xmlgraphics-batik-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vha...@apache.org
Subject cvs commit: xml-batik/sources/org/apache/batik/swing/svg JSVGComponent.java
Date Fri, 14 Jun 2002 13:12:25 GMT
vhardy      2002/06/14 06:12:25

  Modified:    sources/org/apache/batik/apps/svgbrowser Application.java
                        JSVGViewerFrame.java Main.java
                        PreferenceDialog.java
               sources/org/apache/batik/bridge
                        BaseScriptingEnvironment.java
                        DefaultExternalResourceSecurity.java
                        DefaultScriptSecurity.java
                        NoLoadExternalResourceSecurity.java
                        ScriptingEnvironment.java
               test-resources/org/apache/batik/bridge unitTesting.xml
               resources/org/apache/batik/apps/svgbrowser/resources
                        GUI.properties
               resources/org/apache/batik/bridge/resources
                        Messages.properties
               test-sources/org/apache/batik/bridge
                        ExternalResourcesTest.java ScriptSelfTest.java
               test-sources/org/apache/batik/test/svg
                        SelfContainedSVGOnLoadTest.java
               sources/org/apache/batik/swing/svg JSVGComponent.java
  Added:       sources/org/apache/batik/apps/svgbrowser ResourceOrigin.java
               sources/org/apache/batik/bridge
                        EmbededExternalResourceSecurity.java
                        EmbededScriptSecurity.java
               test-resources/org/apache/batik/bridge ecmaCheckNoEmbed.svg
                        embedData.svg
  Log:
  Additional security features:
  
  - Strict control over ECMAScript. It is now possible to completely
    disable ECMAScript. Previously, it was only possible to disable
    linked ECMAScripts
  
  - Additional strategy for controlling script and external resource
    origin. It is now possible to constrain scripts or external 
    resources to be 'embeded' in the document. For scripts, that 
    means scripts in attribute, <script> element content or a 
    data url on the <script> element href attribute. For external
    resources, this means that only the data protocol is allowed.
  
  - Improved security settings in the PreferenceDialog.
  
  - Additional tests checking that security exceptions are thrown
    for embeded scripts or image href when this is disallowed by
    security settings.
  
  Test Infrastructure:
  
  - New generic test: SVGOnLoadExceptionTest. This is used by the 
    new tests, but these is a generic test which could be used for
    testing error processing.
  
  
  
  Revision  Changes    Path
  1.8       +9 -7      xml-batik/sources/org/apache/batik/apps/svgbrowser/Application.java
  
  Index: Application.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/Application.java,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- Application.java	13 Jun 2002 11:19:37 -0000	1.7
  +++ Application.java	14 Jun 2002 13:12:24 -0000	1.8
  @@ -84,15 +84,17 @@
       boolean canLoadScriptType(String scriptType);
   
       /**
  -     * Returns true if the script origin should be constrained
  -     * to be the same as the corresponding document's origin.
  +     * Returns the allowed origins for scripts.
  +     * @see ResourceOrigin
        */
  -    boolean constrainScriptOrigin();
  +    int getAllowedScriptOrigin();
   
       /**
  -     * Returns true if resources origin should be constrained to
  -     * be the same as the corresponding document's origin
  +     * Returns the allowed origins for external
  +     * resources. 
  +     *
  +     * @see ResourceOrigin.
        */
  -    boolean constrainExternalResourceOrigin();
  +    int getAllowedExternalResourceOrigin();
   
   }
  
  
  
  1.80      +31 -14    xml-batik/sources/org/apache/batik/apps/svgbrowser/JSVGViewerFrame.java
  
  Index: JSVGViewerFrame.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/JSVGViewerFrame.java,v
  retrieving revision 1.79
  retrieving revision 1.80
  diff -u -r1.79 -r1.80
  --- JSVGViewerFrame.java	13 Jun 2002 11:19:37 -0000	1.79
  +++ JSVGViewerFrame.java	14 Jun 2002 13:12:24 -0000	1.80
  @@ -46,6 +46,7 @@
   import java.io.Reader;
   
   import java.util.ArrayList;
  +import java.util.Enumeration;
   import java.util.HashMap;
   import java.util.Iterator;
   import java.util.LinkedList;
  @@ -58,6 +59,7 @@
   import java.util.zip.GZIPInputStream;
   
   import javax.swing.AbstractAction;
  +import javax.swing.AbstractButton;
   import javax.swing.Action;
   import javax.swing.BorderFactory;
   import javax.swing.ButtonGroup;
  @@ -81,7 +83,10 @@
   
