From: Claudio Sacerdoti Coen <claudio.sacerdoticoen@unibo.it>
Date: Fri, 22 Jun 2001 16:35:07 +0000 (+0000)
Subject: Many modifications to avoid JavaScript security rules of
X-Git-Tag: v0_1_3~141
X-Git-Url: http://matita.cs.unibo.it/gitweb/?a=commitdiff_plain;h=17b9d388831eaa2242c46ed76cad9a8e23c1baba;p=helm.git

Many modifications to avoid JavaScript security rules of
Mozilla/Galeon/Netscape V6 browsers.

In particular, now every frame (but the two headers that are completely
dummy) is made by UWOBO. The stylesheet applied, named resolve_topurl.xsl
(key = RT) substitutes where requested the URL of the interface, that
can no longer be inferred in JavaScript from the current URL (that now
refers to UWOBO).

Hopefully, together with the previous modification to recognize browsers
supporting only UNICODE or supporting only the symbol font, all the
known compatibility problems have been solved.
---

diff --git a/helm/on-line/html/library/control.html b/helm/on-line/html/library/control.html
index 28969b748..5c68710e1 100644
--- a/helm/on-line/html/library/control.html
+++ b/helm/on-line/html/library/control.html
@@ -1,11 +1,16 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
-"http://www.w3.org/TR/REC-html40/loose.dtd">
-<html>
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
+-->
+
+<html xmlns:subst="http://www.cs.unibo.it/helm/subst">
 <head>
 <title>Control panel</title>
-<script language="JavaScript" src="../../javascript/defaults.js"></script>
-<script language="JavaScript" src="../../javascript/utils.js"></script>
-<script language="JavaScript" src="../../javascript/control.js"></script>
+<!-- Note: <subst:script/> are substitued by the stylesheet with <script />  -->
+<!-- after changing @src in the concatenation of the interface URL with @src -->
+<subst:script language="JavaScript" src="/javascript/defaults.js" />
+<subst:script language="JavaScript" src="/javascript/utils.js" />
+<subst:script language="JavaScript" src="/javascript/control.js" />
 </head>
 <body bgcolor="#ffffff" text="#000000">
 <form>
@@ -17,7 +22,7 @@
     <td>
       <select name="output" onChange="updateOutput(this,document.forms[0].format)">
       <script>
-	var mode = getParam('mode');
+	var mode = getParam2('mode');
 	var mode_list = mode.split(',');
 	outputOption(document, "processed", "Processed", mode_list[0]);
 	outputOption(document, "raw", "Raw", mode_list[0]);
@@ -27,7 +32,7 @@
     <td>
       <select name="format" onChange="updateFormat(this)">
       <script>
-	var mode = getParam('mode');
+	var mode = getParam2('mode');
 	var mode_list = mode.split(',');
 	if (mode_list[0] == "raw") {
 	  outputOption(document, "cic",   "CIC", mode_list[1]);
@@ -43,27 +48,32 @@
     </td>
     <td>
      <script>
+<![CDATA[
        document.write('<a target="_top" href="' +
-         getParam('topurl') + '/html/library/index.html' +
+         getParam2('topurl') + '/html/library/index.html' +
 	 '" onClick="refreshReload()">Reload</a>');
+]]>
      </script>
-     <br>
+     <br />
      (do it also before attempting to take a link to the current page)
      <script>
-       top.processorURL = getParam('processorURL');
-       top.getterURL = getParam('getterURL');
-       top.UNICODEvsSYMBOL = getParam('UNICODEvsSYMBOL');
-       top.topurl = getParam('topurl');
-       top.mode = getParam('mode');
-       top.cicuri = getParam('cicuri');
