Commit Graph

7 Commits (b1ea39db46b6e9699c6053c229721213d63474fe)

Author SHA1 Message Date
Brett Zamir 86800563ff Allow embeddedapi.html to pass on its URL arguments to the iframe
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2719 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-22 04:52:04 +00:00
Brett Zamir 1e2e6529d2 Critical privacy/data integrity fix: Move cross-domain capable message listener into own extension (ext-xdomain-messaging.js) and do not include by default (the extension now won't work anyways without an allowedOrigins config first being set (in config.js) for security reasons (and not via URL)); add allowedOrigins config and demo use in config-sample.js; JSLint; update embedapi.html to supply the xdomain extension in case running xdomain (again, allowedOrigins must be supplied in the local copy of config.js for this to work); modify embedapi.js to allow reuse of cross-domain API with same-domain usage, but without the intermediate JSON parsing which could lose some non-JSONable arguments or response.
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2714 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-22 04:08:24 +00:00
Brett Zamir f22e95f437 Tab fixes
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2651 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-01-31 08:57:22 +00:00
Brett Zamir 6b5a4e645e change beforeunload to use addEventListener (only supporting IE9 now and better to allow multiple if user wishes); also CamelCase internal variable for consistency; add brackets
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2639 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-01-31 00:06:50 +00:00
Brett Zamir ffde8814ac Fix security issue by avoiding use of eval() within postMessage calls between embedAPI and main editor (also namespace the messages and protect the imagelib extension message listener from non-string messages); avoid embedAPI's unneeded randomizing of callback IDs in favor of incrementing; deprecate old embedded_svg_edit API name in favor of JS/JSLint-friendly EmbeddedSVGEdit name (and allow it to be instantiated w/o new keyword); JSLint/HTML5-ize embedAPI files, remove HTML5/browser-optional type="text/javascript", remove unused comments for embedAPI
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2585 eee81c28-f429-11dd-99c0-75d572ba1ddd
2013-10-13 23:59:32 +00:00
Bruno Heridet fd5ab3dc30 cleaned extra white spaces in embedapi
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2433 eee81c28-f429-11dd-99c0-75d572ba1ddd
2013-02-19 16:30:56 +00:00
Alexis Deveria fb653705d6 Applied patch by bencurthoys to fix embed api
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@1734 eee81c28-f429-11dd-99c0-75d572ba1ddd
2010-09-20 18:55:10 +00:00