workaround for OAuth2 using inline JavaScript causing conflicts with …

…Content Security Policy #102

Cakefile

@@ -55,6 +55,7 @@ VENDOR_FILES    = [
   'vendor/jquery.url.js'
   'vendor/mustache.js'
   'vendor/oauth2.js'
+  'vendor/oauth2_finish.js'
   'vendor/oauth2_inject.js'
 ]
 

src/pages/oauth2.html

@@ -18,12 +18,6 @@
   <head>
     <title>OAuth 2.0 Finish Page</title>
     <script src="../vendor/oauth2.js"></script>
-    <script type="text/javascript">
-      var url = unescape(window.location.href.match(/from=([^&]+)/)[1]);
-      var index = url.indexOf('?');
-      if (index !== -1) url = url.substring(0, index);
-      var adapterName = OAuth2.lookupAdapterName(url);
-      var finisher = new OAuth2(adapterName, OAuth2.FINISH);
-    </script>
+    <script src="../vendor/oauth2_finish.js"></script>
   </head>
 </html>

src/vendor/oauth2_finish.js

@@ -0,0 +1,26 @@
+/*
+ * Copyright 2011 Google Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// This script serves as an intermediary between oauth2.html and oauth2.js.
+
+// Get all query string parameters from the original URL.
+var url = decodeURIComponent(window.location.href.match(/from=([^&]+)/)[1]);
+var index = url.indexOf('?');
+if (index !== -1) url = url.substring(0, index);
+
+// Derive adapter name from URI and then finish the process.
+var adapterName = OAuth2.lookupAdapterName(url);
+var finisher = new OAuth2(adapterName, OAuth2.FINISH);