mapbox-wax-77e78c7/ 0000775 0001750 0001750 00000000000 12021614121 013102 5 ustar david david mapbox-wax-77e78c7/Makefile 0000664 0001750 0001750 00000004432 11730207611 014555 0 ustar david david UGLIFYJS = ./node_modules/.bin/uglifyjs BANNER = ./node_modules/.bin/banner dist: dist_setup dist/wax.ol.min.js \ dist/wax.g.min.js dist/wax.mm.min.js \ dist/wax.leaf.min.js dist/wax.p.min.js lint dist/wax.ol.min.js: cat build/header.js \ ext/reqwest.min.js \ ext/html-sanitizer-bundle.js \ ext/html-sanitizer-loosen.js \ ext/mustache.js \ connectors/ol/*.js \ control/lib/*.js \ control/ol/*.js > dist/wax.ol.js $(UGLIFYJS) dist/wax.ol.js > dist/wax.ol.min.js dist/wax.g.min.js: cat build/header.js \ ext/reqwest.min.js \ ext/html-sanitizer-bundle.js \ ext/html-sanitizer-loosen.js \ ext/mustache.js \ control/lib/*.js \ control/g/*.js \ connectors/g/*.js > dist/wax.g.js $(UGLIFYJS) dist/wax.g.js > dist/wax.g.min.js dist/wax.mm.min.js: cat build/header.js \ ext/reqwest.min.js \ ext/html-sanitizer-bundle.js \ ext/html-sanitizer-loosen.js \ ext/mustache.js \ control/lib/*.js \ control/mm/*.js \ connectors/mm/*.js > dist/wax.mm.js $(UGLIFYJS) dist/wax.mm.js > dist/wax.mm.min.js dist/wax.leaf.min.js: cat build/header.js \ ext/reqwest.min.js \ ext/html-sanitizer-bundle.js \ ext/html-sanitizer-loosen.js \ ext/mustache.js \ control/lib/*.js \ control/leaf/*.js \ connectors/leaf/*.js > dist/wax.leaf.js $(UGLIFYJS) dist/wax.leaf.js > dist/wax.leaf.min.js dist/wax.p.min.js: cat build/header.js \ ext/reqwest.min.js \ control/lib/*.js \ connectors/p/*.js > dist/wax.p.js $(UGLIFYJS) dist/wax.p.js > dist/wax.p.min.js dist_setup: rm -rf dist rm -rf build mkdir dist mkdir build $(BANNER) package.json > build/header.js ext: -test ! -d ext && mkdir ext wget --no-check-certificate http://openlayers.org/api/2.10/OpenLayers.js -O ext/OpenLayers.js wget --no-check-certificate https://raw.github.com/CloudMade/Leaflet/master/dist/leaflet.js -O ext/leaflet.js wget --no-check-certificate https://raw.github.com/CloudMade/Leaflet/master/dist/leaflet.css -O ext/leaflet.css wget --no-check-certificate https://raw.github.com/CloudMade/Leaflet/master/dist/leaflet.ie.css -O ext/leaflet.ie.css wget --no-check-certificate https://github.com/stamen/modestmaps-js/raw/v0.17.0/modestmaps.min.js -O ext/modestmaps.min.js lint: ./node_modules/.bin/jshint control/lib/*.js control/mm/*.js control/leaf/*.js --config=jshint.json .PHONY: clean ext mapbox-wax-77e78c7/ext/ 0000775 0001750 0001750 00000000000 12021614121 013702 5 ustar david david mapbox-wax-77e78c7/ext/html-sanitizer-loosen.js 0000664 0001750 0001750 