,'th::abbr':0,'th::align':0,'th::axis':0,'th::bgcolor':0,'th::char':0,'th::charoff':0,'th::colspan':0,'th::headers':6,'th::height':0,'th::nowrap':0,'th::rowspan':0,'th::scope':0,'th::valign':0,'th::width':0,'thead::align':0,'thead::char':0,'thead::charoff':0,'thead::valign':0,'tr::align':0,'tr::bgcolor':0,'tr::char':0,'tr::charoff':0,'tr::valign':0,'ul::compact':0,'ul::type':0},html4 .eflags={'OPTIONAL_ENDTAG':1,'EMPTY':2,'CDATA':4,'RCDATA':8,'UNSAFE':16,'FOLDABLE':32,'SCRIPT':64,'STYLE':128},html4 .ELEMENTS={'a':0,'abbr':0,'acronym':0,'address':0,'applet':16,'area':2,'b':0,'base':18,'basefont':18,'bdo':0,'big':0,'blockquote':0,'body':49,'br':2,'button':0,'caption':0,'center':0,'cite':0,'code':0,'col':2,'colgroup':1,'dd':1,'del':0,'dfn':0,'dir':0,'div':0,'dl':0,'dt':1,'em':0,'fieldset':0,'font':0,'form':0,'frame':18,'frameset':16,'h1':0,'h2':0,'h3':0,'h4':0,'h5':0,'h6':0,'head':49,'hr':2,'html':49,'i':0,'iframe':4,'img':2,'input':2,'ins':0,'isindex':18,'kbd':0,'label':0,'legend':0,'li':1,'link':18,'map':0,'menu':0,'meta':18,'noframes':20,'noscript':20,'object':16,'ol':0,'optgroup':0,'option':1,'p':1,'param':18,'pre':0,'q':0,'s':0,'samp':0,'script':84,'select':0,'small':0,'span':0,'strike':0,'strong':0,'style':148,'sub':0,'sup':0,'table':0,'tbody':1,'td':1,'textarea':8,'tfoot':1,'th':1,'thead':1,'title':24,'tr':1,'tt':0,'u':0,'ul':0,'var':0},html=(function(){var ENTITIES,INSIDE_TAG_TOKEN,OUTSIDE_TAG_TOKEN,ampRe,decimalEscapeRe,entityRe,eqRe,gtRe,hexEscapeRe,lcase,looseAmpRe,ltRe,nulRe,quotRe;'script'==='SCRIPT'.toLowerCase()?(lcase=function(s){return s.toLowerCase()}):(lcase=function(s){return s.replace(/[A-Z]/g,function(ch){return String.fromCharCode(ch.charCodeAt(0)|32)})}),ENTITIES={'lt':'<','gt':'>','amp':'&','nbsp':'\xa0','quot':'\"','apos':'\''},decimalEscapeRe=/^#(\d+)$/,hexEscapeRe=/^#x([0-9A-Fa-f]+)$/;function lookupEntity(name){var m;return name=lcase(name),ENTITIES.hasOwnProperty(name)?ENTITIES[name]:(m=name.match(decimalEscapeRe),m?String.fromCharCode(parseInt(m[1],10)):(m=name.match(hexEscapeRe))?String.fromCharCode(parseInt(m[1],16)):'')}function decodeOneEntity(_,name){return lookupEntity(name)}nulRe=/\0/g;function stripNULs(s){return s.replace(nulRe,'')}entityRe=/&(#\d+|#x[0-9A-Fa-f]+|\w+);/g;function unescapeEntities(s){return s.replace(entityRe,decodeOneEntity)}ampRe=/&/g,looseAmpRe=/&([^a-z#]|#(?:[^0-9x]|x(?:[^0-9a-f]|$)|$)|$)/gi,ltRe=//g,quotRe=/\"/g,eqRe=/\=/g;function escapeAttrib(s){return s.replace(ampRe,'&').replace(ltRe,'<').replace(gtRe,'>').replace(quotRe,'"').replace(eqRe,'=')}function normalizeRCData(rcdata){return rcdata.replace(looseAmpRe,'&$1').replace(ltRe,'<').replace(gtRe,'>')}INSIDE_TAG_TOKEN=new RegExp('^\\s*(?:'+('(?:'+'([a-z][a-z-]*)'+('('+'\\s*=\\s*'+('('+'\"[^\"]*\"'+'|\'[^\']*\''+'|(?=[a-z][a-z-]*\\s*=)'+'|[^>\"\'\\s]*'+')')+')')+'?'+')')+'|(/?>)'+'|.[^\\w\\s>]*)','i'),OUTSIDE_TAG_TOKEN=new RegExp('^(?:'+'&(\\#[0-9]+|\\#[x][0-9a-f]+|\\w+);'+'||]*>|<\\?[^>*]*>'+'|<(/)?([a-z][a-z0-9]*)'+'|([^<&>]+)'+'|([<&>]))','i');function makeSaxParser(handler){return function parse(htmlText,param){var attribName,attribs,dataEnd,decodedValue,eflags,encodedValue,htmlLower,inTag,m,openTag,tagName;htmlText=String(htmlText),htmlLower=null,inTag=false,attribs=[],tagName=void 0,eflags=void 0,openTag=void 0,handler.startDoc&&handler.startDoc(param);while(htmlText){m=htmlText.match(inTag?INSIDE_TAG_TOKEN:OUTSIDE_TAG_TOKEN),htmlText=htmlText.substring(m[0].length);if(inTag){if(m[1]){attribName=lcase(m[1]);if(m[2]){encodedValue=m[3];switch(encodedValue.charCodeAt(0)){case 34:case 39:encodedValue=encodedValue.substring(1,encodedValue.length-1)}decodedValue=unescapeEntities(stripNULs(encodedValue))}else decodedValue=attribName;attribs.push(attribName,decodedValue)}else if(m[4])eflags!==void 0&&(openTag?handler.startTag&&handler.startTag(tagName,attribs,param):handler.endTag&&handler.endTag(tagName,param)),openTag&&eflags&(html4 .eflags.CDATA|html4 .eflags.RCDATA)&&(htmlLower===null?(htmlLower=lcase(htmlText)):(htmlLower=htmlLower.substring(htmlLower.length-htmlText.length)),dataEnd=htmlLower.indexOf('':handler.pcdata('>',param);break;default:handler.pcdata('&',param)}}}handler.endDoc&&handler.endDoc(param)}}return{'normalizeRCData':normalizeRCData,'escapeAttrib':escapeAttrib,'unescapeEntities':unescapeEntities,'makeSaxParser':makeSaxParser}})(),html.makeHtmlSanitizer=function(sanitizeAttributes){var ignoring,stack;return html.makeSaxParser({'startDoc':function(_){stack=[],ignoring=false},'startTag':function(tagName,attribs,out){var attribName,eflags,i,n,value;if(ignoring)return;if(!html4 .ELEMENTS.hasOwnProperty(tagName))return;eflags=html4 .ELEMENTS[tagName];if(eflags&html4 .eflags.FOLDABLE)return;else if(eflags&html4 .eflags.UNSAFE)return ignoring=!(eflags&html4 .eflags.EMPTY),void 0;attribs=sanitizeAttributes(tagName,attribs);if(attribs){eflags&html4 .eflags.EMPTY||stack.push(tagName),out.push('<',tagName);for(i=0,n=attribs.length;i')}},'endTag':function(tagName,out){var eflags,i,index,stackEl;if(ignoring)return ignoring=false,void 0;if(!html4 .ELEMENTS.hasOwnProperty(tagName))return;eflags=html4 .ELEMENTS[tagName];if(!(eflags&(html4 .eflags.UNSAFE|html4 .eflags.EMPTY|html4 .eflags.FOLDABLE))){if(eflags&html4 .eflags.OPTIONAL_ENDTAG)for(index=stack.length;--index>=0;){stackEl=stack[index];if(stackEl===tagName)break;if(!(html4 .ELEMENTS[stackEl]&html4 .eflags.OPTIONAL_ENDTAG))return}else for(index=stack.length;--index>=0;)if(stack[index]===tagName)break;if(index<0)return;for(i=stack.length;--i>index;)stackEl=stack[i],html4 .ELEMENTS[stackEl]&html4 .eflags.OPTIONAL_ENDTAG||out.push('');stack.length=index,out.push('')}},'pcdata':function(text,out){ignoring||out.push(text)},'rcdata':function(text,out){ignoring||out.push(text)},'cdata':function(text,out){ignoring||out.push(text)},'endDoc':function(out){var i;for(i=stack.length;--i>=0;)out.push('');stack.length=0}})};function html_sanitize(htmlText,opt_urlPolicy,opt_nmTokenPolicy){var out=[];return html.makeHtmlSanitizer(function sanitizeAttribs(tagName,attribs){var attribKey,attribName,atype,i,value;for(i=0;i MAX_NIX_SEARCHES) { // Handshake failed. Will fall back. gadgets.warn('Nix transport setup failed, falling back...'); ready('..', false); return; } // If the gadget has yet to retrieve a reference to // the NIX handler, try to do so now. We don't do a // typeof(window.opener.GetAuthToken) check here // because it means accessing that field on the COM object, which, // being an internal function reference, is not