1 files changed, 132 insertions, 0 deletions
diff --git a/node_modules/labs/rich-text-editor.reel/rich-text-sanitizer.js b/node_modules/labs/rich-text-editor.reel/rich-text-sanitizer.js
new file mode 100644
index 00000000..3282d3e6
--- /dev/null
+++ b/node_modules/labs/rich-text-editor.reel/rich-text-sanitizer.js
@@ -0,0 +1,132 @@
+/* <copyright>
+ This file contains proprietary software owned by Motorola Mobility, Inc.<br/>
+ No rights, expressed or implied, whatsoever to this software are provided by Motorola Mobility, Inc. hereunder.<br/>
+ (c) Copyright 2011 Motorola Mobility, Inc.  All Rights Reserved.
+ </copyright> */
+/**
+        @module "montage/ui/rich-text-sanitizer.js"
+    @requires montage/core/core
+*/
+var Montage = require("montage").Montage;
+/**
+    @class module:"montage/ui/rich-text-sanitizer.js".Sanitizer
+    @extends module:montage/core/core.Montage
+*/
+exports.Sanitizer = Montage.create(Montage,/** @lends module:"montage/ui/rich-text-sanitizer.js".Sanitizer# */ {
+    willSetValue: {
+        value: function(value, identifier)  {
+            return this._scopeCSS(value, identifier);
+        }
+    },
+    didGetValue: {
+        value: function(value, identifier)  {
+            return this._unscopeCSS(value, identifier);
+        }
+    },
+    willInsertHTMLData: {
+        value: function(data, identifier)  {
+            return this._scopeCSS(this._removeScript(data), identifier);
+        }
+    },
+    _scopeCSS: {
+        enumerable: true,
+        value: function(htmlFragment, identifier) {
+            var identifierSelector = ".editor-" + identifier+ " ";
+            if (typeof htmlFragment == "string") {
+                // Extract the style tag and its content
+                htmlFragment = htmlFragment.replace(/(<style ?[^>]*>)([^<]*)(<\/style>)/ig, function(match, pre, style, post) {
+                    // Remove any newlines and tab for easier processing
+                    style = style.replace(/\t|\n|\r/g, function(char) {if (char == "\t") return " "; return ""});
+                    // Cleanup any potential leftover from a previous scoping
+                    style = style.replace(/\*\.editor-[^ ] +/g, "body");
+                    style = style.replace(/\.editor-[^ ]+ /g, "");
+                    // Extract the selectors for each css block
+                    style = style.replace(/([^{]+)({[^}]*})/ig, function(match, selectors, rules) {
+                        // Split the selectors and add the identifierSelector
+                        selectors = selectors.replace(/ *([^,]+)/g, function(match, selector) {
+                            // convert body selector
+                            if (selector.toLowerCase() == "body") {
+                                return "*" + identifierSelector;
+                            } else {
+                                return identifierSelector + selector;
+                            }
+                        })
+                        return selectors + rules;
+                    })
+                    return pre + style + post;
+                });
+            }
+            return htmlFragment;
+        }
+    },
+    _unscopeCSS: {
+        enumerable: true,
+        value: function(htmlFragment, identifier) {
+            if (typeof htmlFragment == "string") {
+                // Extract the style tag and its content
+                htmlFragment = htmlFragment.replace(/(<style ?[^>]*>)([^<]*)(<\/style>)/ig, function(match, pre, style, post) {
+                    style = style.replace(/\*\.editor-[^ ] +/g, "body");
+                    style = style.replace(/\.editor-[^ ]+ /g, "");
+                    return pre + style + post;
+                });
+            }
+            return htmlFragment;
+        }
+    },
+    _removeScript: {
+        enumerable: true,
+        value: function(htmlFragment) {
+            /*
+                Will remove any script tag, onXXX handlers and javascript URLs
+             */
+            var div = document.createElement("div"),
+                _removeScript = function(element) {
+                    var children = element.children,
+                        child,
+                        nbrChildren = children.length,
+                        attributes = element.attributes,
+                        attribute,
+                        nbrAttributes = attributes.length,
+                        i;
+                for (i = 0; i < nbrAttributes; i ++) {
+                    attribute = attributes[i];
+                    if (attribute.name.match(/^on[a-z]+/i) || attribute.value.match(/^javascript:/)) {
+                        element.removeAttribute(attribute.name);
+                        i --;
+                        nbrAttributes --;
+                    }
+                }
+                for (i = 0; i < nbrChildren; i ++) {
+                    child = children[i];
+                    if (child.tagName == "SCRIPT") {
+                        child.parentNode.removeChild(child);
+                        i --;
+                        nbrChildren --;
+                    } else {
+                        _removeScript(child);
+                    }
+                }
+            };
+            div.innerHTML = htmlFragment;
+            _removeScript(div);
+            return div.innerHTML;
+        }
+    }
+});

diff --git a/node_modules/labs/rich-text-editor.reel/rich-text-sanitizer.js b/node_modules/labs/rich-text-editor.reel/rich-text-sanitizer.js new file mode 100644 index 00000000..3282d3e6 --- /dev/null +++ b/node_modules/labs/rich-text-editor.reel/rich-text-sanitizer.js
@@ -0,0 +1,132 @@
	1	/* <copyright>
	2	This file contains proprietary software owned by Motorola Mobility, Inc.<br/>
	3	No rights, expressed or implied, whatsoever to this software are provided by Motorola Mobility, Inc. hereunder.<br/>
	4	(c) Copyright 2011 Motorola Mobility, Inc. All Rights Reserved.