00000000204 11730207611 020513 0 ustar david david // Loosen restrictions of Caja's // html-sanitizer to allow for styling html4.ATTRIBS['*::style'] = 0; html4.ELEMENTS['style'] = 0; mapbox-wax-77e78c7/ext/html4-defs.js 0000664 0001750 0001750 00000022317 11071120647 016225 0 ustar david david // Copyright (C) 2008 Google Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. /** * @fileoverview * Whitelists of HTML elements and attributes. * * @author mikesamuel@gmail.com */ /** @namespace */ var html4 = {}; /** * HTML element flags. * @enum {number} */ html4.eflags = { OPTIONAL_ENDTAG: 1, BREAKS_FLOW: 2, EMPTY: 4, NAVIGATES: 8, CDATA: 0x10, RCDATA: 0x20, UNSAFE: 0x40, /** * Elements that can be removed from the DOM without changing behavior as long * as their children are folded into the element's parent. * The set of FOLDABLE elements should be kept in sync with * HtmlSanitizer.java#isElementFoldable. */ FOLDABLE: 0x80 }; /** * HTML attribute flags. * @enum {number} */ html4.atype = { SCRIPT: 1, STYLE: 2, IDREF: 3, NAME: 4, NMTOKENS: 5, URI: 6, FRAME: 7 }; /** * Maps HTML4 element names to flag bitsets. * Since this is a whitelist, be sure to do * {@code html4.ELEMENTS.hasOwnProperty} to determine whether or not an element * is allowed. */ html4.ELEMENTS = { 'a' : html4.eflags.NAVIGATES, 'abbr' : 0, 'acronym' : 0, 'address' : 0, 'applet' : html4.eflags.UNSAFE, 'area' : html4.eflags.EMPTY | html4.eflags.NAVIGATES, 'b' : 0, // Changes the meaning of URIs 'base' : html4.eflags.UNSAFE | html4.eflags.EMPTY, // Affects global styles. 'basefont' : html4.eflags.UNSAFE | html4.eflags.EMPTY, 'bdo' : 0, 'big' : 0, 'blockquote' : html4.eflags.BREAKS_FLOW, // Attributes merged into global body. 'body' : (html4.eflags.FOLDABLE | html4.eflags.OPTIONAL_ENDTAG | html4.eflags.UNSAFE), 'br' : html4.eflags.EMPTY | html4.eflags.BREAKS_FLOW, 'button' : 0, 'caption' : 0, 'center' : html4.eflags.BREAKS_FLOW, 'cite' : 0, 'code' : 0, 'col' : html4.eflags.EMPTY, 'colgroup' : html4.eflags.OPTIONAL_ENDTAG, 'dd' : html4.eflags.OPTIONAL_ENDTAG | html4.eflags.BREAKS_FLOW, 'del' : 0, 'dfn' : 0, 'dir' : html4.eflags.BREAKS_FLOW, 'div' : html4.eflags.BREAKS_FLOW, 'dl' : html4.eflags.BREAKS_FLOW, 'dt' : html4.eflags.OPTIONAL_ENDTAG | html4.eflags.BREAKS_FLOW, 'em' : 0, 'fieldset' : 0, 'font' : 0, 'form' : html4.eflags.BREAKS_FLOW | html4.eflags.NAVIGATES, 'frame' : html4.eflags.UNSAFE | html4.eflags.EMPTY, // Attributes merged into global frameset. 