portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From woon...@apache.org
Subject svn commit: r813427 - /portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js
Date Thu, 10 Sep 2009 13:26:20 GMT
Author: woonsan
Date: Thu Sep 10 13:26:19 2009
New Revision: 813427

URL: http://svn.apache.org/viewvc?rev=813427&view=rev
Log:
JS2-1063: Not to make a request to a url of different domain in script.
If the script tries to make a cross-domain request, then the remaining scripts do not work
after that. This caused another problems that other portlet windows are not rendered as well.

Modified:
    portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js

Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js?rev=813427&r1=813426&r2=813427&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js
(original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/javascript/jetspeed/widget/PortletWindow.src.js
Thu Sep 10 13:26:19 2009
@@ -2896,7 +2896,30 @@
             this._handleDefaults(name+" failure\n "+err, "onExecError", "debug");
         }
     },
-
+    
+    _isUrlFromSameDomain: function( url )
+    {
+        var reUrl = /^https?\:\/\/([\w\.]+)[:/]?/i;
+        if (reUrl.test(url))
+        {
+            var targetDomain = RegExp.$1;
+            var hostName = window.location.hostname;
+            
+            if (hostName == targetDomain)
+            {
+                return true;
+            }
+            else
+            {
+                var baseDomain = hostName.replace(/^www\w*\./i, "");
+                if (targetDomain.lastIndexOf(baseDomain) == targetDomain.length - baseDomain.length)
{
+                    return true;
+                }
+            }
+        }
+        return false;
+    },
+    
     _executeScripts: function( scripts, djObj )
     {
         var jsObj = jetspeed;
@@ -2921,7 +2944,12 @@
             var contents = null;
             try
             {
-                contents = djHostEnv.getText( uri, null, false );
+                // cross domain content retrieval is not allowed.
+                if ( this._isUrlFromSameDomain( uri ))
+                {
+                    contents = djHostEnv.getText( uri, null, false );
+                }
+                
     	        if ( contents )
                 {
                     //djHostEnv.loadedUris[uri] = true;



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message