allowed. // "in" works because it merely checks for the prescence of // the key, rather than actually accessing the object's property. // This is just a sanity check, not a validity check. if (!handler && window.opener && "GetAuthToken" in window.opener) { handler = window.opener; // Create the channel to the parent/container. // First verify that it knows our auth token to ensure it's not // an impostor. if (handler.GetAuthToken() == gadgets.rpc.getAuthToken('..')) { // Auth match - pass it back along with our wrapper to finish. // own wrapper and our authentication token for co-verification. var token = gadgets.rpc.getAuthToken('..'); handler.CreateChannel(window[NIX_GET_WRAPPER]('..', token), token); // Set channel handler nix_channels['..'] = handler; window.opener = null; // Signal success and readiness to send to parent. // Container-to-gadget bit flipped in CreateChannel. ready('..', true); return; } } // Try again. window.setTimeout(function() { conductHandlerSearch(); }, NIX_SEARCH_PERIOD); } return { getCode: function() { return 'nix'; }, isParentVerifiable: function() { return false; }, init: function(processFn, readyFn) { ready = readyFn; // Ensure VBScript wrapper code is in the page and that the // global Javascript handlers have been set. // VBScript methods return a type of 'unknown' when // checked via the typeof operator in IE. Fortunately // for us, this only applies to COM objects, so we // won't see this for a real Javascript object. if (typeof window[NIX_GET_WRAPPER] !== 'unknown') { window[NIX_HANDLE_MESSAGE] = function(data) { window.setTimeout( function() { processFn(gadgets.json.parse(data)) }, 0); }; window[NIX_CREATE_CHANNEL] = function(name, channel, token) { // Verify the authentication token of the gadget trying // to create a channel for us. if (gadgets.rpc.getAuthToken(name) === token) { nix_channels[name] = channel; ready(name, true); } }; // Inject the VBScript code needed. var vbscript = // We create a class to act as a wrapper for // a Javascript call, to prevent a break in of // the context. 'Class ' + NIX_WRAPPER + '\n ' // An internal member for keeping track of the // name of the document (container or gadget) // for which this wrapper is intended. For // those wrappers created by gadgets, this is not // used (although it is set to "..") + 'Private m_Intended\n' // Stores the auth token used to communicate with // the gadget. The GetChannelCreator method returns // an object that returns this auth token. Upon matching // that with its own, the gadget uses the object // to actually establish the communication channel. + 'Private m_Auth\n' // Method for internally setting the value // of the m_Intended property. + 'Public Sub SetIntendedName(name)\n ' + 'If isEmpty(m_Intended) Then\n' + 'm_Intended = name\n' + 'End If\n' + 'End Sub\n' // Method for internally setting the value of the m_Auth property. + 'Public Sub SetAuth(auth)\n ' + 'If isEmpty(m_Auth) Then\n' + 'm_Auth = auth\n' + 'End If\n' + 'End Sub\n' // A wrapper method which actually causes a // message to be sent to the other context. + 'Public Sub SendMessage(data)\n ' + NIX_HANDLE_MESSAGE + '(data)\n' + 'End Sub\n' // Returns the auth token to the gadget, so it can // confirm a match before initiating the connection + 'Public Function GetAuthToken()\n ' + 'GetAuthToken = m_Auth\n' + 'End Function\n' // Method for setting up the container->gadget // channel. Not strictly needed in the gadget's // wrapper, but no reason to get rid of it. Note here // that we pass the intended name to the NIX_CREATE_CHANNEL // method so that it can save the channel in the proper place // *and* verify the channel via the authentication token passed // here. + 'Public Sub CreateChannel(channel, auth)\n ' + 'Call ' + NIX_CREATE_CHANNEL + '(m_Intended, channel, auth)\n' + 'End Sub\n' + 'End Class\n' // Function to get a reference to the wrapper. + 'Function ' + NIX_GET_WRAPPER + '(name, auth)\n' + 'Dim wrap\n' + 'Set wrap = New ' + NIX_WRAPPER + '\n' + 'wrap.SetIntendedName name\n' + 'wrap.SetAuth auth\n' + 'Set ' + NIX_GET_WRAPPER + ' = wrap\n' + 'End Function'; try { window.execScript(vbscript, 'vbscript'); } catch (e) { return false; } } return true; }, setup: function(receiverId, token) { if (receiverId === '..') { conductHandlerSearch(); return true; } try { var frame = document.getElementById(receiverId); var wrapper = window[NIX_GET_WRAPPER](receiverId, token); frame.contentWindow.opener = wrapper; } catch (e) { return false; } return true; }, call: function(targetId, from, rpc) { try { // If we have a handler, call it. if (nix_channels[targetId]) { nix_channels[targetId].SendMessage(gadgets.json.stringify(rpc)); } } catch (e) { return false; } return true; } }; }(); } // !end of double-inclusion guard ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. */ var gadgets = gadgets || {}; gadgets.rpctx = gadgets.rpctx || {}; /* * For older WebKit-based browsers, the security model does not allow for any * known "native" hacks for conducting cross browser communication. However, * a variation of the IFPC (see below) can be used, entitled "RMR". RMR is * a technique that uses the resize event of the iframe to indicate that a * message was sent (instead of the much slower/performance heavy polling * technique used when a defined relay page is not avaliable). Simply put, * RMR uses the same "pass the message by the URL hash" trick that IFPC * uses to send a message, but instead of having an active relay page that * runs a piece of code when it is loaded, RMR merely changes the URL * of the relay page (which does not even have to exist on the domain) * and then notifies the other party by resizing the relay iframe. RMR * exploits the fact that iframes in the dom of page A can be resized * by page A while the onresize event will be fired in the DOM of page B, * thus providing a single bit channel indicating "message sent to you". * This method has the added benefit that the relay need not be active, * nor even exist: a 404 suffices just as well. * * rmr: WebKit-specific resizing trick. * - Safari 2+ * - Chrome 1 */ if (!gadgets.rpctx.rmr) { // make lib resilient to double-inclusion gadgets.rpctx.rmr = function() { // Consts for RMR, including time in ms RMR uses to poll for // its relay frame to be created, and the max # of polls it does. var RMR_SEARCH_TIMEOUT = 500; var RMR_MAX_POLLS = 10; // JavaScript references to the channel objects used by RMR. // Gadgets will have but a single channel under // rmr_channels['..'] while