diff options
| -rw-r--r-- | lib/js/urweb.js | 21 | ||||
| -rw-r--r-- | src/jscomp.sml | 19 | ||||
| -rw-r--r-- | src/settings.sml | 5 |
3 files changed, 41 insertions, 4 deletions
diff --git a/lib/js/urweb.js b/lib/js/urweb.js index 8ca6b89c..f98476b7 100644 --- a/lib/js/urweb.js +++ b/lib/js/urweb.js @@ -1182,5 +1182,26 @@ function confrm(s) { } +// URL blessing + +var urlRules = null; + +function checkUrl(s) { + for (var r = urlRules; r; r = r.next) { + var ru = r.data; + if (ru.prefix ? s.indexOf(ru.pattern) == 0 : s == ru.pattern) + return ru.allow ? s : null; + } + + return null; +} + +function bless(s) { + u = checkUrl(s); + if (u == null) + er("Disallowed URL: " + s); + return u; +} + // App-specific code diff --git a/src/jscomp.sml b/src/jscomp.sml index 6beb6a32..992a2e30 100644 --- a/src/jscomp.sml +++ b/src/jscomp.sml @@ -278,8 +278,8 @@ fun process file = fun unurlifyExp loc (t : typ, st) = case #1 t of - TRecord [] => ("null", st) - | TFfi ("Basis", "unit") => ("null", st) + TRecord [] => ("(i++,null)", st) + | TFfi ("Basis", "unit") => ("(i++,null)", st) | TRecord [(x, t)] => let val (e, st) = unurlifyExp loc (t, st) @@ -1285,9 +1285,22 @@ fun process file = | SOME line => lines (line :: acc) val lines = lines [] + val urlRules = foldr (fn (r, s) => + "cons({allow:" + ^ (if #action r = Settings.Allow then "true" else "false") + ^ ",prefix:" + ^ (if #kind r = Settings.Prefix then "true" else "false") + ^ ",pattern:\"" + ^ #pattern r + ^ "\"}," + ^ s + ^ ")") "null" (Settings.getUrlRules ()) + + val urlRules = "urlRules = " ^ urlRules ^ ";\n\n" + val script = if !foundJavaScript then - lines ^ String.concat (rev (#script st)) + lines ^ urlRules ^ String.concat (rev (#script st)) else "" in diff --git a/src/settings.sml b/src/settings.sml index b5ba4f9b..7a943217 100644 --- a/src/settings.sml +++ b/src/settings.sml @@ -207,7 +207,10 @@ val jsFuncsBase = basisM [("alert", "alert"), ("isspace", "isSpace"), ("isxdigit", "isXdigit"), ("tolower", "toLower"), - ("toupper", "toUpper")] + ("toupper", "toUpper"), + + ("checkUrl", "checkUrl"), + ("bless", "bless")] val jsFuncs = ref jsFuncsBase fun setJsFuncs ls = jsFuncs := foldl (fn ((k, v), m) => M.insert (m, k, v)) jsFuncsBase ls fun jsFunc x = M.find (!jsFuncs, x) |