   import org.apache.batik.bridge.DefaultScriptSecurity;
   import org.apache.batik.bridge.DefaultExternalResourceSecurity;
  +import org.apache.batik.bridge.EmbededScriptSecurity;
  +import org.apache.batik.bridge.EmbededExternalResourceSecurity;
   import org.apache.batik.bridge.NoLoadScriptSecurity;
  +import org.apache.batik.bridge.NoLoadExternalResourceSecurity;
   import org.apache.batik.bridge.RelaxedScriptSecurity;
   import org.apache.batik.bridge.ExternalResourceSecurity;
   import org.apache.batik.bridge.RelaxedExternalResourceSecurity;
  @@ -2180,14 +2185,21 @@
               if (!application.canLoadScriptType(scriptType)) {
                   return new NoLoadScriptSecurity(scriptType);
               } else {
  -                if (application.constrainScriptOrigin()) {
  -                    return new DefaultScriptSecurity(scriptType, 
  -                                                     scriptURL, 
  +                switch(application.getAllowedScriptOrigin()) {
  +                case ResourceOrigin.ANY:
  +                    return new RelaxedScriptSecurity(scriptType,
  +                                                     scriptURL,
                                                        docURL);
  -                } else {
  -                    return new RelaxedScriptSecurity(scriptType, 
  +                case ResourceOrigin.DOCUMENT:
  +                    return new DefaultScriptSecurity(scriptType,
  +                                                     scriptURL,
  +                                                     docURL);
  +                case ResourceOrigin.EMBEDED:
  +                    return new EmbededScriptSecurity(scriptType,
                                                        scriptURL,
                                                        docURL);
  +                default:
  +                    return new NoLoadScriptSecurity(scriptType);
                   }
               }
           }
  @@ -2214,11 +2226,12 @@
                                       ParsedURL scriptURL,
                                       ParsedURL docURL) throws SecurityException {
               ScriptSecurity s = getScriptSecurity(scriptType,
  -                                                 scriptURL,
  -                                                 docURL);
  +                                                     scriptURL,
  +                                                     docURL);
  +
               if (s != null) {
                   s.checkLoadScript();
  -            }
  +            } 
           }
   
           /**
  @@ -2235,12 +2248,17 @@
           public ExternalResourceSecurity 
               getExternalResourceSecurity(ParsedURL resourceURL,
                                           ParsedURL docURL){
  -            if (application.constrainExternalResourceOrigin()) {
  -                return new DefaultExternalResourceSecurity(resourceURL, 
  -                                                           docURL);
  -            } else {
  +            switch(application.getAllowedExternalResourceOrigin()) {
  +            case ResourceOrigin.ANY:
                   return new RelaxedExternalResourceSecurity(resourceURL,
                                                              docURL);
  +            case ResourceOrigin.DOCUMENT:
  +                return new DefaultExternalResourceSecurity(resourceURL,
  +                                                           docURL);
  +            case ResourceOrigin.EMBEDED:
  +                return new EmbededExternalResourceSecurity(resourceURL);
  +            default:
  +                return new NoLoadExternalResourceSecurity();
               }
           }
   
  @@ -2270,7 +2288,6 @@
                   s.checkLoadExternalResource();
               }
           }
  -        
       }
   
       /**
  
  
  
  1.34      +21 -15    xml-batik/sources/org/apache/batik/apps/svgbrowser/Main.java
  
  Index: Main.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/Main.java,v
  retrieving revision 1.33
  retrieving revision 1.34
  diff -u -r1.33 -r1.34
  --- Main.java	13 Jun 2002 11:19:37 -0000	1.33
  +++ Main.java	14 Jun 2002 13:12:24 -0000	1.34
  @@ -185,10 +185,10 @@
                        Boolean.TRUE);
           defaults.put(PreferenceDialog.PREFERENCE_KEY_LOAD_ECMASCRIPT,
                        Boolean.TRUE);
  -        defaults.put(PreferenceDialog.PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN,
  -                     Boolean.TRUE);
  -        defaults.put(PreferenceDialog.PREFERENCE_KEY_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN,
  -                     Boolean.FALSE);
  +        defaults.put(PreferenceDialog.PREFERENCE_KEY_ALLOWED_SCRIPT_ORIGIN,
  +                     new Integer(ResourceOrigin.DOCUMENT));
  +        defaults.put(PreferenceDialog.PREFERENCE_KEY_ALLOWED_EXTERNAL_RESOURCE_ORIGIN,
  +                     new Integer(ResourceOrigin.ANY));
   	
           securityEnforcer 
               = new ApplicationSecurityEnforcer(this.getClass(),
  @@ -582,20 +582,26 @@
       }
   