'frameset' : html4.eflags.UNSAFE, 'h1' : html4.eflags.BREAKS_FLOW, 'h2' : html4.eflags.BREAKS_FLOW, 'h3' : html4.eflags.BREAKS_FLOW, 'h4' : html4.eflags.BREAKS_FLOW, 'h5' : html4.eflags.BREAKS_FLOW, 'h6' : html4.eflags.BREAKS_FLOW, 'head' : (html4.eflags.FOLDABLE | html4.eflags.OPTIONAL_ENDTAG | html4.eflags.BREAKS_FLOW | html4.eflags.UNSAFE), 'hr' : html4.eflags.EMPTY | html4.eflags.BREAKS_FLOW, 'html' : (html4.eflags.FOLDABLE | html4.eflags.OPTIONAL_ENDTAG | html4.eflags.BREAKS_FLOW | html4.eflags.UNSAFE), 'i' : 0, 'iframe' : html4.eflags.UNSAFE, 'img' : html4.eflags.EMPTY, 'input' : html4.eflags.EMPTY, 'ins' : 0, 'isindex' : (html4.eflags.UNSAFE | html4.eflags.EMPTY | html4.eflags.BREAKS_FLOW | html4.eflags.NAVIGATES), 'kbd' : 0, 'label' : 0, 'legend' : 0, 'li' : html4.eflags.OPTIONAL_ENDTAG | html4.eflags.BREAKS_FLOW, // Can load global styles. 'link' : html4.eflags.UNSAFE | html4.eflags.EMPTY, 'map' : 0, 'menu' : html4.eflags.BREAKS_FLOW, // Can override document headers and encoding, or cause navigation. 'meta' : html4.eflags.UNSAFE | html4.eflags.EMPTY, // Ambiguous tokenization. Content is CDATA/PCDATA depending on browser. 'noframes' : html4.eflags.UNSAFE | html4.eflags.BREAKS_FLOW, // Ambiguous tokenization. Content is CDATA/PCDATA depending on browser. 'noscript' : html4.eflags.UNSAFE, 'object' : html4.eflags.UNSAFE, 'ol' : html4.eflags.BREAKS_FLOW, 'optgroup' : 0, 'option' : html4.eflags.OPTIONAL_ENDTAG, 'p' : html4.eflags.OPTIONAL_ENDTAG | html4.eflags.BREAKS_FLOW, 'param' : html4.eflags.UNSAFE | html4.eflags.EMPTY, 'plaintext' : (html4.eflags.OPTIONAL_ENDTAG | html4.eflags.UNSAFE | html4.eflags.CDATA), 'pre' : html4.eflags.BREAKS_FLOW, 'q' : 0, 's' : 0, 'samp' : 0, 'script' : html4.eflags.UNSAFE | html4.eflags.CDATA, 'select' : 0, 'small' : 0, 'span' : 0, 'strike' : 0, 'strong' : 0, 'style' : html4.eflags.UNSAFE | html4.eflags.CDATA, 'sub' : 0, 'sup' : 0, 'table' : html4.eflags.BREAKS_FLOW, 'tbody' : html4.eflags.OPTIONAL_ENDTAG, 'td' : html4.eflags.OPTIONAL_ENDTAG | html4.eflags.BREAKS_FLOW, 'textarea' : html4.eflags.RCDATA, 'tfoot' : html4.eflags.OPTIONAL_ENDTAG, 'th' : html4.eflags.OPTIONAL_ENDTAG | html4.eflags.BREAKS_FLOW, 'thead' : html4.eflags.OPTIONAL_ENDTAG, 'title' : (html4.eflags.UNSAFE | html4.eflags.BREAKS_FLOW | html4.eflags.RCDATA), 'tr' : html4.eflags.OPTIONAL_ENDTAG | html4.eflags.BREAKS_FLOW, 'tt' : 0, 'u' : 0, 'ul' : html4.eflags.BREAKS_FLOW, 'var' : 0, 'xmp' : html4.eflags.CDATA }; /** * Maps HTML4 attribute names to flag bitsets. */ html4.ATTRIBS = { 'abbr' : 0, 'accept' : 0, 'accept-charset': 0, 'action' : html4.atype.URI, 'align' : 0, 'alink' : 0, 'alt' : 0, 'archive' : html4.atype.URI, 'axis' : 0, 'background' : html4.atype.URI, 'bgcolor' : 0, 'border' : 0, 'cellpadding' : 