-       top.theoryuri = getParam('theoryuri');
+<![CDATA[
+       top.processorURL = getParam2('processorURL');
+       top.getterURL = getParam2('getterURL');
+       top.UNICODEvsSYMBOL = getParam2('UNICODEvsSYMBOL');
+       top.topurl = getParam2('topurl');
+       top.mode = getParam2('mode');
+       top.cicuri = getParam2('cicuri');
+       top.theoryuri = getParam2('theoryuri');
+]]>
      </script>
     </td>
   </tr>
   <tr>
     <td colspan="3">
       <script>
-	var mode = getParam('mode');
+<![CDATA[
+	var mode = getParam2('mode');
 	var mode_list = mode.split(',');
 	if (mode_list[0] == "raw") {
          outputCheckbox(document, "updateCompressed(this)",
@@ -76,14 +86,17 @@
          outputCheckbox(document, "updateAnnotations(this)",
           "&nbsp;Annotations", mode_list[4] == "yes");
         }
+]]>
       </script>
     </td>
     <td>
      <script>
-       document.write('<a target="_top" href="../../html/index.html' +
-	 '" onClick="refreshReload()">Configuration Panel</a>');
+<![CDATA[
+       document.write('<a target="_top" href=""' +
+	 ' onClick="refreshReload()">Configuration Panel</a>');
+]]>
      </script>
-     <br>
+     <br />
     </td>
   </tr>
 </table>
diff --git a/helm/on-line/html/library/index.html b/helm/on-line/html/library/index.html
index 62d4b63a7..87a8f4491 100644
--- a/helm/on-line/html/library/index.html
+++ b/helm/on-line/html/library/index.html
@@ -1,63 +1,81 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
-"http://www.w3.org/TR/REC-html40/loose.dtd">
-<html>
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
+-->
+
+<html xmlns:subst="http://www.cs.unibo.it/helm/subst">
 <head>
- <script language="JavaScript" src="../../javascript/defaults.js"></script>
- <script language="JavaScript" src="../../javascript/utils.js"></script>
- <title>Index</script></title>
+<!-- Note: <subst:script/> are substitued by the stylesheet with <script />  -->
+<!-- after changing @src in the concatenation of the interface URL with @src -->
+<subst:script language="JavaScript" src="/javascript/defaults.js" />
+<subst:script language="JavaScript" src="/javascript/utils.js" />
+<title>Index</title>
 </head>
 <script>
+  var topurl = "<subst:topurl/>";
+<![CDATA[
   document.write('<frameset rows="18%,*" border="0" scrolling="no">');
-  document.write('<frame src="control.html' +
-    	'?topurl=' + chopSlash(chopSlash(chopSlash(location.protocol + "//" + location.host + location.pathname))) +
-	'&mode=' + getParam('mode') +
-	'&cicuri=' + getParam('cicuri') +
-	'&theoryuri=' + getParam('theoryuri') +
-	'&processorURL=' + getParam('processorURL') +
-	'&getterURL=' + getParam('getterURL') +
-	'&UNICODEvsSYMBOL=' + getParam('UNICODEvsSYMBOL') +
-	'" name="control"/>');
+  var control_frame_URL=
+        topurl + '/html/library/control.html' +
+    	'?topurl=' + topurl +
+	'&mode=' + getParam2('mode') +
+	'&cicuri=' + getParam2('cicuri') +
+	'&theoryuri=' + getParam2('theoryuri') +
+	'&processorURL=' + getParam2('processorURL') +
+	'&getterURL=' + getParam2('getterURL') +
+	'&UNICODEvsSYMBOL=' + getParam2('UNICODEvsSYMBOL');
+  var escaped_control_frame_URL = escape(control_frame_URL);
+  document.write('<frame src="' +
+        getParam2('processorURL') + 'apply' +
+  	'?keys=RT' +
+        '&param.topurl=' + topurl +
+        '&xmluri=' + escaped_control_frame_URL + '" name="control"/>');
