Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: lawnsea/TreeHouse
base: e27b3ac59e
...
head fork: lawnsea/TreeHouse
compare: 595db54c01
Checking mergeability… Don't worry, you can still create the pull request.
  • 2 commits
  • 4 files changed
  • 0 commit comments
  • 1 contributor
View
1  demos/hello-guest.js
@@ -1,5 +1,6 @@
var div = document.createElement('div');
var span = document.createElement('span');
span.innerHTML = 'Hello, TreeHouse!';
+div.style.color = 'red';
div.appendChild(span);
document.getElementById('root').appendChild(div);
View
32 src/kernel.js
@@ -1,8 +1,7 @@
define([
- 'treehouse/sandbox', 'treehouse/util', 'treehouse/kernel/allowed-attributes',
- 'treehouse/kernel/allowed-elements', 'treehouse/kernel/allowed-style-properties'
+ 'treehouse/sandbox', 'treehouse/util'
],
-function(Sandbox, util, allowedAttributes, allowedElements, allowedStyleProperties) {
+function(Sandbox, util) {
var sandboxes = {};
var sandboxIndex = 0;
var messageHandlers = {};
@@ -20,9 +19,7 @@ function(Sandbox, util, allowedAttributes, allowedElements, allowedStyleProperti
attr = attrs[i];
if (attr.name.indexOf(STYLE_ATTRIBUTE_PREFIX) === 0) {
name = util.dashedToCamelCase(attr.name.slice(STYLE_ATTRIBUTE_PREFIX.length));
- if (allowedStyleProperties[name] === true) {
- el.style[name] = attr.value;
- }
+ el.style[name] = attr.value;
toRemove.push(attr.name);
}
}
@@ -49,24 +46,15 @@ function(Sandbox, util, allowedAttributes, allowedElements, allowedStyleProperti
}
if (ev.attrChange === MutationEvent.prototype.MODIFICATION) {
- if (ev.target.setAttribute && allowedAttributes[ev.attrName.toLowerCase()] === true) {
- ev.target.setAttribute(ev.attrName, ev.newValue);
- } else if (ev.attrName.indexOf(STYLE_ATTRIBUTE_PREFIX) === 0) {
+ if (ev.attrName.indexOf(STYLE_ATTRIBUTE_PREFIX) === 0) {
name = ev.attrName.slice(STYLE_ATTRIBUTE_PREFIX.length);
- if (allowedStyleProperties[name] === true) {
- ev.target.style[name] = ev.newValue;
- }
+ ev.target.style[name] = ev.newValue;
+ } else if (ev.target.setAttribute) {
+ ev.target.setAttribute(ev.attrName, ev.newValue);
}
} else if (ev.attrChange === MutationEvent.prototype.ADDITION) {
- if (ev.target instanceof Text ||
- allowedElements[ev.target.tagName.toLowerCase()] === true)
- {
- el = ev.target;
- setStyleAttributes(el);
- } else {
- el = document.createElement('div');
- el.style.display = 'none';
- }
+ el = ev.target;
+ setStyleAttributes(el);
if (el.__treehouseNextSibling) {
ev.relatedNode.insertBefore(el, el.__treehouseNextSibling);
@@ -95,7 +83,7 @@ function(Sandbox, util, allowedAttributes, allowedElements, allowedStyleProperti
var sandbox;
if (sandboxes[name] === void undefined) {
- sandboxes[name] = new Sandbox(name, null, allowedAttributes);
+ sandboxes[name] = new Sandbox(name, null);
sandboxes[name].index = sandboxIndex;
sandboxIndex++;
}
View
72 src/loader.js
@@ -19,6 +19,34 @@ var initBroker;
'undefined', 'unescape', 'webkitURL',
'win', 'window', 'doc', 'document', 'initBroker'
];
+ var styleAttributeList = [
+ 'azimuth', 'backgroundAttachment', 'backgroundColor', 'backgroundImage',
+ 'backgroundPosition', 'backgroundRepeat', 'background',
+ 'borderCollapse', 'borderColor', 'borderSpacing', 'borderStyle',
+ 'borderTop', 'borderRight', 'borderBottom', 'borderLeft',
+ 'borderTopColor', 'borderRightColor', 'borderBottomColor',
+ 'borderLeftColor', 'borderTopStyle', 'borderRightStyle',
+ 'borderBottomStyle', 'borderLeftStyle', 'borderTopWidth',
+ 'borderRightWidth', 'borderBottomWidth', 'borderLeftWidth',
+ 'borderWidth', 'border', 'bottom', 'captionSide', 'clear', 'clip',
+ 'color', 'content', 'counterIncrement', 'counterReset', 'cueAfter',
+ 'cueBefore', 'cue', 'cursor', 'direction', 'display', 'elevation',
+ 'emptyCells', 'float', 'fontFamily', 'fontSize', 'fontStyle',
+ 'fontVariant', 'fontWeight', 'font', 'height', 'left', 'letterSpacing',
+ 'lineHeight', 'listStyleImage', 'listStylePostion', 'listStyleType',
+ 'listStyle', 'margin', 'marginTop', 'marginRight', 'marginBottom',
+ 'marginLeft', 'maxHeight', 'maxWidth', 'minHeight', 'minWidth',
+ 'orphans', 'outlineColor', 'outlineStyle', 'outlineWidth', 'outline',
+ 'overflow', 'padding', 'paddingTop', 'paddingRight', 'paddingBottom',
+ 'paddingLeft', 'pageBreakAfter', 'pageBreakBefore', 'pageBreakInside',
+ 'pauseAfter', 'pauseBefore', 'pause', 'pitchRange', 'pitch',
+ 'playDuring', 'position', 'quotes', 'richness', 'right', 'speakHeader',
