Commit Graph

2327 Commits (d315a81d0d3947b6ad314c8315c8163ed3b05093)

Author SHA1 Message Date
Brett Zamir 1e2e6529d2 Critical privacy/data integrity fix: Move cross-domain capable message listener into own extension (ext-xdomain-messaging.js) and do not include by default (the extension now won't work anyways without an allowedOrigins config first being set (in config.js) for security reasons (and not via URL)); add allowedOrigins config and demo use in config-sample.js; JSLint; update embedapi.html to supply the xdomain extension in case running xdomain (again, allowedOrigins must be supplied in the local copy of config.js for this to work); modify embedapi.js to allow reuse of cross-domain API with same-domain usage, but without the intermediate JSON parsing which could lose some non-JSONable arguments or response.
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2714 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-22 04:08:24 +00:00
Brett Zamir bb75f34ec3 Require extensions to begin with "ext-" and end with ".js" to prevent URL-prompted loading of other files within the extPath.
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2712 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-19 05:26:46 +00:00
Brett Zamir 48f6dd42ca Simplify storage checking/access
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2711 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-19 04:36:49 +00:00
Brett Zamir 9129d652e4 Add storage strings to other locales
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2710 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-19 04:33:21 +00:00
Brett Zamir dc1bf5d88c Safer encoding of cookies; ensure emptyStorageOnDecline only works with explicit decline (and as before, with config so set); add cookie removal to emptyStorageOnDecline behavior
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2709 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-19 01:37:21 +00:00
Brett Zamir cb02aad1f7 Mention locale editor methods in svg-editor.js
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2708 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-19 00:46:52 +00:00
Brett Zamir 9c8b6269cb Partially update (as-yet-not-reestablished) manifest
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2707 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-19 00:10:03 +00:00
Brett Zamir 51dcf01415 Minor: Avoid internal use of svgEditor, fix comment
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2706 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-18 23:57:49 +00:00
Brett Zamir e463b43220 1. Reference config.js in the editor (and remove encouragement for adding extensions to HTML) but ignore config.js in SVN (let user configure) but supply config-sample.js to indicate config/pref/extension possibilities;
2. Move ext-overview_window.js to default but overridable list of extensions (as with other extensions);
3. Allow extensions to avoid problems if failing to return an object (in svgcanvas.js);
4. Support new langReady callback to ensure extension always called when locale info is ready (and always load locale, even English);
5. Move localStorage storing to a new (i18n-ized and available-by-default) storage extension which adds a dialog asking user for whether to store prefs and/or SVG content; $.pref() now falls back to checking defaultPrefs (which may have been expanded at runtime to include URL or storage settings); use new config "forceStorage" to get old (bad) behavior
6. Remove initial cap from "Editor" to reflect singleton nature of object (as compared to JSLint conventions for initial cap constructors);
7. Begin a little JSDoc, clearer grouping of properties/methods; JSLint/clean-up
8. Omit values for lang and iconsize to be successfully auto-detected; 9. Document "save_notice_done" and "export_notice_done" within list of prefs; document "showlayers" and "no_save_warning" as config
10. Add "preventAllURLConfig" and "preventURLContentLoading" config for URL security; 
11. Add "lockExtensions" and "noDefaultExtensions" config for URL behavior re: extension loading
12. Document "showGrid", and new "noStorageOnLoad" and "emptyStorageOnDecline" extension-related config
13. Change setConfig to allow a second object with "overwrite" and "allowInitialUserOverride" properties and to behave accordingly (with URL config acting with overwrite=false to act under lower priority given security concern), along with checking "preventAllURLConfig" and "lockExtensions" config.
14. Remove any dupe extensions
15. Strip all path config from URL setting in addition to extPath (imgPath, langPath, jGraduatePath)
16. Support select+checkbox type dialog (used for storage ext.)
17. Ensure clickSelect is public so can be properly used by ext-connector.js
18. Reinstate 'in' checks just to be safe
19. Fix broken linkControlPoints() and addSubPath() functions
20. Fix problem when position returned by extension object was too high (e.g., if too few other extensions were included).