containers will have a channel // per gadget stored under the gadget's ID. var rmr_channels = {}; var process; var ready; /** * Append an RMR relay frame to the document. This allows the receiver * to start receiving messages. * * @param {object} channelFrame Relay frame to add to the DOM body. * @param {string} relayUri Base URI for the frame. * @param {string} Data to pass along to the frame. * @param {string} opt_frameId ID of frame for which relay is being appended. */ function appendRmrFrame(channelFrame, relayUri, data, opt_frameId) { var appendFn = function() { // Append the iframe. document.body.appendChild(channelFrame); // Set the src of the iframe to 'about:blank' first and then set it // to the relay URI. This prevents the iframe from maintaining a src // to the 'old' relay URI if the page is returned to from another. // In other words, this fixes the bfcache issue that causes the iframe's // src property to not be updated despite us assigning it a new value here. channelFrame.src = 'about:blank'; if (opt_frameId) { // Process the initial sent payload (typically sent by container to // child/gadget) only when the relay frame has finished loading. We // do this to ensure that, in processRmrData(...), the ACK sent due // to processing can actually be sent. Before this time, the frame's // contentWindow is null, making it impossible to do so. channelFrame.onload = function() { processRmrData(opt_frameId); } } channelFrame.src = relayUri + '#' + data; } if (document.body) { appendFn(); } else { // Common gadget case: attaching header during in-gadget handshake, // when we may still be in script in head. Attach onload. gadgets.util.registerOnLoadHandler(function() { appendFn(); }); } } /** * Sets up the RMR transport frame for the given frameId. For gadgets * calling containers, the frameId should be '..'. * * @param {string} frameId The ID of the frame. */ function setupRmr(frameId) { if (typeof rmr_channels[frameId] === "object") { // Sanity check. Already done. return; } var channelFrame = document.createElement('iframe'); var frameStyle = channelFrame.style; frameStyle.position = 'absolute'; frameStyle.top = '0px'; frameStyle.border = '0'; frameStyle.opacity = '0'; // The width here is important as RMR // makes use of the resize handler for the frame. // Do not modify unless you test thoroughly! frameStyle.width = '10px' frameStyle.height = '1px'; channelFrame.id = 'rmrtransport-' + frameId; channelFrame.name = channelFrame.id; // Use the explicitly set relay, if one exists. Otherwise, // Construct one using the parent parameter plus robots.txt // as a synthetic relay. This works since browsers using RMR // treat 404s as legitimate for the purposes of cross domain // communication. var relayUri = gadgets.rpc.getRelayUrl(frameId); if (!relayUri) { relayUri = gadgets.rpc.getOrigin(gadgets.util.getUrlParameters()["parent"]) + '/robots.txt'; } rmr_channels[frameId] = { frame: channelFrame, receiveWindow: null, relayUri: relayUri, searchCounter : 0, width: 10, // Waiting means "waiting for acknowledgement to be received." // Acknowledgement always comes as a special ACK // message having been received. This message is received // during handshake in different ways by the container and // gadget, and by normal RMR message passing once the handshake // is complete. waiting: true, queue: [], // Number of non-ACK messages that have been sent to the recipient // and have been acknowledged. sendId: 0, // Number of messages received and processed from the sender. // This is the number that accompanies every ACK to tell the // sender to clear its queue. recvId: 0 }; if (frameId !== '..') { // Container always appends a relay to the gadget, before // the gadget appends its own relay back to container. The // gadget, in the meantime, refuses to attach the container // relay until it finds this one. Thus, the container knows // for certain that gadget to container communication is set // up by the time it finds its own relay. In addition to // establishing a reliable handshake protocol, this also // makes it possible for the gadget to send an initial batch // of messages to the container ASAP. appendRmrFrame(channelFrame, relayUri, getRmrData(frameId)); } // Start searching for our own frame on the other page. conductRmrSearch(frameId); } /** * Searches for a relay frame, created by the sender referenced by * frameId, with which this context receives messages. Once * found with proper permissions, attaches a resize handler which * signals messages to be sent. * * @param {string} frameId Frame ID of the prospective sender. */ function conductRmrSearch(frameId) { var channelWindow = null; // Increment the search counter. rmr_channels[frameId].searchCounter++; try { var targetWin = gadgets.rpc._getTargetWin(frameId); if (frameId === '..') { // We are a gadget. channelWindow = targetWin.frames['rmrtransport-' + gadgets.rpc.RPC_ID]; } else { // We are a container. channelWindow = targetWin.frames['rmrtransport-..']; } } catch (e) { // Just in case; may happen when relay is set to about:blank or unset. // Catching exceptions here ensures that the timeout to continue the // search below continues to work. } var status = false; if (channelWindow) { // We have a valid reference to "our" RMR transport frame. // Register the proper event handlers. status = registerRmrChannel(frameId, channelWindow); } if (!status) { // Not found yet. Continue searching, but only if the counter // has not reached the threshold. if (rmr_channels[frameId].searchCounter > RMR_MAX_POLLS) { // If we reach this point, then RMR has failed and we // fall back to IFPC. return; } window.setTimeout(function() { conductRmrSearch(frameId); }, RMR_SEARCH_TIMEOUT); } } /** * Attempts to conduct an RPC call to the specified * target with the specified data via the RMR * method. If this method fails, the system attempts again * using the known default of IFPC. * * @param {String} targetId Module Id of the RPC service provider. * @param {String} serviceName Name of the service to call. * @param {String} from Module Id of the calling provider. * @param {Object} rpc The RPC data for this call. */ function callRmr(targetId, serviceName, from, rpc) { var handler = null; if (from !== '..') { // Call from gadget to the container. handler = rmr_channels['..']; } else { // Call from container to the gadget. handler = rmr_channels[targetId]; } if (handler) { // Queue the current message if not ACK. // ACK is always sent through getRmrData(...). if (serviceName !