       /**
  -     * Returns true if the script origin should be constrained
  -     * to be the same as the corresponding document's origin.
  +     * Returns the allowed origins for scripts.
  +     * @see ResourceOrigin
        */
  -    public boolean constrainScriptOrigin(){
  -            return preferenceManager.getBoolean
  -                (PreferenceDialog.PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN);
  +    public int getAllowedScriptOrigin() {
  +        int ret = preferenceManager.getInteger
  +            (PreferenceDialog.PREFERENCE_KEY_ALLOWED_SCRIPT_ORIGIN);
  +
  +        return ret;
       }
   
       /**
  -     * Returns true if the external resource's origin should be 
  -     * constrained to be the same as the corresponding document's origin
  +     * Returns the allowed origins for external
  +     * resources. 
  +     * @see ResourceOrigin.
        */
  -    public boolean constrainExternalResourceOrigin() {
  -            return preferenceManager.getBoolean
  -                (PreferenceDialog.PREFERENCE_KEY_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN);
  +    public int getAllowedExternalResourceOrigin() {
  +        int ret = preferenceManager.getInteger
  +            (PreferenceDialog.PREFERENCE_KEY_ALLOWED_EXTERNAL_RESOURCE_ORIGIN);
  +
  +        return ret;
       }
  +
   }
  
  
  
  1.15      +129 -37   xml-batik/sources/org/apache/batik/apps/svgbrowser/PreferenceDialog.java
  
  Index: PreferenceDialog.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/PreferenceDialog.java,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- PreferenceDialog.java	13 Jun 2002 11:19:37 -0000	1.14
  +++ PreferenceDialog.java	14 Jun 2002 13:12:24 -0000	1.15
  @@ -23,9 +23,12 @@
   
   import java.util.Map;
   import java.util.Hashtable;
  +import java.util.Enumeration;
   
  +import javax.swing.AbstractButton;
   import javax.swing.border.Border;
   import javax.swing.BorderFactory;
  +import javax.swing.ButtonGroup;
   import javax.swing.Icon;
   import javax.swing.ImageIcon;
   import javax.swing.JButton;
  @@ -34,6 +37,7 @@
   import javax.swing.JLabel;
   import javax.swing.JList;
   import javax.swing.JPanel;
  +import javax.swing.JRadioButton;
   import javax.swing.JScrollPane;
   import javax.swing.JTabbedPane;
   import javax.swing.JTextField;
  @@ -134,12 +138,6 @@
       public static final String LABEL_LOAD_ECMASCRIPT
           = "PreferenceDialog.label.load.ecmascript";
   
  -    public static final String LABEL_CONSTRAIN_SCRIPT_ORIGIN
  -        = "PreferenceDialog.label.constrain.script.origin";
  -
  -    public static final String LABEL_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN
  -        = "PreferenceDialog.label.constrain.external.resource.origin";
  -
       public static final String LABEL_HOST
           = "PreferenceDialog.label.host";
   
  @@ -149,6 +147,27 @@
       public static final String LABEL_OK
           = "PreferenceDialog.label.ok";
   
  +    public static final String LABEL_LOAD_SCRIPTS
  +        = "PreferenceDialog.label.load.scripts";
  +
  +    public static final String LABEL_ORIGIN_ANY
  +        = "PreferenceDialog.label.origin.any";
  +
  +    public static final String LABEL_ORIGIN_DOCUMENT
  +        = "PreferenceDialog.label.origin.document";
  +
  +    public static final String LABEL_ORIGIN_EMBED
  +        = "PreferenceDialog.label.origin.embed";
  +
  +    public static final String LABEL_ORIGIN_NONE
  +        = "PreferenceDialog.label.origin.none";
  +
  +    public static final String LABEL_SCRIPT_ORIGIN
  +        = "PreferenceDialog.label.script.origin";
  +
  +    public static final String LABEL_RESOURCE_ORIGIN
  +        = "PreferenceDialog.label.resource.origin";
  +
       public static final String LABEL_CANCEL
           = "PreferenceDialog.label.cancel";
   
  @@ -220,11 +239,11 @@
       public static final String PREFERENCE_KEY_LOAD_JAVA
           = "preference.key.load.java.script";
   
  -    public static final String PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN
  -        = "preference.key.constrain.script.origin";
  +    public static final String PREFERENCE_KEY_ALLOWED_SCRIPT_ORIGIN
  +        = "preference.key.allowed.script.origin";
   
  -    public static final String PREFERENCE_KEY_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN
  -        = "preference.key.constrain.external.resource.origin";
  +    public static final String PREFERENCE_KEY_ALLOWED_EXTERNAL_RESOURCE_ORIGIN
  +        = "preference.key.allowed.external.resource.origin";
   
       /**
        * <tt>PreferenceManager</tt> used to store and retrieve
  @@ -265,9 +284,9 @@
   
       protected JCheckBox loadEcmascript;
   