	5	</copyright> */
	6	/**
	7	@module "montage/ui/rich-text-sanitizer.js"
	8	@requires montage/core/core
	9	*/
	10	var Montage = require("montage").Montage;
	11
	12	/**
	13	@class module:"montage/ui/rich-text-sanitizer.js".Sanitizer
	14	@extends module:montage/core/core.Montage
	15	*/
	16	exports.Sanitizer = Montage.create(Montage,/** @lends module:"montage/ui/rich-text-sanitizer.js".Sanitizer# */ {
	17
	18	willSetValue: {
	19	value: function(value, identifier) {
	20	return this._scopeCSS(value, identifier);
	21	}
	22	},
	23
	24	didGetValue: {
	25	value: function(value, identifier) {
	26	return this._unscopeCSS(value, identifier);
	27	}
	28	},
	29
	30	willInsertHTMLData: {
	31	value: function(data, identifier) {
	32	return this._scopeCSS(this._removeScript(data), identifier);
	33	}
	34	},
	35
	36	_scopeCSS: {
	37	enumerable: true,
	38	value: function(htmlFragment, identifier) {
	39	var identifierSelector = ".editor-" + identifier+ " ";
	40
	41	if (typeof htmlFragment == "string") {
	42	// Extract the style tag and its content
	43	htmlFragment = htmlFragment.replace(/(<style ?[^>]>)([^<])(<\/style>)/ig, function(match, pre, style, post) {
	44	// Remove any newlines and tab for easier processing
	45	style = style.replace(/\t\|\n\|\r/g, function(char) {if (char == "\t") return " "; return ""});
	46
	47	// Cleanup any potential leftover from a previous scoping
	48	style = style.replace(/\*\.editor-[^ ] +/g, "body");
	49	style = style.replace(/\.editor-[^ ]+ /g, "");
	50
	51	// Extract the selectors for each css block
	52	style = style.replace(/([^{]+)({[^}]*})/ig, function(match, selectors, rules) {
	53
	54	// Split the selectors and add the identifierSelector
	55	selectors = selectors.replace(/ *([^,]+)/g, function(match, selector) {
	56	// convert body selector
	57	if (selector.toLowerCase() == "body") {
	58	return "*" + identifierSelector;
	59	} else {
	60	return identifierSelector + selector;
	61	}
	62	})
	63	return selectors + rules;
	64	})
	65	return pre + style + post;
	66	});
	67	}
	68
	69	return htmlFragment;
	70	}
	71	},
	72
	73	_unscopeCSS: {
	74	enumerable: true,
	75	value: function(htmlFragment, identifier) {
	76
	77	if (typeof htmlFragment == "string") {
	78	// Extract the style tag and its content
	79	htmlFragment = htmlFragment.replace(/(<style ?[^>]>)([^<])(<\/style>)/ig, function(match, pre, style, post) {
	80	style = style.replace(/\*\.editor-[^ ] +/g, "body");
	81	style = style.replace(/\.editor-[^ ]+ /g, "");
	82	return pre + style + post;
	83	});
	84	}
	85	return htmlFragment;
	86	}
	87	},
	88
	89	_removeScript: {
	90	enumerable: true,
	91	value: function(htmlFragment) {
	92	/*
	93	Will remove any script tag, onXXX handlers and javascript URLs
	94	*/
	95	var div = document.createElement("div"),
	96	_removeScript = function(element) {
	97	var children = element.children,
	98	child,
	99	nbrChildren = children.length,
	100	attributes = element.attributes,
	101	attribute,
	102	nbrAttributes = attributes.length,
	103	i;
	104
	105	for (i = 0; i < nbrAttributes; i ++) {
	106	attribute = attributes[i];
	107	if (attribute.name.match(/^on[a-z]+/i) \|\| attribute.value.match(/^javascript:/)) {
	108	element.removeAttribute(attribute.name);
	109	i --;
	110	nbrAttributes --;
	111	}
	112	}
	113
	114	for (i = 0; i < nbrChildren; i ++) {
	115	child = children[i];
	116	if (child.tagName == "SCRIPT") {
	117	child.parentNode.removeChild(child);
	118	i --;
	119	nbrChildren --;
	120	} else {
	121	_removeScript(child);
	122	}
	123	}
	124	};
	125
	126	div.innerHTML = htmlFragment;
	127	_removeScript(div);
	128
	129	return div.innerHTML;
	130	}
	131	}
	132	});