svgedit

Commit Graph

Author	SHA1	Message	Date
Brett Zamir	a506f6c02f	Minor clarification of preventAllURLConfig git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2803 eee81c28-f429-11dd-99c0-75d572ba1ddd	2014-04-09 01:35:28 +00:00
Brett Zamir	1e2e6529d2	Critical privacy/data integrity fix: Move cross-domain capable message listener into own extension (ext-xdomain-messaging.js) and do not include by default (the extension now won't work anyways without an allowedOrigins config first being set (in config.js) for security reasons (and not via URL)); add allowedOrigins config and demo use in config-sample.js; JSLint; update embedapi.html to supply the xdomain extension in case running xdomain (again, allowedOrigins must be supplied in the local copy of config.js for this to work); modify embedapi.js to allow reuse of cross-domain API with same-domain usage, but without the intermediate JSON parsing which could lose some non-JSONable arguments or response. git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2714 eee81c28-f429-11dd-99c0-75d572ba1ddd	2014-02-22 04:08:24 +00:00
Brett Zamir	e463b43220	1. Reference config.js in the editor (and remove encouragement for adding extensions to HTML) but ignore config.js in SVN (let user configure) but supply config-sample.js to indicate config/pref/extension possibilities; 2. Move ext-overview_window.js to default but overridable list of extensions (as with other extensions); 3. Allow extensions to avoid problems if failing to return an object (in svgcanvas.js); 4. Support new langReady callback to ensure extension always called when locale info is ready (and always load locale, even English); 5. Move localStorage storing to a new (i18n-ized and available-by-default) storage extension which adds a dialog asking user for whether to store prefs and/or SVG content; $.pref() now falls back to checking defaultPrefs (which may have been expanded at runtime to include URL or storage settings); use new config "forceStorage" to get old (bad) behavior 6. Remove initial cap from "Editor" to reflect singleton nature of object (as compared to JSLint conventions for initial cap constructors); 7. Begin a little JSDoc, clearer grouping of properties/methods; JSLint/clean-up 8. Omit values for lang and iconsize to be successfully auto-detected; 9. Document "save_notice_done" and "export_notice_done" within list of prefs; document "showlayers" and "no_save_warning" as config 10. Add "preventAllURLConfig" and "preventURLContentLoading" config for URL security; 11. Add "lockExtensions" and "noDefaultExtensions" config for URL behavior re: extension loading 12. Document "showGrid", and new "noStorageOnLoad" and "emptyStorageOnDecline" extension-related config 13. Change setConfig to allow a second object with "overwrite" and "allowInitialUserOverride" properties and to behave accordingly (with URL config acting with overwrite=false to act under lower priority given security concern), along with checking "preventAllURLConfig" and "lockExtensions" config. 14. Remove any dupe extensions 15. Strip all path config from URL setting in addition to extPath (imgPath, langPath, jGraduatePath) 16. Support select+checkbox type dialog (used for storage ext.) 17. Ensure clickSelect is public so can be properly used by ext-connector.js 18. Reinstate 'in' checks just to be safe 19. Fix broken linkControlPoints() and addSubPath() functions 20. Fix problem when position returned by extension object was too high (e.g., if too few other extensions were included). git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2705 eee81c28-f429-11dd-99c0-75d572ba1ddd	2014-02-18 15:06:27 +00:00

Author

SHA1

Message

Date

Brett Zamir

a506f6c02f

Minor clarification of preventAllURLConfig

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2803 eee81c28-f429-11dd-99c0-75d572ba1ddd

2014-04-09 01:35:28 +00:00

Brett Zamir

1e2e6529d2

Critical privacy/data integrity fix: Move cross-domain capable message listener into own extension (ext-xdomain-messaging.js) and do not include by default (the extension now won't work anyways without an allowedOrigins config first being set (in config.js) for security reasons (and not via URL)); add allowedOrigins config and demo use in config-sample.js; JSLint; update embedapi.html to supply the xdomain extension in case running xdomain (again, allowedOrigins must be supplied in the local copy of config.js for this to work); modify embedapi.js to allow reuse of cross-domain API with same-domain usage, but without the intermediate JSON parsing which could lose some non-JSONable arguments or response.

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2714 eee81c28-f429-11dd-99c0-75d572ba1ddd

2014-02-22 04:08:24 +00:00

Brett Zamir

e463b43220

1. Reference config.js in the editor (and remove encouragement for adding extensions to HTML) but ignore config.js in SVN (let user configure) but supply config-sample.js to indicate config/pref/extension possibilities;

2. Move ext-overview_window.js to default but overridable list of extensions (as with other extensions);
3. Allow extensions to avoid problems if failing to return an object (in svgcanvas.js);
4. Support new langReady callback to ensure extension always called when locale info is ready (and always load locale, even English);
5. Move localStorage storing to a new (i18n-ized and available-by-default) storage extension which adds a dialog asking user for whether to store prefs and/or SVG content; $.pref() now falls back to checking defaultPrefs (which may have been expanded at runtime to include URL or storage settings); use new config "forceStorage" to get old (bad) behavior
6. Remove initial cap from "Editor" to reflect singleton nature of object (as compared to JSLint conventions for initial cap constructors);
7. Begin a little JSDoc, clearer grouping of properties/methods; JSLint/clean-up
8. Omit values for lang and iconsize to be successfully auto-detected; 9. Document "save_notice_done" and "export_notice_done" within list of prefs; document "showlayers" and "no_save_warning" as config
10. Add "preventAllURLConfig" and "preventURLContentLoading" config for URL security; 
11. Add "lockExtensions" and "noDefaultExtensions" config for URL behavior re: extension loading
12. Document "showGrid", and new "noStorageOnLoad" and "emptyStorageOnDecline" extension-related config
13. Change setConfig to allow a second object with "overwrite" and "allowInitialUserOverride" properties and to behave accordingly (with URL config acting with overwrite=false to act under lower priority given security concern), along with checking "preventAllURLConfig" and "lockExtensions" config.
14. Remove any dupe extensions
15. Strip all path config from URL setting in addition to extPath (imgPath, langPath, jGraduatePath)
16. Support select+checkbox type dialog (used for storage ext.)
17. Ensure clickSelect is public so can be properly used by ext-connector.js
18. Reinstate 'in' checks just to be safe
19. Fix broken linkControlPoints() and addSubPath() functions
20. Fix problem when position returned by extension object was too high (e.g., if too few other extensions were included).

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2705 eee81c28-f429-11dd-99c0-75d572ba1ddd

2014-02-18 15:06:27 +00:00

3 Commits (4bb15e0fb6e828bca4bb0d20bb0fa8cb864f1ca9)