== gadgets.rpc.ACK) { handler.queue.push(rpc); } if (handler.waiting || (handler.queue.length === 0 && !(serviceName === gadgets.rpc.ACK && rpc && rpc.ackAlone === true))) { // If we are awaiting a response from any previously-sent messages, // or if we don't have anything new to send, just return. // Note that we don't short-return if we're ACKing just-received // messages. return true; } if (handler.queue.length > 0) { handler.waiting = true; } var url = handler.relayUri + "#" + getRmrData(targetId); try { // Update the URL with the message. handler.frame.contentWindow.location = url; // Resize the frame. var newWidth = handler.width == 10 ? 20 : 10; handler.frame.style.width = newWidth + 'px'; handler.width = newWidth; // Done! } catch (e) { // Something about location-setting or resizing failed. // This should never happen, but if it does, fall back to // the default transport. return false; } } return true; } /** * Returns as a string the data to be appended to an RMR relay frame, * constructed from the current request queue plus an ACK message indicating * the currently latest-processed message ID. * * @param {string} toFrameId Frame whose sendable queued data to retrieve. */ function getRmrData(toFrameId) { var channel = rmr_channels[toFrameId]; var rmrData = {id: channel.sendId}; if (channel) { rmrData.d = Array.prototype.slice.call(channel.queue, 0); rmrData.d.push({s:gadgets.rpc.ACK, id:channel.recvId}); } return gadgets.json.stringify(rmrData); } /** * Retrieve data from the channel keyed by the given frameId, * processing it as a batch. All processed data is assumed to have been * generated by getRmrData(...), pairing that method with this. * * @param {string} fromFrameId Frame from which data is being retrieved. */ function processRmrData(fromFrameId) { var channel = rmr_channels[fromFrameId]; var data = channel.receiveWindow.location.hash.substring(1); // Decode the RPC object array. var rpcObj = gadgets.json.parse(decodeURIComponent(data)) || {}; var rpcArray = rpcObj.d || []; var nonAckReceived = false; var noLongerWaiting = false; var numBypassed = 0; var numToBypass = (channel.recvId - rpcObj.id); for (var i = 0; i < rpcArray.length; ++i) { var rpc = rpcArray[i]; // If we receive an ACK message, then mark the current // handler as no longer waiting and send out the next // queued message. if (rpc.s === gadgets.rpc.ACK) { // ACK received - whether this came from a handshake or // an active call, in either case it indicates readiness to // send messages to the from frame. ready(fromFrameId, true); if (channel.waiting) { noLongerWaiting = true; } channel.waiting = false; var newlyAcked = Math.max(0, rpc.id - channel.sendId); channel.queue.splice(0, newlyAcked); channel.sendId = Math.max(channel.sendId, rpc.id || 0); continue; } // If we get here, we've received > 0 non-ACK messages to // process. Indicate this bit for later. nonAckReceived = true; // Bypass any messages already received. if (++numBypassed <= numToBypass) { continue; } ++channel.recvId; process(rpc); // actually dispatch the message } // Send an ACK indicating that we got/processed the message(s). // Do so if we've received a message to process or if we were waiting // before but a received ACK has cleared our waiting bit, and we have // more messages to send. Performing this operation causes additional // messages to be sent. if (nonAckReceived || (noLongerWaiting && channel.queue.length > 0)) { var from = (fromFrameId === '..') ? gadgets.rpc.RPC_ID : '..'; callRmr(fromFrameId, gadgets.rpc.ACK, from, {ackAlone: nonAckReceived}); } } /** * Registers the RMR channel handler for the given frameId and associated * channel window. * * @param {string} frameId The ID of the frame for which this channel is being * registered. * @param {Object} channelWindow The window of the receive frame for this * channel, if any. * * @return {boolean} True if the frame was setup successfully, false * otherwise. */ function registerRmrChannel(frameId, channelWindow) { var channel = rmr_channels[frameId]; // Verify that the channel is ready for receiving. try { var canAccess = false; // Check to see if the document is in the window. For Chrome, this // will return 'false' if the channelWindow is inaccessible by this // piece of JavaScript code, meaning that the URL of the channelWindow's // parent iframe has not yet changed from 'about:blank'. We do this // check this way because any true *access* on the channelWindow object // will raise a security exception, which, despite the try-catch, still // gets reported to the debugger (it does not break execution, the try // handles that problem, but it is still reported, which is bad form). // This check always succeeds in Safari 3.1 regardless of the state of // the window. canAccess = 'document' in channelWindow; if (!canAccess) { return false; } // Check to see if the document is an object. For Safari 3.1, this will // return undefined if the page is still inaccessible. Unfortunately, this // *will* raise a security issue in the debugger. // TODO Find a way around this problem. canAccess = typeof channelWindow['document'] == 'object'; if (!canAccess) { return false; } // Once we get here, we know we can access the document (and anything else) // on the window object. Therefore, we check to see if the location is // still about:blank (this takes care of the Safari 3.2 case). var loc = channelWindow.location.href; // Check if this is about:blank for Safari. if (loc === 'about:blank') { return false; } } catch (ex) { // For some reason, the iframe still points to about:blank. We try // again in a bit. return false; } // Save a reference to the receive window. channel.receiveWindow = channelWindow; // Register the onresize handler. function onresize() { processRmrData(frameId); }; if (typeof channelWindow.attachEvent === "undefined") { channelWindow.onresize = onresize; } else { channelWindow.attachEvent("onresize", onresize); } if (frameId === '..') { // Gadget to container. Signal to the container that the gadget // is ready to receive messages by attaching the g -> c relay. // As a nice optimization, pass along any gadget to container // queued messages that have backed up since then. ACK is enqueued in // getRmrData to ensure that the container's waiting flag is set to false // (this happens in the below code run on the container side). appendRmrFrame(channel.frame, channel.relayUri, getRmrData(frameId), frameId); } else { // Process messages that the