   document.write('<frameset cols="50%,50%" border="0" scrolling="no">');
   document.write('<frameset rows="11%,*" border="0" scrolling="no">');
   document.write('<frame src="' +
-  	getParam('processorURL') + 'apply' +
+  	getParam2('processorURL') + 'apply' +
 	'?keys=GP' +
-	'&xmluri=' + location.protocol + "//" + location.host + chopSlash(location.pathname) + "/header.html" +
-	'&param.uri=' + getParam('theoryuri') + 
+	//'&xmluri=' + location.protocol + "//" + location.host + chopSlash(location.pathname) + "/header.html" +
+	'&xmluri=' + topurl + '/html/library/header.html' +
+	'&param.uri=' + getParam2('theoryuri') + 
 	'" name="theoryheader"/>');
   document.write('<frame src="' +
-  	getParam('processorURL') + 'apply' +
+  	getParam2('processorURL') + 'apply' +
 	'?keys=L2H' +
-	'&xmluri=' + escape(getParam('getterURL') + 'ls?format=xml&baseuri=' + getParam('theoryuri')) +
+	'&xmluri=' + escape(getParam2('getterURL') + 'ls?format=xml&baseuri=' + getParam2('theoryuri')) +
         '&param.keys=L2H' +
-	'&param.uri=' + getParam('theoryuri') +
-	'&param.getterURL=' + getParam('getterURL') +
-	'&param.UNICODEvsSYMBOL=' + getParam('UNICODEvsSYMBOL') +
+	'&param.uri=' + getParam2('theoryuri') +
+	'&param.getterURL=' + getParam2('getterURL') +
+	'&param.UNICODEvsSYMBOL=' + getParam2('UNICODEvsSYMBOL') +
         '&param.target=theory' +
-	'&param.interfaceURL=' + location.protocol + "//" + location.host + chopSlash(chopSlash(chopSlash(location.pathname))) + 
+	//'&param.interfaceURL=' + location.protocol + "//" + location.host + chopSlash(chopSlash(chopSlash(location.pathname))) + 
+	'&param.interfaceURL=' + topurl +
 	'" name="theoryresult"/>');
   document.write('</frameset>');
   document.write('<frameset rows="11%,*" border="0" scrolling="no">');
   document.write('<frame src="' +
-  	getParam('processorURL') + 'apply' +
+  	getParam2('processorURL') + 'apply' +
 	'?keys=GP' +
-	'&xmluri=' + location.protocol + "//" + location.host + chopSlash(location.pathname) + "/header.html" +
-	'&param.uri=' + getParam('cicuri') + 
+	//'&xmluri=' + location.protocol + "//" + location.host + chopSlash(location.pathname) + "/header.html" +
+	'&xmluri=' + topurl + '/html/library/header.html' +
+	'&param.uri=' + getParam2('cicuri') + 
 	'" name="cicheader"/>');
   document.write('<frame src="' +
-  	getParam('processorURL') + 'apply' +
+  	getParam2('processorURL') + 'apply' +
 	'?keys=L2H' +
-	'&xmluri=' + escape(getParam('getterURL') + 'ls?format=xml&baseuri=' + getParam('cicuri')) +
+	'&xmluri=' + escape(getParam2('getterURL') + 'ls?format=xml&baseuri=' + getParam2('cicuri')) +
         '&param.keys=L2H' +
-	'&param.uri=' + getParam('cicuri') +
-	'&param.getterURL=' + getParam('getterURL') +
-	'&param.UNICODEvsSYMBOL=' + getParam('UNICODEvsSYMBOL') +
+	'&param.uri=' + getParam2('cicuri') +
+	'&param.getterURL=' + getParam2('getterURL') +
+	'&param.UNICODEvsSYMBOL=' + getParam2('UNICODEvsSYMBOL') +
         '&param.target=cic' +
-	'&param.interfaceURL=' + location.protocol + "//" + location.host + chopSlash(chopSlash(chopSlash(location.pathname))) +
+	//'&param.interfaceURL=' + location.protocol + "//" + location.host + chopSlash(chopSlash(chopSlash(location.pathname))) +
+	'&param.interfaceURL=' + topurl +
 	'" name="cicresult"/>');
   document.write('</frameset>');
   document.write('</frameset>');
   document.write('</frameset>');
+]]>
 </script>
 
