1 20 package org.enhydra.barracuda.core.helper.servlet; 21 22 import java.io.*; 23 import javax.servlet.*; 24 import javax.servlet.http.*; 25 26 import org.apache.log4j.*; 27 28 import org.w3c.dom.*; 29 import org.w3c.dom.html.*; 30 31 import org.enhydra.barracuda.core.comp.*; 32 import org.enhydra.barracuda.core.comp.scripting.*; 33 import org.enhydra.barracuda.core.view.*; 34 35 36 45 public class ScriptDetector { 46 protected static final Logger logger = Logger.getLogger(ScriptDetector.class.getName()); 48 49 53 public static boolean DETECT_CLIENT_SCRIPTING_ENABLED = false; 58 59 64 public static final String SCRIPT_FLAG = "$csjs"; 65 66 70 private static final String UNIQUE_FLAG = "$u"; 71 72 91 public static boolean checkClientReq(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException { 92 if (DETECT_CLIENT_SCRIPTING_ENABLED && 95 req.getParameter(SCRIPT_FLAG)==null) { 96 97 resp.setHeader("Cache-Control","no-cache"); 100 resp.setDateHeader("Expires", System.currentTimeMillis()); 101 102 resp.setContentType("text/html"); 104 PrintWriter out = resp.getWriter(); 105 106 String queryStr = req.getQueryString(); 109 if (queryStr==null) queryStr = SCRIPT_FLAG; 110 else queryStr += "&"+SCRIPT_FLAG; 111 String url = new StringBuffer (60).append(req.getRequestURI()).append("?").append(queryStr).toString(); 112 113 out.println("<html>"); 114 out.println(" <head>"); 115 out.println(" <title></title>"); 116 out.print (" <script type=\"text/javascript\">location.replace('");out.print(url);out.println("=true');</script>"); 117 out.print (" <noscript><meta http-equiv=\"REFRESH\" CONTENT=\"0; URL=");out.print(url);out.println("=false\"></noscript>"); 118 out.println(" </head>"); 119 out.println(" <body>"); 120 out.print (" <h3>Redirecting...</h3><p>If you are not automatically redirected, please click <a HREF=\"");out.print(url);out.println("=false\">here</a></p>"); 121 out.println(" </body>"); 122 out.println("</html>"); 123 124 resp.flushBuffer(); return true; 127 } 128 return false; 129 } 130 131 149 public static void prepareClientResp(HTMLDocument doc, ViewContext vc) { 150 if (DETECT_CLIENT_SCRIPTING_ENABLED) { 151 String unique = generateUniqueString(); 153 HTMLElement bodyEl = doc.getBody(); 156 if (bodyEl!=null) { 157 BScript bsComp = new BScript(BScript.ON_LOAD, "sc_CheckPage();"); 158 bsComp.addResource(ResourceGateway.EXT_RESOURCE_ID+BScriptResource.JS_SCRIPTING_CHECK); 159 bsComp.setView(new DefaultView(bodyEl)); 160 bsComp.initCycle(); 161 try {bsComp.render(vc);} 162 catch (RenderException e) {logger.error("Fatal error rendering ScriptDetector code");} 163 bsComp.destroyCycle(); 164 } 165 166 HTMLCollection forms = doc.getForms(); 168 for (int i=0; i<forms.getLength(); i++) { 169 Node form = forms.item(i); 170 171 Element el = doc.createElement("input"); 173 el.setAttribute("name",SCRIPT_FLAG); 174 el.setAttribute("value","false"); 175 el.setAttribute("type","hidden"); 176 form.appendChild(el); 177 178 } 185 186 HTMLCollection links = doc.getLinks(); for (int i=0; i<links.getLength(); i++) { 189 Element el = (Element) links.item(i); 190 String href = el.getAttribute("href"); 191 el.setAttribute("href", getURLWithScriptFlag(href, unique, false, true)); 192 } 193 } 194 } 195 196 204 208 230 public static void prepareClientResp(Document doc, ViewContext vc) throws DOMException { 231 if (DETECT_CLIENT_SCRIPTING_ENABLED) { 232 if (doc instanceof HTMLDocument) { 233 prepareClientResp((HTMLDocument) doc, vc); 234 } else { 237 } 240 } 241 } 242 243 251 public static String prepareRedirectURL(String url, ViewCapabilities vc) { 252 if (DETECT_CLIENT_SCRIPTING_ENABLED) { 253 String unique = generateUniqueString(); boolean scriptingEnabled = !(vc.getScriptingType() instanceof ScriptingType.None); 255 return getURLWithScriptFlag(url, unique, scriptingEnabled); 256 } else { 257 return url; 258 } 259 } 260 261 273 public static Boolean scriptingEnabled(HttpServletRequest req) { 274 String s = req.getParameter(SCRIPT_FLAG); 275 if (s==null) return null; 276 else return new Boolean (s.equals("true")); 277 } 278 279 296 private static String getURLWithScriptFlag(String url, String unique, boolean scriptingEnabled, boolean doHrefCheck) { 297 if (doHrefCheck) { 298 if (!url.startsWith("mailto:") && !url.startsWith("javascript:") 299 && !url.startsWith("data:") 300 && !url.startsWith("jar:") 301 && !(url.indexOf(SCRIPT_FLAG)>-1)) { return getURLWithScriptFlag(url, unique, scriptingEnabled); 303 } else { 304 return url; 305 } 306 } 307 return getURLWithScriptFlag(url, unique, scriptingEnabled); 308 } 309 310 319 private static String getURLWithScriptFlag(String url, String unique, boolean scriptingEnabled) { 320 String url2 = url; 321 String hash = ""; 322 int hashPos = url.indexOf("#"); 323 String sep = "?"; 324 if (url.indexOf(sep)>-1) sep = "&"; 325 if (hashPos>-1) { 326 url2 = url.substring(0,hashPos-1); 327 hash = url.substring(hashPos, url.length()); 328 } 329 return new StringBuffer (60).append(url2).append(sep).append(SCRIPT_FLAG).append("=").append(scriptingEnabled).append(hash).toString(); } 331 332 339 private static String generateUniqueString() { 340 return String.valueOf(new Object ().hashCode()); } 342 } 343 | Popular Tags |