gadget sent in its initial relay payload. // We can do this immediately because the container has already appended // and loaded a relay frame that can be used to ACK the messages the gadget // sent. In the preceding if-block, however, the processRmrData(...) call // must wait. That's because appendRmrFrame may not actually append the // frame - in the context of a gadget, this code may be running in the // head element, so it cannot be appended to body. As a result, the // gadget cannot ACK the container for messages it received. processRmrData(frameId); } return true; } return { getCode: function() { return 'rmr'; }, isParentVerifiable: function() { return true; }, init: function(processFn, readyFn) { // No global setup. process = processFn; ready = readyFn; return true; }, setup: function(receiverId, token) { try { setupRmr(receiverId); } catch (e) { gadgets.warn('Caught exception setting up RMR: ' + e); return false; } return true; }, call: function(targetId, from, rpc) { return callRmr(targetId, rpc.s, from, rpc); } }; }(); } // !end of double-inclusion guard ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. */ var gadgets = gadgets || {}; gadgets.rpctx = gadgets.rpctx || {}; /* * For all others, we have a fallback mechanism known as "ifpc". IFPC * exploits the fact that while same-origin policy prohibits a frame from * accessing members on a window not in the same domain, that frame can, * however, navigate the window heirarchy (via parent). This is exploited by * having a page on domain A that wants to talk to domain B create an iframe * on domain B pointing to a special relay file and with a message encoded * after the hash (#). This relay, in turn, finds the page on domain B, and * can call a receipt function with the message given to it. The relay URL * used by each caller is set via the gadgets.rpc.setRelayUrl(..) and * *must* be called before the call method is used. * * ifpc: Iframe-based method, utilizing a relay page, to send a message. * - No known major browsers still use this method, but it remains * useful as a catch-all fallback for the time being. */ if (!gadgets.rpctx.ifpc) { // make lib resilient to double-inclusion gadgets.rpctx.ifpc = function() { var iframePool = []; var callId = 0; var ready; /** * Encodes arguments for the legacy IFPC wire format. * * @param {Object} args * @return {String} the encoded args */ function encodeLegacyData(args) { var argsEscaped = []; for(var i = 0, j = args.length; i < j; ++i) { argsEscaped.push(encodeURIComponent(gadgets.json.stringify(args[i]))); } return argsEscaped.join('&'); } /** * Helper function to emit an invisible IFrame. * @param {String} src SRC attribute of the IFrame to emit. * @private */ function emitInvisibleIframe(src) { var iframe; // Recycle IFrames for (var i = iframePool.length - 1; i >=0; --i) { var ifr = iframePool[i]; try { if (ifr && (ifr.recyclable || ifr.readyState === 'complete')) { ifr.parentNode.removeChild(ifr); if (window.ActiveXObject) { // For MSIE, delete any iframes that are no longer being used. MSIE // cannot reuse the IFRAME because a navigational click sound will // be triggered when we set the SRC attribute. // Other browsers scan the pool for a free iframe to reuse. iframePool[i] = ifr = null; iframePool.splice(i, 1); } else { ifr.recyclable = false; iframe = ifr; break; } } } catch (e) { // Ignore; IE7 throws an exception when trying to read readyState and // readyState isn't set. } } // Create IFrame if necessary if (!iframe) { iframe = document.createElement('iframe'); iframe.style.border = iframe.style.width = iframe.style.height = '0px'; iframe.style.visibility = 'hidden'; iframe.style.position = 'absolute'; iframe.onload = function() { this.recyclable = true; }; iframePool.push(iframe); } iframe.src = src; window.setTimeout(function() { document.body.appendChild(iframe); }, 0); } return { getCode: function() { return 'ifpc'; }, isParentVerifiable: function() { return true; }, init: function(processFn, readyFn) { // No global setup. ready = readyFn; ready('..', true); // Ready immediately. return true; }, setup: function(receiverId, token) { // Indicate readiness to send to receiver. ready(receiverId, true); return true; }, call: function(targetId, from, rpc) { // Retrieve the relay file used by IFPC. Note that // this must be set before the call, and so we conduct // an extra check to ensure it is not blank. var relay = gadgets.rpc.getRelayUrl(targetId); ++callId; if (!relay) { gadgets.warn('No relay file assigned for IFPC'); return; } // The RPC mechanism supports two formats for IFPC (legacy and current). var src = null; if (rpc.l) { // Use legacy protocol. // Format: #iframe_id&callId&num_packets&packet_num&block_of_data var callArgs = rpc.a; src = [relay, '#', encodeLegacyData([from, callId, 1, 0, encodeLegacyData([from, rpc.s, '', '', from].concat( callArgs))])].join(''); } else { // Format: #targetId & sourceId@callId & packetNum & packetId & packetData src = [relay, '#', targetId, '&', from, '@', callId, '&1&0&', encodeURIComponent(gadgets.json.stringify(rpc))].join(''); } // Conduct the IFPC call by creating the Iframe with // the relay URL and appended message. emitInvisibleIframe(src); return true; } }; }(); } // !end of double inclusion guard ; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. */ /** * @fileoverview Remote procedure call library for gadget-to-container, * container-to-gadget, and gadget-to-gadget (thru container) communication. */ var gadgets = gadgets || {}; /** * gadgets.rpc Transports * * All transports are stored in object gadgets.rpctx, and are provided * to the core gadgets.rpc library by various build rules. * * Transports used by core gadgets.rpc code to actually pass messages. * each transport implements the same interface exposing hooks that * the core library calls at strategic points to set up and use * the transport. * * The methods each transport must implement are: * + getCode(): returns a string identifying the transport. For debugging. * + isParentVerifiable(): indicates (via boolean) whether the method * has the property that its relay URL verifies for certain the * receiver's protocol://host:port. * + init(processFn, readyFn): Performs any global initialization needed. Called * before any other gadgets.rpc methods are invoked. processFn is * the function in gadgets.rpc used to process an rpc packet. readyFn is * a function that must be called when the transport is ready to send * and receive messages bidirectionally. Returns * true if successful, false otherwise. * + setup(receiverId, token): Performs per-receiver initialization, if any. * receiverId will be '..' for gadget-to-container. Returns true if * successful, false otherwise. * + call(targetId, from, rpc): Invoked to send an actual * message to the given targetId, with the given serviceName, from * the sender identified by 'from'. Payload is an rpc packet. Returns * true if successful, false otherwise. */ /** * @static * @class Provides operations for making rpc calls. * @name gadgets.rpc */ if (!gadgets.rpc) { // make lib resilient to double-inclusion gadgets.rpc = function() { // General constants. var CALLBACK_NAME = '__cb'; var DEFAULT_NAME = ''; // Special service name for acknowledgements. var ACK = '__ack'; // Timeout and number of attempts made to setup a transport receiver. var SETUP_FRAME_TIMEOUT = 500; var SETUP_FRAME_MAX_TRIES = 10; var services = {}; var relayUrl = {}; var useLegacyProtocol = {}; var authToken = {}; var callId = 0; var callbacks = {}; var setup = {}; var sameDomain = {}; var params = {}; var receiverTx = {}; var earlyRpcQueue = {}; // isGadget =~ isChild for the purposes of rpc (used only in setup). var isChild = (window.top !== window.self); // Set the current rpc ID from window.name immediately, to prevent // shadowing of window.name by a "var name" declaration, or similar. var rpcId = window.name; // Fallback transport is simply a dummy impl that emits no errors // and logs info on calls it receives, to avoid undesired side-effects // from falling back to IFPC or some other transport. var fallbackTransport = (function() { function logFn(name) { return function() { gadgets.log("gadgets.rpc." + name + "(" + gadgets.json.stringify(Array.prototype.slice.call(arguments)) + "): call ignored. [caller: " + document.location + ", isChild: " + isChild + "]"); } } return { getCode: function() { return "noop"; }, isParentVerifiable: function() { return true; // Not really, but prevents transport assignment to IFPC. }, init: logFn("init"), setup: logFn("setup"), call: logFn("call") } })(); // Load the authentication token for speaking to the container // from the gadget's parameters, or default to '0' if not found. if (gadgets.util) { params = gadgets.util.getUrlParameters(); } // Indicates whether to support early-message queueing, which is designed // to ensure that all messages sent by gadgets.rpc.call, irrespective // when they were made (before/after setupReceiver, before/after transport // setup complete), are sent. Hiding behind a query param to allow opt-in // for a time while this technique is proven. var useEarlyQueueing = (params['rpc_earlyq'] === "1"); /* * Return a transport representing the best available cross-domain * message-passing mechanism available to the browser. * * Transports are selected on a cascading basis determined by browser * capability and other checks. The order of preference is: * 1. wpm: Uses window.postMessage standard. * 2. dpm: Uses document.postMessage, similar to wpm but pre-standard. * 3. nix: Uses IE-specific browser hacks. * 4. rmr: Signals message passing using relay file's onresize handler. * 5. fe: Uses FF2-specific window.frameElement hack. * 6. ifpc: Sends messages via active load of a relay file. * * See each transport's commentary/documentation for details. */ function getTransport() { return typeof window.postMessage === 'function' ? gadgets.rpctx.wpm : typeof window.postMessage === 'object' ? gadgets.rpctx.wpm : window.ActiveXObject ? gadgets.rpctx.nix : navigator.userAgent.indexOf('WebKit') > 0 ? gadgets.rpctx.rmr : navigator.product === 'Gecko' ? gadgets.rpctx.frameElement : gadgets.rpctx.ifpc; } /** * Function passed to, and called by, a transport indicating it's ready to * send and receive messages. */ function transportReady(receiverId, readySuccess) { var tx = transport; if (!readySuccess) { tx = fallbackTransport; } receiverTx[receiverId] = tx; // If there are any early-queued messages, send them now directly through // the needed transport. This queue will only have contents if // useEarlyQueueing === true (see call method). var earlyQueue = earlyRpcQueue[receiverId] || []; for (var i = 0; i < earlyQueue.length; ++i) { var rpc = earlyQueue[i]; // There was no auth/rpc token set before, so set it now. rpc.t = getAuthToken(receiverId); tx.call(receiverId, rpc.f, rpc); } // Clear the queue so it won't be sent again. earlyRpcQueue[receiverId] = []; } /** * Helper function to process an RPC request * @param {Object} rpc RPC request object * @private */ function process(rpc) { // // RPC object contents: // s: Service Name // f: From // c: The callback ID or 0 if none. // a: The arguments for this RPC call. // t: The authentication token. // if (rpc && typeof rpc.s === 'string' && typeof rpc.f === 'string' && rpc.a instanceof Array) { // Validate auth token. if (authToken[rpc.f]) { // We don't do type coercion here because all entries in the authToken // object are strings, as are all url params. See setupReceiver(...). if (authToken[rpc.f] !== rpc.t) { throw new Error("Invalid auth token. " + authToken[rpc.f] + " vs " + rpc.t); } } if (rpc.s === ACK) { // Acknowledgement API, used to indicate a receiver is ready. window.setTimeout(function() { transportReady(rpc.f, true); }, 0); return; } // If there is a callback for this service, attach a callback function // to the rpc context object for asynchronous rpc services. // // Synchronous rpc request handlers should simply ignore it and return a // value as usual. // Asynchronous rpc request handlers, on the other hand, should pass its // result to this callback function and not return a value on exit. // // For example, the following rpc handler passes the first parameter back // to its rpc client with a one-second delay. // // function asyncRpcHandler(param) { // var me = this; // setTimeout(function() { // me.callback(param); // }, 1000); // } if (rpc.c) { rpc.callback = function(result) { gadgets.rpc.call(rpc.f, CALLBACK_NAME, null, rpc.c, result); }; } // Call the requested RPC service. var result = (services[rpc.s] || services[DEFAULT_NAME]).apply(rpc, rpc.a); // If the rpc request handler returns a value, immediately pass it back // to the callback. Otherwise, do nothing, assuming that the rpc handler // will make an asynchronous call later. if (rpc.c && typeof result !