 </html>
diff --git a/helm/on-line/javascript/control.js b/helm/on-line/javascript/control.js
index e40ea4210..472100b9f 100644
--- a/helm/on-line/javascript/control.js
+++ b/helm/on-line/javascript/control.js
@@ -30,7 +30,15 @@ function updateOutput(output,format)
     updateMode(0, new_mode);
     if (new_mode == "raw") updateMode(2, format.options[format.selectedIndex].value);
     else updateMode(1, format.options[format.selectedIndex].value);
-    location.search = dest + top.mode;
+
+    var href =
+     top.processorURL + 'apply' +
+     '?keys=RT' +
+     '&param.topurl=' + topurl +
+     '&xmluri=' +
+     escape(top.topurl + '/html/library/control.html' + dest + top.mode);
+    
+    location.href = href;
   }
 }
 
@@ -86,14 +94,23 @@ function refreshReload()
       "&getterURL=" + top.getterURL +
       "&UNICODEvsSYMBOL=" + top.UNICODEvsSYMBOL;
 
-   top.frames[0].document.links[0].search = search;
-   top.frames[0].document.links[1].search = search;
+   var href =
+    top.processorURL + 'apply' +
+    '?keys=RT' +
+    '&param.topurl=' + top.topurl +
+    '&xmluri=' +
+    escape(top.topurl + '/html/library/index.html' + search);
+    
+   top.frames[0].document.links[0].href = href;
+   top.frames[0].document.links[1].href =
+    top.topurl + '/html/index.html' + search;
 
    return true;
 }
 
 function refreshcicHeader(headerURL)
 {
+// Qui e sotto da modificare per usare UWOBO!!!
    top.cicheader.location.search = "?keys=GP&xmluri=" + headerURL + "&param.uri=" + top.cicuri;
    return true;
 }
diff --git a/helm/on-line/javascript/prelude.js b/helm/on-line/javascript/prelude.js
index 12862e545..8b44e1471 100644
--- a/helm/on-line/javascript/prelude.js
+++ b/helm/on-line/javascript/prelude.js
@@ -75,6 +75,11 @@ function getUNICODEvsSYMBOL()
    return document.UNICODEvsSYMBOL.radioUNICODEvsSYMBOL[1].value;
 }
 
+function chopSlash(url)
+{
+  return url.slice(0,url.lastIndexOf('/'));
+}
+
 function refreshLinks()
 {
   var search = top.location.search;
@@ -99,12 +104,25 @@ function refreshLinks()
     "?processorURL=" + getUwoboURL() +
     "&getterURL=" + getGetterURL();
 
-  document.links[4].href = "../html/library/index.html?cicuri=" + cicuri
-     + "&theoryuri=" + theoryuri
-     + "&mode=" + mode
-     + "&processorURL=" + getUwoboURL()
-     + "&getterURL=" + getGetterURL()
-     + "&UNICODEvsSYMBOL=" + getUNICODEvsSYMBOL();
+  var topurl =
+   chopSlash(chopSlash(
+    document.location.protocol + '//' +
+    document.location.host +
+    document.location.pathname));
+  document.links[4].href =
+     getUwoboURL() + "apply" +
+      "?keys=RT" +
+      "&param.topurl=" + topurl +
+      "&xmluri=" +
+      escape(
+       topurl + "/html/library/index.html" +
+       "?cicuri=" + cicuri +
+       "&theoryuri=" + theoryuri +
+       "&mode=" + mode +
+       "&processorURL=" + getUwoboURL() +
+       "&getterURL=" + getGetterURL() +
+       "&UNICODEvsSYMBOL=" + getUNICODEvsSYMBOL()
+      );
 }
 
 function selectUwoboURL(ss)
diff --git a/helm/on-line/javascript/utils.js b/helm/on-line/javascript/utils.js
index 1b637dcf4..d7903ef62 100644
--- a/helm/on-line/javascript/utils.js
+++ b/helm/on-line/javascript/utils.js
@@ -35,10 +35,8 @@ function extractParam(url,name)
   return value;
 }
 