  -    protected JCheckBox constrainScriptOrigin;
  +    protected ButtonGroup scriptOriginGroup;
   
  -    protected JCheckBox constrainExternalResourceOrigin;
  +    protected ButtonGroup resourceOriginGroup;
   
       protected JTextField host, port;
   
  @@ -333,8 +352,34 @@
           enforceSecureScripting.setSelected(model.getBoolean(PREFERENCE_KEY_ENFORCE_SECURE_SCRIPTING));
           loadJava.setSelected(model.getBoolean(PREFERENCE_KEY_LOAD_JAVA));
           loadEcmascript.setSelected(model.getBoolean(PREFERENCE_KEY_LOAD_ECMASCRIPT));
  -        constrainScriptOrigin.setSelected(model.getBoolean(PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN));
  -        constrainExternalResourceOrigin.setSelected(model.getBoolean(PREFERENCE_KEY_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN));
  +
  +        String allowedScriptOrigin = "" + model.getInteger(PREFERENCE_KEY_ALLOWED_SCRIPT_ORIGIN);
  +        if (allowedScriptOrigin == null || "".equals(allowedScriptOrigin)) {
  +            allowedScriptOrigin = "" + ResourceOrigin.NONE;
  +        }
  +
  +        Enumeration e = scriptOriginGroup.getElements();
  +        while (e.hasMoreElements()) {
  +            AbstractButton ab = (AbstractButton)e.nextElement();
  +            String ac = ab.getActionCommand();
  +            if (allowedScriptOrigin.equals(ac)) {
  +                ab.setSelected(true);
  +            }
  +        }
  +
  +        String allowedResourceOrigin = "" + model.getInteger(PREFERENCE_KEY_ALLOWED_EXTERNAL_RESOURCE_ORIGIN);
  +        if (allowedResourceOrigin == null || "".equals(allowedResourceOrigin)) {
  +            allowedResourceOrigin = "" + ResourceOrigin.NONE;
  +        }
  +
  +        e = resourceOriginGroup.getElements();
  +        while (e.hasMoreElements()) {
  +            AbstractButton ab = (AbstractButton)e.nextElement();
  +            String ac = ab.getActionCommand();
  +            if (allowedResourceOrigin.equals(ac)) {
  +                ab.setSelected(true);
  +            }
  +        }
   
           showRendering.setEnabled
               (!model.getBoolean(PREFERENCE_KEY_ENABLE_DOUBLE_BUFFERING));
  @@ -381,11 +426,10 @@
                            loadJava.isSelected());
           model.setBoolean(PREFERENCE_KEY_LOAD_ECMASCRIPT,
                            loadEcmascript.isSelected());
  -        model.setBoolean(PREFERENCE_KEY_CONSTRAIN_SCRIPT_ORIGIN,
  -                         constrainScriptOrigin.isSelected());
  -        model.setBoolean(PREFERENCE_KEY_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN,
  -                         constrainExternalResourceOrigin.isSelected());
  -
  +        model.setInteger(PREFERENCE_KEY_ALLOWED_SCRIPT_ORIGIN,
  +                         (new Integer(scriptOriginGroup.getSelection().getActionCommand())).intValue());
  +        model.setInteger(PREFERENCE_KEY_ALLOWED_EXTERNAL_RESOURCE_ORIGIN,
  +                         (new Integer(resourceOriginGroup.getSelection().getActionCommand())).intValue());
           model.setString(PREFERENCE_KEY_PROXY_HOST,
                           host.getText());
           model.setString(PREFERENCE_KEY_PROXY_PORT,
  @@ -575,23 +619,71 @@
           loadEcmascript
               = new JCheckBox(Resources.getString(LABEL_LOAD_ECMASCRIPT));
   