+ 'speakNumeral', 'speakPunctuation', 'speak', 'speechRate', 'stress',
+ 'tableLayout', 'textAlign', 'textDecoration', 'textIndent',
+ 'textTransform', 'top', 'unicodeBidi', 'verticalAlign', 'visibility',
+ 'voiceFamily', 'volume', 'whiteSpace', 'widows', 'width', 'wordSpacing',
+ 'zIndex'
+ ];
var blacklist = ['Worker'];
var nop = function (){};
var ignored = {};
@@ -180,15 +208,8 @@ var initBroker;
* an attribute on the element
*/
function hookStyleProperty(property) {
- // propertyName -> data-treehouse-style-property-name
var name = STYLE_ATTRIBUTE_PREFIX + util.camelCaseToDashed(property);
- if (hookedStyles[property]) {
- // already hooked
- return;
- }
-
- hookedStyles[property] = true;
Object.defineProperty(CSSStyleDeclaration.prototype, property, {
set: function (newValue) {
this._element.setAttribute(name, newValue);
@@ -198,22 +219,7 @@ var initBroker;
}
});
}
-
- // Export style properties in the base policy
- for (k in basePolicy['!elements']['!attributes']) {
- for (m in basePolicy['!elements']['!attributes'][k].style) {
- hookStyleProperty(k);
- }
- }
-
- // Export any style properties that don't appear in the base policy
- for (k in policy['!elements']['!attributes']) {
- for (m in policy['!elements']['!attributes'][k].style) {
- hookStyleProperty(k);
- }
- }
-
- // XXX: setPolicy needs to do this too
+ _.each(styleAttributeList, hookStyleProperty);
// Wrap addEventListener so that we can ask the monitor to install
// listeners in the actual DOM
@@ -285,18 +291,14 @@ var initBroker;
// TODO: if the new node has onfoo handers, register them and delete the attributes
// from the serialized node
- if (e.attrChange === MutationEvent.prototype.ADDITION) {
- // When adding a node to the DOM, serialize the node and append
- // it to the traversal
- target = serialization.serializeNode(e.target);
- // get the traversal from the root node to the parent
- related = serialization.getNodeTraversal(e.relatedNode, document.body).slice(1);
- e = serialization.serializeEvent(e, document.body);
- e.target.push(target);
- e.relatedNode = e.relatedNode.concat(related);
- } else {
- e = serialization.serializeEvent(e, document.body);
- }
+ // get the traversal from the root node to the parent
+ related = serialization.getNodeTraversal(e.relatedNode, document.body).slice(1);
+ // get the serialized representation of the target node
+ target = serialization.serializeNode(e.target);
+ e = serialization.serializeEvent(e, document.body);
+ // append the serialized node to its traversal
+ e.target.push(target);
+ e.relatedNode = related;
if (!validate.checkDOMMutation(policy, e, document.body)) {
terminate('VDOM modification violates policy', e);
View
12 src/sandbox.js
@@ -10,6 +10,7 @@ function(serialization, SortedSet, validate, basePolicy) {
var ev = document.createEvent('CustomEvent');
var serializedTarget = e.target;
var rootNode = this._children.get(serializedTarget.shift());
+ var serializedTargetNode;
if (e.type !== 'DOMSubtreeModified') {
return;
@@ -19,16 +20,16 @@ function(serialization, SortedSet, validate, basePolicy) {
this.onPolicyViolation();
}
+ serializedTargetNode = e.target.pop();
+
if (e.attrChange === MutationEvent.ADDITION) {
// the last element of the target is the new node to add
- e.target = serialization.deserializeNode(serializedTarget.pop());
- e.__serializedTarget = serializedTarget.slice(0);
+ e.target = serialization.deserializeNode(serializedTargetNode);
e.target.__treehouseNextSibling = serialization.traverseToNode(
serializedTarget, rootNode);
}
- e = serialization.deserializeEvent(e, this._children.get());
- e.__serializedTarget = serializedTarget;
+ e = serialization.deserializeEvent(e, rootNode);
this.debug('Deserialized received event', e);
ev.initCustomEvent('sandboxDOMEvent', true, true, e);
ev.detail.sandbox = this;
@@ -89,14 +90,13 @@ function(serialization, SortedSet, validate, basePolicy) {
}
}
- Sandbox = function (name, loader, attributeWhitelist) {
+ Sandbox = function (name, loader) {
loader = loader || '../src/loader.js';
this.name = name;
this._worker = new Worker(loader);
this._children = new SortedSet(compareNodes);
this._started = false;
this._listeners = [];
- this._whitelist = attributeWhitelist;
consoleMethods.forEach(function (method) {
this[method] = function () {

No commit comments for this range

Something went wrong with that request. Please try again.