0, 'cellspacing' : 0, 'char' : 0, 'charoff' : 0, 'charset' : 0, 'checked' : 0, 'cite' : html4.atype.URI, 'class' : html4.atype.NMTOKENS, 'classid' : html4.atype.URI, 'clear' : 0, 'code' : 0, 'codebase' : html4.atype.URI, 'codetype' : 0, 'color' : 0, 'cols' : 0, 'colspan' : 0, 'compact' : 0, 'content' : 0, 'coords' : 0, 'data' : html4.atype.URI, 'datetime' : 0, 'declare' : 0, 'defer' : 0, 'dir' : 0, 'disabled' : 0, 'enctype' : 0, 'face' : 0, 'for' : html4.atype.IDREF, 'frame' : 0, 'frameborder' : 0, 'headers' : 0, 'height' : 0, 'href' : html4.atype.URI, 'hreflang' : 0, 'hspace' : 0, //'http-equiv' : 0, // unsafe 'id' : html4.atype.IDREF, 'ismap' : 0, 'label' : 0, 'lang' : 0, 'language' : 0, 'link' : 0, 'longdesc' : html4.atype.URI, 'marginheight' : 0, 'marginwidth' : 0, 'maxlength' : 0, 'media' : 0, 'method' : 0, 'multiple' : 0, 'name' : html4.atype.NAME, 'nohref' : 0, 'noresize' : 0, 'noshade' : 0, 'nowrap' : 0, 'object' : 0, 'onblur' : html4.atype.SCRIPT, 'onchange' : html4.atype.SCRIPT, 'onclick' : html4.atype.SCRIPT, 'ondblclick' : html4.atype.SCRIPT, 'onfocus' : html4.atype.SCRIPT, 'onkeydown' : html4.atype.SCRIPT, 'onkeypress' : html4.atype.SCRIPT, 'onkeyup' : html4.atype.SCRIPT, 'onload' : html4.atype.SCRIPT, 'onmousedown' : html4.atype.SCRIPT, 'onmousemove' : html4.atype.SCRIPT, 'onmouseout' : html4.atype.SCRIPT, 'onmouseover' : html4.atype.SCRIPT, 'onmouseup' : html4.atype.SCRIPT, 'onreset' : html4.atype.SCRIPT, 'onselect' : html4.atype.SCRIPT, 'onsubmit' : html4.atype.SCRIPT, 'onunload' : html4.atype.SCRIPT, 'profile' : html4.atype.URI, 'prompt' : 0, 'readonly' : 0, 'rel' : 0, 'rev' : 0, 'rows' : 0, 'rowspan' : 0, 'rules' : 0, 'scheme' : 0, 'scope' : 0, 'scrolling' : 0, 'selected' : 0, 'shape' : 0, 'size' : 0, 'span' : 0, 'src' : html4.atype.URI, 'standby' : 0, 'start' : 0, 'style' : html4.atype.STYLE, 'summary' : 0, 'tabindex' : 0, 'target' : html4.atype.FRAME, 'text' : 0, 'title' : 0, 'type' : 0, 'usemap' : html4.atype.URI, 'valign' : 0, 'value' : 0, 'valuetype' : 0, 'version' : 0, 'vlink' : 0, 'vspace' : 0, 'width' : 0 }; mapbox-wax-77e78c7/ext/html-sanitizer.js 0000664 0001750 0001750 00000104357 12002104352 017223 0 ustar david david // Copyright (C) 2006 Google Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. /** * @fileoverview * An HTML sanitizer that can satisfy a variety of security policies. * *
* The HTML sanitizer is built around a SAX parser and HTML element and
* attributes schemas.
*
* If the cssparser is loaded, inline styles are sanitized using the
* css property and value schemas. Else they are remove during
* sanitization.