  -        constrainScriptOrigin
  -            = new JCheckBox(Resources.getString(LABEL_CONSTRAIN_SCRIPT_ORIGIN));
  -
  -        constrainExternalResourceOrigin
  -            = new JCheckBox(Resources.getString(LABEL_CONSTRAIN_EXTERNAL_RESOURCE_ORIGIN));
  -
  -        p.add(showRendering,    0, 0, 1, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(autoAdjustWindow, 0, 1, 1, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(enableDoubleBuffering, 0, 2, 1, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(showDebugTrace,   0, 3, 1, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(selectionXorMode,   0, 4, 1, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(isXMLParserValidating,   0, 5, 1, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(enforceSecureScripting, 0, 6, 1, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(loadJava, 0, 7, 1, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(loadEcmascript, 0, 8, 1, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(constrainScriptOrigin, 0, 9, 1, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(constrainExternalResourceOrigin, 0, 10, 1, 1, WEST, HORIZONTAL, 1, 0);
  +        JPanel loadScriptPanel = new JPanel();
  +        loadScriptPanel.add(loadJava);
  +        loadScriptPanel.add(loadEcmascript);
  +
  +        JPanel scriptOriginPanel = new JPanel();
  +
  +        scriptOriginGroup = new ButtonGroup();
  +        JRadioButton rb = null;
  +
  +        rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_ANY));
  +        rb.setActionCommand("" + ResourceOrigin.ANY);
  +        scriptOriginGroup.add(rb);
  +        scriptOriginPanel.add(rb);
  +
  +        rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_DOCUMENT));
  +        rb.setActionCommand("" + ResourceOrigin.DOCUMENT);
  +        scriptOriginGroup.add(rb);
  +        scriptOriginPanel.add(rb);
  +
  +        rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_EMBED));
  +        rb.setActionCommand("" + ResourceOrigin.EMBEDED);
  +        scriptOriginGroup.add(rb);
  +        scriptOriginPanel.add(rb);
  +
  +        rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_NONE));
  +        rb.setActionCommand("" + ResourceOrigin.NONE);
  +        scriptOriginGroup.add(rb);
  +        scriptOriginPanel.add(rb);
  +
  +        JPanel resourceOriginPanel = new JPanel();
  +        resourceOriginGroup = new ButtonGroup();
  +
  +        rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_ANY));
  +        rb.setActionCommand("" + ResourceOrigin.ANY);
  +        resourceOriginGroup.add(rb);
  +        resourceOriginPanel.add(rb);
  +
  +        rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_DOCUMENT));
  +        rb.setActionCommand("" + ResourceOrigin.DOCUMENT);
  +        resourceOriginGroup.add(rb);
  +        resourceOriginPanel.add(rb);
  +
  +        rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_EMBED));
  +        rb.setActionCommand("" + ResourceOrigin.EMBEDED);
  +        resourceOriginGroup.add(rb);
  +        resourceOriginPanel.add(rb);
  +
  +        rb = new JRadioButton(Resources.getString(LABEL_ORIGIN_NONE));
  +        rb.setActionCommand("" + ResourceOrigin.NONE);
  +        resourceOriginGroup.add(rb);
  +        resourceOriginPanel.add(rb);
  +
  +        p.add(showRendering,    0, 0, 2, 1, WEST, HORIZONTAL, 1, 0);
  +        p.add(autoAdjustWindow, 0, 1, 2, 1, WEST, HORIZONTAL, 1, 0);
  +        p.add(enableDoubleBuffering, 0, 2, 2, 1, WEST, HORIZONTAL, 1, 0);
  +        p.add(showDebugTrace,   0, 3, 2, 1, WEST, HORIZONTAL, 1, 0);
  +        p.add(selectionXorMode,   0, 4, 2, 1, WEST, HORIZONTAL, 1, 0);
  +        p.add(isXMLParserValidating,   0, 5, 2, 1, WEST, HORIZONTAL, 1, 0);
  +        p.add(enforceSecureScripting, 0, 6, 2, 1, WEST, HORIZONTAL, 1, 0);
  +        p.add(new JLabel(Resources.getString(LABEL_LOAD_SCRIPTS)), 0, 7, 1, 1, WEST, NONE, 0, 0);
  +        p.add(loadScriptPanel, 1, 7, 1, 1, WEST, NONE, 1, 0);
  +        p.add(new JLabel(Resources.getString(LABEL_SCRIPT_ORIGIN)), 0, 8, 1, 1, WEST, NONE, 0, 0);
  +        p.add(scriptOriginPanel, 1, 8, 1, 1, WEST, NONE, 1, 0);
  +        p.add(new JLabel(Resources.getString(LABEL_RESOURCE_ORIGIN)), 0, 10, 1, 1, WEST, NONE, 0, 0);
  +        p.add(resourceOriginPanel, 1, 10, 1, 1, WEST, NONE, 1, 0);
   
           p.setBorder(BorderFactory.createCompoundBorder
                       (BorderFactory.createTitledBorder
  
  
  
  1.1                  xml-batik/sources/org/apache/batik/apps/svgbrowser/ResourceOrigin.java
  
  Index: ResourceOrigin.java
  ===================================================================
  /*****************************************************************************
   * Copyright (C) The Apache Software Foundation. All rights reserved.        *
   * ------------------------------------------------------------------------- *
   * This software is published under the terms of the Apache Software License *
   * version 1.1, a copy of which has been included with this distribution in  *
   * the LICENSE file.                                                         *
   *****************************************************************************/
  
  package org.apache.batik.apps.svgbrowser;
  
  /**
   * This interface defines constants for the possible resource
   * origins.
   *
   * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
   * @version $Id: ResourceOrigin.java,v 1.1 2002/06/14 13:12:24 vhardy Exp $
   */
  public interface ResourceOrigin {
      /**
       * Any origin
       */
      static final int ANY = 1;
  