== 'undefined') { gadgets.rpc.call(rpc.f, CALLBACK_NAME, null, rpc.c, result); } } } /** * Helper method returning a canonicalized protocol://host[:port] for * a given input URL, provided as a string. Used to compute convenient * relay URLs and to determine whether a call is coming from the same * domain as its receiver (bypassing the try/catch capability detection * flow, thereby obviating Firebug and other tools reporting an exception). * * @param {string} url Base URL to canonicalize. */ function getOrigin(url) { if (!url) { return ""; } url = url.toLowerCase(); if (url.indexOf("//") == 0) { url = window.location.protocol + url; } if (url.indexOf("://") == -1) { // Assumed to be schemaless. Default to current protocol. url = window.location.protocol + "//" + url; } // At this point we guarantee that "://" is in the URL and defines // current protocol. Skip past this to search for host:port. var host = url.substring(url.indexOf("://") + 3); // Find the first slash char, delimiting the host:port. var slashPos = host.indexOf("/"); if (slashPos != -1) { host = host.substring(0, slashPos); } var protocol = url.substring(0, url.indexOf("://")); // Use port only if it's not default for the protocol. var portStr = ""; var portPos = host.indexOf(":"); if (portPos != -1) { var port = host.substring(portPos + 1); host = host.substring(0, portPos); if ((protocol === "http" && port !== "80") || (protocol === "https" && port !== "443")) { portStr = ":" + port; } } // Return ://[] return protocol + "://" + host + portStr; } function getTargetWin(id) { if (typeof id === "undefined" || id === "..") { return window.parent; } // Cast to a String to avoid an index lookup. id = String(id); // Try window.frames first var target = window.frames[id]; if (target) { return target; } // Fall back to getElementById() target = document.getElementById(id); if (target && target.contentWindow) { return target.contentWindow; } return null; } // Pick the most efficient RPC relay mechanism. var transport = getTransport(); // Create the Default RPC handler. services[DEFAULT_NAME] = function() { gadgets.warn('Unknown RPC service: ' + this.s); }; // Create a Special RPC handler for callbacks. services[CALLBACK_NAME] = function(callbackId, result) { var callback = callbacks[callbackId]; if (callback) { delete callbacks[callbackId]; callback(result); } }; /** * Conducts any frame-specific work necessary to setup * the channel type chosen. This method is called when * the container page first registers the gadget in the * RPC mechanism. Gadgets, in turn, will complete the setup * of the channel once they send their first messages. */ function setupFrame(frameId, token) { if (setup[frameId] === true) { return; } if (typeof setup[frameId] === 'undefined') { setup[frameId] = 0; } var tgtFrame = document.getElementById(frameId); if (frameId === '..' || tgtFrame != null) { if (transport.setup(frameId, token) === true) { setup[frameId] = true; return; } } if (setup[frameId] !== true && setup[frameId]++ < SETUP_FRAME_MAX_TRIES) { // Try again in a bit, assuming that frame will soon exist. window.setTimeout(function() { setupFrame(frameId, token) }, SETUP_FRAME_TIMEOUT); } else { // Fail: fall back for this gadget. receiverTx[frameId] = fallbackTransport; setup[frameId] = true; } } /** * Attempts to make an rpc by calling the target's receive method directly. * This works when gadgets are rendered on the same domain as their container, * a potentially useful optimization for trusted content which keeps * RPC behind a consistent interface. * @param {String} target Module id of the rpc service provider * @param {String} from Module id of the caller (this) * @param {String} callbackId Id of the call * @param {String} rpcData JSON-encoded RPC payload * @return */ function callSameDomain(target, rpc) { if (typeof sameDomain[target] === 'undefined') { // Seed with a negative, typed value to avoid // hitting this code path repeatedly. sameDomain[target] = false; var targetRelay = gadgets.rpc.getRelayUrl(target); if (getOrigin(targetRelay) !== getOrigin(window.location.href)) { // Not worth trying -- avoid the error and just return. return false; } var targetEl = getTargetWin(target); try { // If this succeeds, then same-domain policy applied sameDomain[target] = targetEl.gadgets.rpc.receiveSameDomain; } catch (e) { // Shouldn't happen due to origin check. Caught to emit // more meaningful error to the caller. gadgets.error("Same domain call failed: parent= incorrectly set."); } } if (typeof sameDomain[target] === 'function') { // Call target's receive method sameDomain[target](rpc); return true; } return false; } function setRelayUrl(targetId, url, opt_useLegacy) { relayUrl[targetId] = url; useLegacyProtocol[targetId] = !!opt_useLegacy; } function getAuthToken(targetId) { return authToken[targetId]; } function setAuthToken(targetId, token) { token = token || ""; // Coerce token to a String, ensuring that all authToken values // are strings. This ensures correct comparison with URL params // in the process(rpc) method. authToken[targetId] = String(token); setupFrame(targetId, token); } function setupContainerGadgetContext(rpctoken) { /** * Initializes gadget to container RPC params from the provided configuration. */ function init(config) { var configRpc = config ? config.rpc : {}; var parentRelayUrl = configRpc.parentRelayUrl; // Allow for wild card parent relay files as long as it's from a // white listed domain. This is enforced by the rendering servlet. if (parentRelayUrl.substring(0, 7) !== 'http://' && parentRelayUrl.substring(0, 8) !== 'https://' && parentRelayUrl.substring(0, 2) !== '//') { // Relative path: we append to the parent. // We're relying on the server validating the parent parameter in this // case. Because of this, parent may only be passed in the query, not fragment. if (typeof params.parent === "string" && params.parent !== "") { // Otherwise, relayUrl['..'] will be null, signaling transport // code to ignore rpc calls since they cannot work without a // relay URL with host qualification. if (parentRelayUrl.substring(0, 1) !