*
* If it exists, uses parseCssDeclarations, sanitizeCssProperty, cssSchema
*
* @author mikesamuel@gmail.com
* @author jasvir@gmail.com
* \@requires html4
* \@overrides window
* \@provides html, html_sanitize
*/
// The Turkish i seems to be a non-issue, but abort in case it is.
if ('I'.toLowerCase() !== 'i') { throw 'I/i problem'; }
/**
* \@namespace
*/
var html = (function(html4) {
// For closure compiler
var parseCssDeclarations, sanitizeCssProperty, cssSchema;
if ('undefined' !== typeof window) {
parseCssDeclarations = window['parseCssDeclarations'];
sanitizeCssProperty = window['sanitizeCssProperty'];
cssSchema = window['cssSchema'];
}
// The keys of this object must be 'quoted' or JSCompiler will mangle them!
var ENTITIES = {
'lt': '<',
'gt': '>',
'amp': '&',
'nbsp': '\240',
'quot': '"',
'apos': '\''
};
var decimalEscapeRe = /^#(\d+)$/;
var hexEscapeRe = /^#x([0-9A-Fa-f]+)$/;
/**
* Decodes an HTML entity.
*
* {\@updoc
* $ lookupEntity('lt')
* # '<'
* $ lookupEntity('GT')
* # '>'
* $ lookupEntity('amp')
* # '&'
* $ lookupEntity('nbsp')
* # '\xA0'
* $ lookupEntity('apos')
* # "'"
* $ lookupEntity('quot')
* # '"'
* $ lookupEntity('#xa')
* # '\n'
* $ lookupEntity('#10')
* # '\n'
* $ lookupEntity('#x0a')
* # '\n'
* $ lookupEntity('#010')
* # '\n'
* $ lookupEntity('#x00A')
* # '\n'
* $ lookupEntity('Pi') // Known failure
* # '\u03A0'
* $ lookupEntity('pi') // Known failure
* # '\u03C0'
* }
*
* @param {string} name the content between the '&' and the ';'.
* @return {string} a single unicode code-point as a string.
*/
function lookupEntity(name) {
name = name.toLowerCase(); // TODO: π is different from Π
if (ENTITIES.hasOwnProperty(name)) { return ENTITIES[name]; }
var m = name.match(decimalEscapeRe);
if (m) {
return String.fromCharCode(parseInt(m[1], 10));
} else if (!!(m = name.match(hexEscapeRe))) {
return String.fromCharCode(parseInt(m[1], 16));
}
return '';
}
function decodeOneEntity(_, name) {
return lookupEntity(name);
}
var nulRe = /\0/g;
function stripNULs(s) {
return s.replace(nulRe, '');
}
var ENTITY_RE_1 = /&(#[0-9]+|#[xX][0-9A-Fa-f]+|\w+);/g;
var ENTITY_RE_2 = /^(#[0-9]+|#[xX][0-9A-Fa-f]+|\w+);/;
/**
* The plain text of a chunk of HTML CDATA which possibly containing.
*
* {\@updoc
* $ unescapeEntities('')
* # ''
* $ unescapeEntities('hello World!')
* # 'hello World!'
* $ unescapeEntities('1 < 2 && 4 > 3
')
* # '1 < 2 && 4 > 3\n'
* $ unescapeEntities('<< <- unfinished entity>')
* # '<< <- unfinished entity>'
* $ unescapeEntities('/foo?bar=baz©=true') // & often unescaped in URLS
* # '/foo?bar=baz©=true'
* $ unescapeEntities('pi=ππ, Pi=Π\u03A0') // FIXME: known failure
* # 'pi=\u03C0\u03c0, Pi=\u03A0\u03A0'
* }
*
* @param {string} s a chunk of HTML CDATA. It must not start or end inside
* an HTML entity.
*/
function unescapeEntities(s) {
return s.replace(ENTITY_RE_1, decodeOneEntity);
}
var ampRe = /&/g;
var looseAmpRe = /&([^a-z#]|#(?:[^0-9x]|x(?:[^0-9a-f]|$)|$)|$)/gi;
var ltRe = /[<]/g;
var gtRe = />/g;
var quotRe = /\"/g;
/**
* Escapes HTML special characters in attribute values.
*
* {\@updoc
* $ escapeAttrib('')
* # ''
* $ escapeAttrib('"<<&==&>>"') // Do not just escape the first occurrence.
* # '"<<&==&>>"'
* $ escapeAttrib('Hello