      /**
       * Same as document
       */
      static final int DOCUMENT = 2;
  
      /**
       * Embeded into the document 
       */
      static final int EMBEDED = 4;
  
      /**
       * No origin is ok
       */
      static final int NONE = 8;
  }
  
  
  
  1.13      +28 -8     xml-batik/sources/org/apache/batik/bridge/BaseScriptingEnvironment.java
  
  Index: BaseScriptingEnvironment.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/BaseScriptingEnvironment.java,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- BaseScriptingEnvironment.java	14 Jun 2002 08:43:11 -0000	1.12
  +++ BaseScriptingEnvironment.java	14 Jun 2002 13:12:24 -0000	1.13
  @@ -198,12 +198,18 @@
       protected Document document;
   
       /**
  +     * The URL of the document ot manage
  +     */
  +    protected ParsedURL docPURL;
  +
  +    /**
        * Creates a new BaseScriptingEnvironment.
        * @param ctx the bridge context
        */
       public BaseScriptingEnvironment(BridgeContext ctx) {
           bridgeContext = ctx;
           document = ctx.getDocument();
  +        docPURL = new ParsedURL(((SVGDocument)document).getURL());
           userAgent     = bridgeContext.getUserAgent();
       }
   
  @@ -264,8 +270,6 @@
                           (XMLBaseSupport.getCascadedXMLBase(script), href);
   
                       checkCompatibleScriptURL(type, purl);
  -                    ParsedURL docPURL 
  -                        = new ParsedURL(((SVGDocument)document).getURL());
   
                       DocumentJarClassLoader cll;
                       URL docURL = null;
  @@ -371,9 +375,8 @@
        * compatible. A SecurityException is thrown if loading
        * the script is not allowed.
        */
  -    private void checkCompatibleScriptURL(String scriptType, 
  +    protected void checkCompatibleScriptURL(String scriptType, 
                                             ParsedURL scriptPURL){
  -        ParsedURL docPURL = new ParsedURL(((SVGDocument)document).getURL());
           userAgent.checkLoadScript(scriptType, scriptPURL, docPURL);
       }
   
  @@ -392,18 +395,20 @@
               }
               return;
           }
  -        dispatchSVGLoad(root, interp);
  +
  +        dispatchSVGLoad(root, interp, true, lang);
       }
   
       /**
        * Auxiliary method for dispatchSVGLoad.
        */
  -    protected void dispatchSVGLoad(Element elt, final Interpreter interp) {
  +    protected void dispatchSVGLoad(Element elt, final Interpreter interp,
  +                                   boolean checkCanRun, String lang) {
           for (Node n = elt.getFirstChild();
                n != null;
                n = n.getNextSibling()) {
               if (n.getNodeType() == n.ELEMENT_NODE) {
  -                dispatchSVGLoad((Element)n, interp);
  +                dispatchSVGLoad((Element)n, interp, checkCanRun, lang);
               }
           }
   
  @@ -417,6 +422,12 @@
               elt.getAttributeNS(null, SVGConstants.SVG_ONLOAD_ATTRIBUTE);
           EventListener l = null;
           if (s.length() > 0) {
  +            if (checkCanRun) {
  +                // Check that it is ok to run embeded scripts
  +                checkCompatibleScriptURL(lang, docPURL);
  +                checkCanRun = false; // we only check once for onload handlers
  +            }
  +
               l = new EventListener() {
                       public void handleEvent(Event evt) {
                           try {
  @@ -444,6 +455,15 @@
           if (userAgent != null) {
               Exception ex = ie.getException();
               userAgent.displayError((ex == null) ? ie : ex);
  +        }
  +    }
  +
  +    /**
  +     * Handles the given exception.
  +     */
  +    protected void handleSecurityException(SecurityException se) {
  +        if (userAgent != null) {
  +            userAgent.displayError(se);
           }
       }
   
  
  
  
  1.2       +8 -2      xml-batik/sources/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
  
  Index: DefaultExternalResourceSecurity.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/DefaultExternalResourceSecurity.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- DefaultExternalResourceSecurity.java	13 Jun 2002 11:19:37 -0000	1.1
  +++ DefaultExternalResourceSecurity.java	14 Jun 2002 13:12:24 -0000	1.2
  @@ -19,6 +19,7 @@
    * @version $Id$
    */
   public class DefaultExternalResourceSecurity implements ExternalResourceSecurity {
  +    public static final String DATA_PROTOCOL = "data";
       /**
        * Message when trying to load a external resource file and the Document
        * does not have a URL
  @@ -73,12 +74,17 @@
               
               if ((docHost != externalResourceHost) &&
                   ((docHost == null) || (!docHost.equals(externalResourceHost)))){
  +                
  +                if ( externalResourceURL == null
  +                     ||
  +                     !DATA_PROTOCOL.equals(externalResourceURL.getProtocol()) ) {
                   se = new SecurityException
                       (Messages.formatMessage(ERROR_EXTERNAL_RESOURCE_FROM_DIFFERENT_URL,
                                               new Object[]{externalResourceURL}));
  +                }
  +                
               }
           }
  -        
       }
   }
   
