From: Szymon Jastrzebski Date: Wed, 16 Aug 2017 09:06:03 +0000 (+0200) Subject: Revert "[Utils] Fix privilege bypass, StringCopy function" X-Git-Tag: submit/tizen_3.0/20170816.101851~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F42%2F144342%2F1;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git Revert "[Utils] Fix privilege bypass, StringCopy function" This reverts commit 3b71b0bac5e1bb09c50c97168dba1619b3ed40d6. Change-Id: I2e8c2480e2fa3632853ef35d7a457ffed19ae7ce Signed-off-by: Szymon Jastrzebski --- diff --git a/src/filesystem/js/common.js b/src/filesystem/js/common.js index e900cb32..adf52c7e 100644 --- a/src/filesystem/js/common.js +++ b/src/filesystem/js/common.js @@ -169,8 +169,6 @@ var commonFS_ = (function() { } function checkPathWithoutDots(aPath) { - aPath = xwalk.utils.StringCopy(aPath); - if (-1 !== aPath.indexOf('/../')) { return false; } diff --git a/src/utils/utils_api.js b/src/utils/utils_api.js index b9a4a83f..3c4d46ed 100644 --- a/src/utils/utils_api.js +++ b/src/utils/utils_api.js @@ -3,27 +3,21 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -//We're in a function set up by XWALK which 'use strict' mode, -//so we use below function to get out of the strict mode to get global 'this' -var _global = (new Function('return this'))(); - -var shallow_copy_own_elements = function(orig) { - var copy = {}; - //copy only own properties - var names = Object.getOwnPropertyNames(orig); - for( var i in names ) { - var key = names[i] - copy[key] = orig[key]; - } - return copy; -}; - -//xwalk.JSON: guaranteed to not being modified by the application programmer -exports.JSON = shallow_copy_own_elements(JSON); -Object.freeze(exports.JSON); +//Object xwalk.JSON - guaranteed to not being modified by the application programmer +var JSON_ = {stringify: JSON.stringify, parse: JSON.parse}; +Object.freeze(JSON_); +exports.JSON = JSON_; var _enableJsLogs = false; +var _global = {}; +if (typeof window != 'undefined') { + _global = window; +} +else if (typeof global != 'undefiend') { + _global = global; +} + /** * @deprecated Used only by validateArguments() */ @@ -152,21 +146,6 @@ function Utils() { }); } -var origString = String; -var StringPrototypeCopy = shallow_copy_own_elements(String.prototype); -Object.freeze(StringPrototypeCopy); - -var StringCopy = function(str) { - return Object.setPrototypeOf( new origString(str), StringPrototypeCopy ); -}; -StringCopy.fromCharCode = String.fromCharCode; -StringCopy.fromCodePoint = String.fromCodePoint; -StringCopy.raw = String.raw; -Object.freeze(StringCopy); - -//xwalk.utils.StringCopy: returns a sanitized version of String - user cannot modify its prototype -Utils.prototype.StringCopy = StringCopy; - Utils.prototype.error = console.error.bind(console); Utils.prototype.warn = console.warn.bind(console); Utils.prototype.log = _enableJsLogs ? console.log.bind(console) : function(){}; @@ -352,9 +331,8 @@ Type.prototype.isUndefined = function(obj) { }; Type.prototype.isA = function(obj, type) { - return obj !== undefined && obj !== null && - obj.constructor !== null && obj.constructor !== undefined && - obj.constructor.name === type; + var clas = Object.prototype.toString.call(obj).slice(8, -1); + return (obj !== undefined) && (obj !== null) && (clas === type); }; Type.prototype.isEmptyObject = function(obj) { @@ -497,7 +475,7 @@ Converter.prototype.toDouble = function(val, nullable) { }; function _toString(val) { - return StringCopy(val).toString(); + return String(val); } Converter.prototype.toString = function(val, nullable) { @@ -1040,7 +1018,7 @@ var NativeManager = function(extension) { }); extension_.setMessageListener(function(json) { - var msg = exports.JSON.parse(json); + var msg = JSON_.parse(json); var id; if (msg.hasOwnProperty(this.CALLBACK_ID_KEY)) { @@ -1104,7 +1082,7 @@ NativeManager.prototype.call = function(cmd, args, callback) { }; NativeManager.prototype.callSync = function(cmd, args) { - var request = exports.JSON.stringify({ + var request = JSON_.stringify({ cmd: cmd, args: args || {} }); @@ -1114,7 +1092,7 @@ NativeManager.prototype.callSync = function(cmd, args) { /* C++ extension didn't set sync response using Instance::SendSyncReply */ throw new WebAPIException(WebAPIException.ABORT_ERR, "Internal error"); } - return exports.JSON.parse(response); + return JSON_.parse(response); }; NativeManager.prototype.sendRuntimeMessage = function(msg, body) { @@ -1368,13 +1346,13 @@ var NativeBridge = (function (extension, debug) { var Bridge = function () {}; Bridge.prototype = { sync: function (data) { - var json = exports.JSON.stringify({ + var json = JSON_.stringify({ cmd: data.cmd, args: data }); if (debug) xwalk.utilss.log('bridge.sync, json: ' + json); var result = extension.internal.sendSyncMessage(json); - var obj = exports.JSON.parse(result); + var obj = JSON_.parse(result); if (obj.error) throw new WebAPIException(obj.code, obj.name, obj.message); return obj.result; @@ -1382,7 +1360,7 @@ var NativeBridge = (function (extension, debug) { async: function (data) { var l = new Listener(); data.cid = Listeners.getInstance().add(l); - var json = exports.JSON.stringify({ + var json = JSON_.stringify({ cmd: data.cmd, args: data }); @@ -1420,7 +1398,7 @@ var NativeBridge = (function (extension, debug) { */ if (debug) xwalk.utils.log('bridge.setMessageListener, json: ' + json); - var data = exports.JSON.parse(json); + var data = JSON_.parse(json); if (data.cid && data.action) { setTimeout(function() { Listeners.getInstance().resolve(data.cid, data.action, data.args, data.keep);