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2705 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-18 15:06:27 +00:00
Brett Zamir cd560993f0 JSLint JQuerySpinBtn.js
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2704 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-18 00:12:56 +00:00
Brett Zamir 52f6464aa7 rmv redundant line
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2703 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-17 10:55:20 +00:00
Brett Zamir 463207276a JSLint rgbcolor.js
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2702 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-17 07:05:29 +00:00
Brett Zamir 14397f4b19 JSLint
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2701 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-17 06:48:40 +00:00
Brett Zamir ce0e07b278 Very minor: indent/clean-up
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2700 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-17 00:46:57 +00:00
Brett Zamir 6fe03a595f Add back 'in' checks just to be sure
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2699 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-17 00:46:24 +00:00
Brett Zamir b058e518ef Very minor clean-up
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2698 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-16 03:21:15 +00:00
Brett Zamir 9df09a2aab Indicate human translation (perhaps there are plenty others by now as well)
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2697 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-16 03:18:45 +00:00
Brett Zamir f18cdbbeae Fix issue 1174 reported by psh.tnt re: XML entity escaping (within attributes); updated test as well
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2696 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-12 10:10:56 +00:00
Brett Zamir d6cc464ba5 JSLint extensions
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2695 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-12 09:38:38 +00:00
Brett Zamir d97e21b604 Remove dupe keys in JSON
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2694 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-12 07:58:46 +00:00
Brett Zamir 51b18d2664 Apply changes of mmariani in Github extpath branch (https://github.com/mmariani/svg-edit/compare/extpath ) as reported by birbag in issue 1184
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2693 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-12 03:48:48 +00:00
Brett Zamir 694359f6d6 JSLint including important path fixes
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2692 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-12 01:07:26 +00:00
Brett Zamir 1ac6ec3f41 JSLint svgcanvas (50% scanned)
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2691 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-11 14:02:48 +00:00
Brett Zamir 08211557c2 JSLint svgcanvas.js (45% scanned)
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2690 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-11 13:46:39 +00:00
Brett Zamir 6c8e4e30ab JSLint (fix one accidental global)
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2689 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-11 13:32:40 +00:00
Brett Zamir 62e7afd659 Allow for "Make (hyper)link" tooltip to show through
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2688 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-11 02:20:19 +00:00
Brett Zamir d63ed88e25 Rename PNG files accordingly
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2687 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-11 02:03:54 +00:00
Brett Zamir 74810573b2 Change group to group_elements (though keep duplicate group under old name in case it is supposed to have a different function)
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2686 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-11 01:58:57 +00:00
Brett Zamir 21520e6392 JSLint locale.js
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2685 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-11 01:24:09 +00:00
Brett Zamir f378e667fb Further documenting of $.pref
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2684 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-11 00:05:59 +00:00
Brett Zamir cc780f39e6 Document $.pref
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2683 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-11 00:05:17 +00:00
Brett Zamir 05dc118abe JSLint (minor)
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2682 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-10 13:50:55 +00:00
Brett Zamir 645ab15976 Add missing 'e'
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2681 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-10 13:46:19 +00:00
Brett Zamir 6e5905370d Add e.returnValue in addEventListener('beforeunload') for sake of Firefox
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2680 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-10 13:45:48 +00:00
Brett Zamir 00092d4a03 JSLint svgcanvas.js (30% scanned)
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2679 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-10 13:27:34 +00:00
Brett Zamir 6a9cf9551a Finish most of svg-editor.js JSLint
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2678 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-10 13:14:38 +00:00
Brett Zamir 2b9e299240 Ensure panning extension can be over-ridden via URL
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2676 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-10 11:39:33 +00:00
Brett Zamir 5352fe0a64 JSLint (including avoiding global)
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2675 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-10 10:53:51 +00:00
Brett Zamir ba5aaeb1f0 JSLint
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2674 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-10 10:21:55 +00:00
Brett Zamir 6d4ec994f0 Clarify exportImage option in comments
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2672 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-10 05:54:17 +00:00
Brett Zamir 7295eece09 Potentially breaking change: Prevent setting of extPath via URL and prevent setting of cross-domain or cross-folder extensions via URL, i.e., if the extensions string possesses the character ":", "/", or, to be extra safe, "\", (issue #4 of mailing list post "Agenda for resolving security issues"). extPath and extensions can still be meaningfully set freely via setConfig calls, e.g., "svgCanvas.setConfig({extPath: ..., extensions: ...});" if made before Editor.init() is called in svg-editor.js (which is called on a jQuery ready (i.e., DOMContentLoaded) event). To avoid modifying svg-editor.html, one could build an extension which loaded its own scripts as done by the simple extFunc() function in svg-editor.js, but this would occur a little later (Should we export extFunc() for this usage?).
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2671 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-10 05:33:05 +00:00
Brett Zamir bc3f7923e0 Very minor clean-up
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2668 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-04 04:08:24 +00:00
Brett Zamir 1181de6847 Minor clean-up; UTF-8 for SVG
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2667 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-02 01:06:25 +00:00
Brett Zamir a5083f0394 JSLint
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2666 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-02 00:34:04 +00:00
Brett Zamir adbec3e33e Safer XHTML escape
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2665 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-01 17:00:36 +00:00
Brett Zamir 506db8ce30 Fix charset addition for ext-server_opensave.js
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2664 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-01 16:50:05 +00:00
Brett Zamir 0e9a7a7766 Avoid URL decoding; remove dead code; add encoding to XML Declaration in php_savefile extension
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2663 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-01 16:42:46 +00:00
Brett Zamir 21c946fd99 server_opensave-related changes: 1) Be more lenient in filename possibilities for server_opensave (supporting Unicode except characters disallowed in Windows file names); 2) XHTML escape filename and SVG content when put into HTML hidden input element as opposed to unnecessary URL-encoding; 3) fix base64 encoding (with update to dependent utf8-encoding function)--old base64 code caused SVG to break with surrogate pairs (e.g., in title); 4) provide default UTF-8 encoding in XML declaration and add this XML declaration to the download attribute as well
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2662 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-01 16:13:51 +00:00
Brett Zamir 496ee1e875 Possible todo to support server-side saving of exports as well
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2660 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-01-31 13:12:52 +00:00
Brett Zamir f67b3f3e4f Change Polish key export_png to export_img (as already changed in other locales); have emailed for confirmation of accuracy of translation, awaiting reply
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2659 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-01-31 13:06:43 +00:00