-function getParam(name)
+function getParam0(search,name)
 {
-  var search = location.search;
-  search = search.slice(1);
   var args = search.split("&");
   var value = "???";
 
@@ -52,6 +50,23 @@ function getParam(name)
   return value;
 }
 
+function getParam(name)
+{
+  return getParam0(location.search.slice(1),name);
+}
+
+function getParam2(name)
+{
+  var url = unescape(getParam('xmluri'));
+  var tmp = url.split("?");
+
+  if (tmp.length > 1)
+     return getParam0(tmp[1],name);
+  else
+     return getDefaultParam(name);
+}
+
+
 function outputOption(doc, value, content, selected)
 {
   doc.write("<option value=\"" + value + "\" ");
diff --git a/helm/on-line/xslt/ls2html.xsl b/helm/on-line/xslt/ls2html.xsl
index 606d750f8..105c9ed3f 100644
--- a/helm/on-line/xslt/ls2html.xsl
+++ b/helm/on-line/xslt/ls2html.xsl
@@ -43,6 +43,7 @@
    <img border="0" src="{concat($interfaceURL,'/icons/',$icon)}" alt="[{$alt}]"/>
   </td>
   <td>
+<!-- Substituted with next lines to avoid Mozilla 0.8 bug setting this.search
     <a
       onClick=
        "top.{$target}uri='{$uri}';
@@ -57,6 +58,23 @@
       onMouseOver="window.status='{$uri}'; return true"
       href="apply"
    ><xsl:value-of select="$basename"/></a>
+-->
+    <a
+      onClick=
+       "top.{$target}uri='{$uri}';
+        refresh{$target}Header('{$interfaceURL}/html/library/header.html');
+        var search='?keys={$keys}' +
+         '&amp;xmluri=' + escape('{$getterURL}ls?format=xml'+'&amp;baseuri={$uri}')+
+         '&amp;param.uri={$uri}' +
+         '&amp;param.keys={$keys}' +
+         '&amp;param.getterURL={$getterURL}' +
+         '&amp;param.target={$target}' +
+         '&amp;param.interfaceURL={$interfaceURL}';
+        this.href=
+         this.protocol + '//' + this.host + this.pathname + search + this.hash;"
+      onMouseOver="window.status='{$uri}'; return true"
+      href="apply"
+   ><xsl:value-of select="$basename"/></a>
   </td>
  </tr>
 </xsl:template>
diff --git a/helm/on-line/xslt/resolve_topurl.xsl b/helm/on-line/xslt/resolve_topurl.xsl
new file mode 100644
index 000000000..fbd9d44a0
--- /dev/null
+++ b/helm/on-line/xslt/resolve_topurl.xsl
@@ -0,0 +1,28 @@
+<?xml version="1.0"?>
+
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                              xmlns:subst="http://www.cs.unibo.it/helm/subst">
+
+<xsl:output
+           method="html" 
+           encoding="ISO-8859-1" 
+           media-type="text/html" />
+
+<xsl:param name="topurl" select="''"/>
+
+<xsl:template match="subst:script">
+ <script language="{@language}" src="{concat($topurl,@src)}"></script>
+</xsl:template>
+
+<xsl:template match="subst:topurl">
+ <xsl:value-of select="$topurl"/>
+</xsl:template>
+
+<xsl:template match="/|*">
+ <xsl:copy>
+  <xsl:copy-of select="@*"/>
+  <xsl:apply-templates/>
+ </xsl:copy>
+</xsl:template>
+
+</xsl:stylesheet>