  
  
  
  1.3       +13 -5     xml-batik/sources/org/apache/batik/bridge/DefaultScriptSecurity.java
  
  Index: DefaultScriptSecurity.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/DefaultScriptSecurity.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- DefaultScriptSecurity.java	5 Jun 2002 21:14:47 -0000	1.2
  +++ DefaultScriptSecurity.java	14 Jun 2002 13:12:24 -0000	1.3
  @@ -19,6 +19,7 @@
    * @version $Id$
    */
   public class DefaultScriptSecurity implements ScriptSecurity {
  +    public static final String DATA_PROTOCOL = "data";
       /**
        * Message when trying to load a script file and the Document
        * does not have a URL
  @@ -74,10 +75,17 @@
               String scriptHost = scriptURL.getHost();
               
               if ((docHost != scriptHost) &&
  -                ((docHost == null) || (!docHost.equals(scriptHost))))
  -                se = new SecurityException
  -                    (Messages.formatMessage(ERROR_SCRIPT_FROM_DIFFERENT_URL,
  -                                            new Object[]{scriptURL}));
  +                ((docHost == null) || (!docHost.equals(scriptHost)))) {
  +                if ( !docURL.equals(scriptURL)
  +                     &&
  +                     (scriptURL == null
  +                      ||
  +                      !DATA_PROTOCOL.equals(scriptURL.getProtocol()) )) {
  +                    se = new SecurityException
  +                        (Messages.formatMessage(ERROR_SCRIPT_FROM_DIFFERENT_URL,
  +                                                new Object[]{scriptURL}));
  +                }
  +            }
           }
           
       }
  
  
  
  1.2       +2 -9      xml-batik/sources/org/apache/batik/bridge/NoLoadExternalResourceSecurity.java
  
  Index: NoLoadExternalResourceSecurity.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/NoLoadExternalResourceSecurity.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- NoLoadExternalResourceSecurity.java	13 Jun 2002 11:19:37 -0000	1.1
  +++ NoLoadExternalResourceSecurity.java	14 Jun 2002 13:12:24 -0000	1.2
  @@ -43,15 +43,8 @@
       }
   
       /**
  -     * @param externalResourceURL url for the externalResource, as defined in
  -     *        the externalResource's xlink:href attribute. If that
  -     *        attribute was empty, then this parameter should
  -     *        be null
  -     * @param docURL url for the document into which the 
  -     *        externalResource was found.
        */
  -    public NoLoadExternalResourceSecurity(ParsedURL externalResourceURL,
  -                                          ParsedURL docURL){
  +    public NoLoadExternalResourceSecurity(){
           se = new SecurityException
               (Messages.formatMessage(ERROR_NO_EXTERNAL_RESOURCE_ALLOWED,
                                       null));
  
  
  
  1.32      +4 -1      xml-batik/sources/org/apache/batik/bridge/ScriptingEnvironment.java
  
  Index: ScriptingEnvironment.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/bridge/ScriptingEnvironment.java,v
  retrieving revision 1.31
  retrieving revision 1.32
  diff -u -r1.31 -r1.32
  --- ScriptingEnvironment.java	13 Jun 2002 11:19:37 -0000	1.31
  +++ ScriptingEnvironment.java	14 Jun 2002 13:12:24 -0000	1.32
  @@ -262,9 +262,12 @@
           interpreter.bindObject(ALTERNATE_EVENT_NAME, evt);
               
           try {
  +            checkCompatibleScriptURL(lang, docPURL);
               interpreter.evaluate(script);
           } catch (InterpreterException ie) {
               handleInterpreterException(ie);
  +        } catch (SecurityException se) {
  +            handleSecurityException(se);
           }
       }
   
  
  
  
  1.1                  xml-batik/sources/org/apache/batik/bridge/EmbededExternalResourceSecurity.java
  
  Index: EmbededExternalResourceSecurity.java
  ===================================================================
  /*****************************************************************************
   * Copyright (C) The Apache Software Foundation. All rights reserved.        *
   * ------------------------------------------------------------------------- *
   * This software is published under the terms of the Apache Software License *
   * version 1.1, a copy of which has been included with this distribution in  *
   * the LICENSE file.                                                         *
   *****************************************************************************/
  
  package org.apache.batik.bridge;
  
  import org.apache.batik.util.ParsedURL;
  