== '/') { // Path-relative. Trust that parent is passed in appropriately. var lastSlash = params.parent.lastIndexOf('/'); parentRelayUrl = params.parent.substring(0, lastSlash + 1) + parentRelayUrl; } else { // Host-relative. parentRelayUrl = getOrigin(params.parent) + parentRelayUrl; } } } var useLegacy = !!configRpc.useLegacyProtocol; setRelayUrl('..', parentRelayUrl, useLegacy); if (useLegacy) { transport = gadgets.rpctx.ifpc; transport.init(process, transportReady); } // Sets the auth token and signals transport to setup connection to container. setAuthToken('..', rpctoken); } var requiredConfig = { parentRelayUrl : gadgets.config.NonEmptyStringValidator }; gadgets.config.register("rpc", requiredConfig, init); } function setupContainerGenericIframe(rpctoken, opt_parent) { // Generic child IFRAME setting up connection w/ its container. // Use the opt_parent param if provided, or the "parent" query param // if found -- otherwise, do nothing since this call might be initiated // automatically at first, then actively later in IFRAME code. var parent = opt_parent || params.parent; if (parent) { setRelayUrl('..', parent); setAuthToken('..', rpctoken); } } function setupChildIframe(gadgetId, opt_frameurl, opt_authtoken) { if (!gadgets.util) { return; } var childIframe = document.getElementById(gadgetId); if (!childIframe) { throw new Error("Cannot set up gadgets.rpc receiver with ID: " + gadgetId + ", element not found."); } // The "relay URL" can either be explicitly specified or is set as // the child IFRAME URL verbatim. var relayUrl = opt_frameurl || childIframe.src; setRelayUrl(gadgetId, relayUrl); // The auth token is parsed from child params (rpctoken) or overridden. var childParams = gadgets.util.getUrlParameters(childIframe.src); var rpctoken = opt_authtoken || childParams.rpctoken; setAuthToken(gadgetId, rpctoken); } function setupReceiver(targetId, opt_receiverurl, opt_authtoken) { if (targetId === '..') { // Gadget/IFRAME to container. var rpctoken = opt_authtoken || params.rpctoken || params.ifpctok || ""; if (gadgets.config) { setupContainerGadgetContext(rpctoken); } else { setupContainerGenericIframe(rpctoken, opt_receiverurl); } } else { // Container to child. setupChildIframe(targetId, opt_receiverurl, opt_authtoken); } } return /** @scope gadgets.rpc */ { /** * Registers an RPC service. * @param {String} serviceName Service name to register. * @param {Function} handler Service handler. * * @member gadgets.rpc */ register: function(serviceName, handler) { if (serviceName === CALLBACK_NAME || serviceName === ACK) { throw new Error("Cannot overwrite callback/ack service"); } if (serviceName === DEFAULT_NAME) { throw new Error("Cannot overwrite default service:" + " use registerDefault"); } services[serviceName] = handler; }, /** * Unregisters an RPC service. * @param {String} serviceName Service name to unregister. * * @member gadgets.rpc */ unregister: function(serviceName) { if (serviceName === CALLBACK_NAME || serviceName === ACK) { throw new Error("Cannot delete callback/ack service"); } if (serviceName === DEFAULT_NAME) { throw new Error("Cannot delete default service:" + " use unregisterDefault"); } delete services[serviceName]; }, /** * Registers a default service handler to processes all unknown * RPC calls which raise an exception by default. * @param {Function} handler Service handler. * * @member gadgets.rpc */ registerDefault: function(handler) { services[DEFAULT_NAME] = handler; }, /** * Unregisters the default service handler. Future unknown RPC * calls will fail silently. * * @member gadgets.rpc */ unregisterDefault: function() { delete services[DEFAULT_NAME]; }, /** * Forces all subsequent calls to be made by a transport * method that allows the caller to verify the message receiver * (by way of the parent parameter, through getRelayUrl(...)). * At present this means IFPC or WPM. */ forceParentVerifiable: function() { if (!transport.isParentVerifiable()) { transport = gadgets.rpctx.ifpc; } }, /** * Calls an RPC service. * @param {String} targetId Module Id of the RPC service provider. * Empty if calling the parent container. * @param {String} serviceName Service name to call. * @param {Function|null} callback Callback function (if any) to process * the return value of the RPC request. * @param {*} var_args Parameters for the RPC request. * * @member gadgets.rpc */ call: function(targetId, serviceName, callback, var_args) { targetId = targetId || '..'; // Default to the container calling. var from = '..'; if (targetId === '..') { from = rpcId; } ++callId; if (callback) { callbacks[callId] = callback; } var rpc = { s: serviceName, f: from, c: callback ? callId : 0, a: Array.prototype.slice.call(arguments, 3), t: authToken[targetId], l: useLegacyProtocol[targetId] }; if (targetId !== '..' && !document.getElementById(targetId)) { // The target has been removed from the DOM. Don't even try. gadgets.log("WARNING: attempted send to nonexistent frame: " + targetId); return; } // If target is on the same domain, call method directly if (callSameDomain(targetId, rpc)) { return; } // Attempt to make call via a cross-domain transport. // Retrieve the transport for the given target - if one // target is misconfigured, it won't affect the others. var channel = receiverTx[targetId] ? receiverTx[targetId] : transport; if (!channel) { // Not set up yet. Enqueue the rpc for such time as it is. if (!earlyRpcQueue[targetId]) { earlyRpcQueue[targetId] = [ rpc ]; } else { earlyRpcQueue[targetId].push(rpc); } return; } // If we are told to use the legacy format, then we must // default to IFPC. if (useLegacyProtocol[targetId]) { channel = gadgets.rpctx.ifpc; } if (channel.call(targetId, from, rpc) === false) { // Fall back to IFPC. This behavior may be removed as IFPC is as well. receiverTx[targetId] = fallbackTransport; transport.call(targetId, from, rpc); } }, /** * Gets the relay URL of a target frame. * @param {String} targetId Name of the target frame. * @return {String|undefined} Relay URL of the target frame. * * @member gadgets.rpc */ getRelayUrl: function(targetId) { var url = relayUrl[targetId]; // Some RPC methods (wpm, for one) are unhappy with schemeless URLs. if (url && url.indexOf('//') == 0) { url = document.location.protocol + url; } return url; }, /** * Sets the relay URL of a target frame. * @param {String} targetId Name of the target frame. * @param {String} url Full relay URL of the target frame. * @param {Boolean} opt_useLegacy True if this relay needs the legacy IFPC * wire format. * * @member gadgets.rpc * @deprecated */ setRelayUrl: setRelayUrl, /** * Sets the auth token of a target frame. * @param {String} targetId Name of the target frame. * @param {String} token The authentication token to use for all * calls to or from this target id. * * @member gadgets.rpc * @deprecated */ setAuthToken: setAuthToken, /** * Sets up the gadgets.rpc library to communicate with the receiver. * This method replaces setRelayUrl(...) and setAuthToken(...) * * Simplified instructions - highly recommended: * 1. Generate