Author: julien(a)jboss.com Date: 2007-04-07 17:06:48 -0400 (Sat, 07 Apr 2007) New Revision: 6945 Added: trunk/theme/src/bin/test/theme-test-war/file.txt Modified: trunk/core/src/main/org/jboss/portal/core/controller/ajax/AjaxInterceptor.java trunk/theme/src/bin/portal-ajax-war/dyna/dyna.js trunk/theme/src/main/org/jboss/portal/test/theme/TestContext.java trunk/theme/src/main/org/jboss/portal/test/theme/TestServlet.java trunk/theme/src/main/org/jboss/portal/test/theme/tmp/render/TestRenderedMarkup.java trunk/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaConstants.java trunk/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaRegionRenderer.java Log: don't intercept URLs that don't start with the server URL Modified: trunk/core/src/main/org/jboss/portal/core/controller/ajax/AjaxInterceptor.java =================================================================== --- trunk/core/src/main/org/jboss/portal/core/controller/ajax/AjaxInterceptor.java 2007-04-07 20:11:25 UTC (rev 6944) +++ trunk/core/src/main/org/jboss/portal/core/controller/ajax/AjaxInterceptor.java 2007-04-07 21:06:48 UTC (rev 6945) @@ -53,15 +53,12 @@ Object response = cmd.invokeNext(); // Configure ajax if needed - if (response instanceof PageRendition && cmd instanceof RenderPageCommand) + if (response instanceof PageRendition) { - RenderPageCommand rpc = (RenderPageCommand)cmd; - - // ServerInvocationContext serverContext = cmd.getControllerContext().getServerInvocation().getServerContext(); // - ControllerContext controllerContext = rpc.getControllerContext(); + ControllerContext controllerContext = cmd.getControllerContext(); // PageRendition rendition = (PageRendition)response; @@ -72,20 +69,23 @@ String viewId = ctx.getViewId(); // - ServerURL surl = new AbstractServerURL(); - surl.setPortalRequestPath("/ajax"); - String url = serverContext.renderURL(surl, serverContext.getURLContext(), URLFormat.newInstance(true, true)); + ServerURL baseServerURL = new AbstractServerURL(); + baseServerURL.setPortalRequestPath("/"); + String url = serverContext.renderURL(baseServerURL, serverContext.getURLContext(), URLFormat.newInstance(true, true)); // pageProps.put(DynaConstants.DYNA_RESOURCE_BASE_URL, "/portal-ajax/dyna"); - pageProps.put(DynaConstants.ASYNC_SERVER_URL, url); + pageProps.put(DynaConstants.SERVER_BASE_URL, url); pageProps.put(DynaConstants.VIEW_STATE, viewId); // If user is logged in and is on dashboard we enable ajax - if (serverContext.getClientRequest().getRemoteUser() != null && - rpc.isDashboard()) + if (cmd instanceof RenderPageCommand) { - AJAX_OPTIONS.setOptions(pageProps); + RenderPageCommand rpc = (RenderPageCommand)cmd; + if (serverContext.getClientRequest().getRemoteUser() != null && rpc.isDashboard()) + { + AJAX_OPTIONS.setOptions(pageProps); + } } } Modified: trunk/theme/src/bin/portal-ajax-war/dyna/dyna.js =================================================================== --- trunk/theme/src/bin/portal-ajax-war/dyna/dyna.js 2007-04-07 20:11:25 UTC (rev 6944) +++ trunk/theme/src/bin/portal-ajax-war/dyna/dyna.js 2007-04-07 21:06:48 UTC (rev 6945) @@ -98,6 +98,31 @@ } } + // Check that the URL starts with the provided prefix + if (url != null) + { + if (url.indexOf("http://") == 0) + { + var indexOfSlash = url.indexOf("/", "http://".length); + if (indexOfSlash < 0) + { + url = null; + } + else if (indexOfSlash > 0) + { + var path = url.substring(indexOfSlash); + if (path.indexOf(server_base_url) != 0) + { + url = null; + } + } + } + else if (url.indexOf(server_base_url) != 0) + { + url = null; + } + } + // Handle links here if (url != null) { Added: trunk/theme/src/bin/test/theme-test-war/file.txt =================================================================== --- trunk/theme/src/bin/test/theme-test-war/file.txt (rev 0) +++ trunk/theme/src/bin/test/theme-test-war/file.txt 2007-04-07 21:06:48 UTC (rev 6945) @@ -0,0 +1 @@ +Content of the file Modified: trunk/theme/src/main/org/jboss/portal/test/theme/TestContext.java =================================================================== --- trunk/theme/src/main/org/jboss/portal/test/theme/TestContext.java 2007-04-07 20:11:25 UTC (rev 6944) +++ trunk/theme/src/main/org/jboss/portal/test/theme/TestContext.java 2007-04-07 21:06:48 UTC (rev 6945) @@ -39,18 +39,18 @@ /** . */ private HttpServletRequest request; - private String asyncServerURL; + /** . */ + private String serverBaseURL; - public TestContext(HttpServletRequest request) { this.request = request; - this.asyncServerURL = request.getContextPath() + "/test"; + this.serverBaseURL = request.getContextPath() + "/test"; } - public String getAsyncServerURL() + public String getServerBaseURL() { - return asyncServerURL; + return serverBaseURL; } public Counter getCounter(WindowId windowId) @@ -70,8 +70,11 @@ public WindowResult renderWindow(WindowId windowId) { Counter counter = getCounter(windowId); - String link = asyncServerURL + "?windowId=" + windowId + "&action=increment"; - return createWindowMarkup("Window Title", "Counter value is " + counter.getValue() + ", <a href=\"" + link + "\">Increment counter</a>"); + String link = serverBaseURL + "?windowId=" + windowId + "&action=increment"; + return createWindowMarkup("Window Title", + "Counter value is " + counter.getValue() + ", <a href=\"" + link + "\">Increment counter</a><br/>" + + "Link to a resource <a href=\"" + request.getContextPath() + "/file.txt\">Resource</a><br/>" + + "Inline javascript <a href=\"javascript:alert('The Alert');\">Resource</a><br/>"); } private WindowResult createWindowMarkup(String title, String content) Modified: trunk/theme/src/main/org/jboss/portal/test/theme/TestServlet.java =================================================================== --- trunk/theme/src/main/org/jboss/portal/test/theme/TestServlet.java 2007-04-07 20:11:25 UTC (rev 6944) +++ trunk/theme/src/main/org/jboss/portal/test/theme/TestServlet.java 2007-04-07 21:06:48 UTC (rev 6945) @@ -139,7 +139,7 @@ // pageRenderCtx.setLayoutState(null); pageRenderCtx.getPageProperties().put(DynaConstants.DYNA_RESOURCE_BASE_URL, request.getContextPath() + "/dyna"); - pageRenderCtx.getPageProperties().put(DynaConstants.ASYNC_SERVER_URL, testContext.getAsyncServerURL()); + pageRenderCtx.getPageProperties().put(DynaConstants.SERVER_BASE_URL, testContext.getServerBaseURL()); // pageRenderCtx.getPortalProperties().put(ThemeConstants.PORTAL_PROP_THEME, theme.getThemeInfo().getName()); Modified: trunk/theme/src/main/org/jboss/portal/test/theme/tmp/render/TestRenderedMarkup.java =================================================================== --- trunk/theme/src/main/org/jboss/portal/test/theme/tmp/render/TestRenderedMarkup.java 2007-04-07 20:11:25 UTC (rev 6944) +++ trunk/theme/src/main/org/jboss/portal/test/theme/tmp/render/TestRenderedMarkup.java 2007-04-07 21:06:48 UTC (rev 6945) @@ -129,7 +129,7 @@ // Map pageProps = new HashMap(); pageProps.put(DynaConstants.DYNA_RESOURCE_BASE_URL, "/portal-ajax"); - pageProps.put(DynaConstants.ASYNC_SERVER_URL, "http://localhost:8080/portal-ajax/ajax"); + pageProps.put(DynaConstants.SERVER_BASE_URL, "http://localhost:8080/portal-ajax/ajax"); // Map portalProps = new HashMap(); Modified: trunk/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaConstants.java =================================================================== --- trunk/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaConstants.java 2007-04-07 20:11:25 UTC (rev 6944) +++ trunk/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaConstants.java 2007-04-07 21:06:48 UTC (rev 6945) @@ -33,7 +33,7 @@ public static final String DYNA_RESOURCE_BASE_URL = "theme.dyna.resource_base_url"; /** . */ - public static final String ASYNC_SERVER_URL = "theme.dyna.async_server_url"; + public static final String SERVER_BASE_URL = "theme.dyna.server_base_url"; /** The id for view state. */ public static final String VIEW_STATE = "theme.dyna.view_state"; Modified: trunk/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaRegionRenderer.java =================================================================== --- trunk/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaRegionRenderer.java 2007-04-07 20:11:25 UTC (rev 6944) +++ trunk/theme/src/main/org/jboss/portal/theme/impl/render/dynamic/DynaRegionRenderer.java 2007-04-07 21:06:48 UTC (rev 6945) @@ -108,7 +108,7 @@ { PrintWriter markup = rendererContext.getWriter(); String jsBase = rendererContext.getProperty(DynaConstants.DYNA_RESOURCE_BASE_URL); - String asyncServerURL = rendererContext.getProperty(DynaConstants.ASYNC_SERVER_URL); + String serverBaseURL = rendererContext.getProperty(DynaConstants.SERVER_BASE_URL); String viewState = rendererContext.getProperty(DynaConstants.VIEW_STATE); // Handle special ajax region here @@ -132,8 +132,8 @@ markup.print("<script type='text/javascript'>\n"); // Async server URL needed for callbacks - markup.print("async_server_url=\""); - markup.print(asyncServerURL); + markup.print("server_base_url=\""); + markup.print(serverBaseURL); markup.print("\";\n"); // View state if not null