Allow custom namespace prefixes as long as they map to one of our accepted namespace URIs (path by Jacques Distler)

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@1396 eee81c28-f429-11dd-99c0-75d572ba1ddd
master
Jeff Schiller 2010-02-17 06:44:03 +00:00
parent 57125bc237
commit d78843beb0
2 changed files with 33 additions and 13 deletions

View File

@ -21,7 +21,7 @@
<script type="text/javascript" src="extensions/ext-closepath.js"></script> <script type="text/javascript" src="extensions/ext-closepath.js"></script>
<script type="text/javascript" src="extensions/ext-arrows.js"></script> <script type="text/javascript" src="extensions/ext-arrows.js"></script>
<script type="text/javascript" src="extensions/ext-connector.js"></script> <script type="text/javascript" src="extensions/ext-connector.js"></script>
<!-- <script type="text/javascript" src="extensions/ext-foreignobject.js"></script> --> <script type="text/javascript" src="extensions/ext-foreignobject.js"></script>
<!-- Release version of script tags: > <!-- Release version of script tags: >
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>

View File

@ -940,6 +940,7 @@ function BatchCommand(text) {
$(svgroot).appendTo(container); $(svgroot).appendTo(container);
// map namespace URIs to prefixes
var nsMap = {}; var nsMap = {};
nsMap[xlinkns] = 'xlink'; nsMap[xlinkns] = 'xlink';
nsMap[xmlns] = 'xml'; nsMap[xmlns] = 'xml';
@ -948,6 +949,27 @@ function BatchCommand(text) {
nsMap[htmlns] = 'xhtml'; nsMap[htmlns] = 'xhtml';
nsMap[mathns] = 'mathml'; nsMap[mathns] = 'mathml';
// map prefixes to namespace URIs
var nsRevMap = {};
$.each(nsMap, function(key,value){
nsRevMap[value] = key;
});
// Produce a Namespace-aware version of svgWhitelist
var svgWhiteListNS = {};
$.each(svgWhiteList, function(elt,atts){
attNS = {};
$.each(atts, function(i, att){
if (att.indexOf(':') != -1) {
v=att.split(':');
attNS[v[1]] = nsRevMap[v[0]];
} else {
attNS[att] = att == 'xmlns' ? xmlnsns : null;
}
});
svgWhiteListNS[elt] = attNS;
});
var svgcontent = svgdoc.createElementNS(svgns, "svg"); var svgcontent = svgdoc.createElementNS(svgns, "svg");
$(svgcontent).attr({ $(svgcontent).attr({
id: 'svgcontent', id: 'svgcontent',
@ -1297,6 +1319,7 @@ function BatchCommand(text) {
if (!doc || !parent) return; if (!doc || !parent) return;
var allowedAttrs = svgWhiteList[node.nodeName]; var allowedAttrs = svgWhiteList[node.nodeName];
var allowedAttrsNS = svgWhiteListNS[node.nodeName];
// if this element is allowed // if this element is allowed
if (allowedAttrs != undefined) { if (allowedAttrs != undefined) {
@ -1307,17 +1330,14 @@ function BatchCommand(text) {
// if the attribute is not in our whitelist, then remove it // if the attribute is not in our whitelist, then remove it
// could use jQuery's inArray(), but I don't know if that's any better // could use jQuery's inArray(), but I don't know if that's any better
var attr = node.attributes.item(i); var attr = node.attributes.item(i);
// TODO: use localName here and grab the namespace URI. Then, make sure that
// anything in our whitelist with a prefix is parsed out properly.
// if attr has namespaceURI, ensure that nsMap[namespaceURI]+localName is in
// allowed Attrs
// TODO: normalize the namespace prefix in declarations
// i.e. "xlink:href" in our whitelist would mean we check that localName matches
// "href" and that namespaceURI matches the XLINK namespace
var attrName = attr.nodeName; var attrName = attr.nodeName;
if (allowedAttrs.indexOf(attrName) == -1) { var attrLocalName = attr.localName;
var attrNsURI = attr.namespaceURI;
// Check that an attribute with the correct localName in the correct namespace is on
// our whitelist or is a namespace declaration for one of our allowed namespaces
if (!(allowedAttrsNS.hasOwnProperty(attrLocalName) && attrNsURI == allowedAttrsNS[attrLocalName] && attrNsURI != xmlnsns) &&
!(attrNsURI == xmlnsns && nsMap[attr.nodeValue]) )
{
// Bypassing the whitelist to allow se: prefixes. Is there // Bypassing the whitelist to allow se: prefixes. Is there
// a more appropriate way to do this? // a more appropriate way to do this?
if(attrName.indexOf('se:') == 0) { if(attrName.indexOf('se:') == 0) {