summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/js/urweb.js21
-rw-r--r--src/jscomp.sml19
-rw-r--r--src/settings.sml5
3 files changed, 41 insertions, 4 deletions
diff --git a/lib/js/urweb.js b/lib/js/urweb.js
index 8ca6b89c..f98476b7 100644
--- a/lib/js/urweb.js
+++ b/lib/js/urweb.js
@@ -1182,5 +1182,26 @@ function confrm(s) {
}
+// URL blessing
+
+var urlRules = null;
+
+function checkUrl(s) {
+ for (var r = urlRules; r; r = r.next) {
+ var ru = r.data;
+ if (ru.prefix ? s.indexOf(ru.pattern) == 0 : s == ru.pattern)
+ return ru.allow ? s : null;
+ }
+
+ return null;
+}
+
+function bless(s) {
+ u = checkUrl(s);
+ if (u == null)
+ er("Disallowed URL: " + s);
+ return u;
+}
+
// App-specific code
diff --git a/src/jscomp.sml b/src/jscomp.sml
index 6beb6a32..992a2e30 100644
--- a/src/jscomp.sml
+++ b/src/jscomp.sml
@@ -278,8 +278,8 @@ fun process file =
fun unurlifyExp loc (t : typ, st) =
case #1 t of
- TRecord [] => ("null", st)
- | TFfi ("Basis", "unit") => ("null", st)
+ TRecord [] => ("(i++,null)", st)
+ | TFfi ("Basis", "unit") => ("(i++,null)", st)
| TRecord [(x, t)] =>
let
val (e, st) = unurlifyExp loc (t, st)
@@ -1285,9 +1285,22 @@ fun process file =
| SOME line => lines (line :: acc)
val lines = lines []
+ val urlRules = foldr (fn (r, s) =>
+ "cons({allow:"
+ ^ (if #action r = Settings.Allow then "true" else "false")
+ ^ ",prefix:"
+ ^ (if #kind r = Settings.Prefix then "true" else "false")
+ ^ ",pattern:\""
+ ^ #pattern r
+ ^ "\"},"
+ ^ s
+ ^ ")") "null" (Settings.getUrlRules ())
+
+ val urlRules = "urlRules = " ^ urlRules ^ ";\n\n"
+
val script =
if !foundJavaScript then
- lines ^ String.concat (rev (#script st))
+ lines ^ urlRules ^ String.concat (rev (#script st))
else
""
in
diff --git a/src/settings.sml b/src/settings.sml
index b5ba4f9b..7a943217 100644
--- a/src/settings.sml
+++ b/src/settings.sml
@@ -207,7 +207,10 @@ val jsFuncsBase = basisM [("alert", "alert"),
("isspace", "isSpace"),
("isxdigit", "isXdigit"),
("tolower", "toLower"),
- ("toupper", "toUpper")]
+ ("toupper", "toUpper"),
+
+ ("checkUrl", "checkUrl"),
+ ("bless", "bless")]
val jsFuncs = ref jsFuncsBase
fun setJsFuncs ls = jsFuncs := foldl (fn ((k, v), m) => M.insert (m, k, v)) jsFuncsBase ls
fun jsFunc x = M.find (!jsFuncs, x)