  /**
   * This implementation of the <tt>ExternalResourceSecurity</tt> interface only
   * allows external resources embeded in the document, i.e., externalResources
   * embeded with the data protocol.
   *
   * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
   * @version $Id: EmbededExternalResourceSecurity.java,v 1.1 2002/06/14 13:12:24 vhardy Exp $
   */
  public class EmbededExternalResourceSecurity implements ExternalResourceSecurity {
      public static final String DATA_PROTOCOL = "data";
  
      /**
       * Message when trying to load a external resource that is not embeded
       * in the document.
       */
      public static final String ERROR_EXTERNAL_RESOURCE_NOT_EMBEDED
          = "EmbededExternalResourceSecurity.error.external.esource.not.embeded";
  
      /**
       * The exception is built in the constructor and thrown if 
       * not null and the checkLoadExternalResource method is called.
       */
      protected SecurityException se;
  
      /**
       * Controls whether the externalResource should be loaded or not.
       *
       * @throws SecurityException if the externalResource should not be loaded.
       */
      public void checkLoadExternalResource(){
          if (se != null) {
              throw se;
          }
      }
  
      /**
       * @param externalResourceURL url for the externalResource, as defined in
       *        the externalResource's xlink:href attribute. If that
       *        attribute was empty, then this parameter should
       *        be null
       */
      public EmbededExternalResourceSecurity(ParsedURL externalResourceURL){
          if ( externalResourceURL == null
               ||
               !DATA_PROTOCOL.equals(externalResourceURL.getProtocol()) ) {
              se = new SecurityException
                  (Messages.formatMessage(ERROR_EXTERNAL_RESOURCE_NOT_EMBEDED,
                                          new Object[]{externalResourceURL}));
              
              
          }
      }
  }
  
  
      
  
  
  
  1.1                  xml-batik/sources/org/apache/batik/bridge/EmbededScriptSecurity.java
  
  Index: EmbededScriptSecurity.java
  ===================================================================
  /*****************************************************************************
   * Copyright (C) The Apache Software Foundation. All rights reserved.        *
   * ------------------------------------------------------------------------- *
   * This software is published under the terms of the Apache Software License *
   * version 1.1, a copy of which has been included with this distribution in  *
   * the LICENSE file.                                                         *
   *****************************************************************************/
  
  package org.apache.batik.bridge;
  
  import org.apache.batik.util.ParsedURL;
  
  /**
   * This implementation of the <tt>ScriptSecurity</tt> interface only
   * allows scripts embeded in the document, i.e., scripts whith either
   * the same URL as the document (as for event attributes) or scripts
   * embeded with the data protocol.
   *
   * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
   * @version $Id: EmbededScriptSecurity.java,v 1.1 2002/06/14 13:12:24 vhardy Exp $
   */
  public class EmbededScriptSecurity implements ScriptSecurity {
      public static final String DATA_PROTOCOL = "data";
  
      /**
       * Message when trying to load a script file and the Document
       * does not have a URL
       */
      public static final String ERROR_CANNOT_ACCESS_DOCUMENT_URL
          = "DefaultScriptSecurity.error.cannot.access.document.url";
  
      /**
       * Message when trying to load a script that is not embeded
       * in the document.
       */
      public static final String ERROR_SCRIPT_NOT_EMBEDED
          = "EmbededScriptSecurity.error.script.not.embeded";
  
      /**
       * The exception is built in the constructor and thrown if 
       * not null and the checkLoadScript method is called.
       */
      protected SecurityException se;
  
      /**
       * Controls whether the script should be loaded or not.
       *
       * @throws SecurityException if the script should not be loaded.
       */
      public void checkLoadScript(){
          if (se != null) {
              throw se;
          }
      }
  
      /**
       * @param scriptType type of script, as found in the 
       *        type attribute of the &lt;script&gt; element.
       * @param scriptURL url for the script, as defined in
       *        the script's xlink:href attribute. If that
       *        attribute was empty, then this parameter should
       *        be null
       * @param docURL url for the document into which the 
       *        script was found.
       */
      public EmbededScriptSecurity(String scriptType,
                                   ParsedURL scriptURL,
                                   ParsedURL docURL){
          // Make sure that the archives comes from the same host
          // as the document itself
          if (docURL == null) {
              se = new SecurityException
                  (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
                                          new Object[]{scriptURL}));
          } else {
              if ( !docURL.equals(scriptURL)
                   &&
                   (scriptURL == null
                    ||
                    !DATA_PROTOCOL.equals(scriptURL.getProtocol()) )) {
                  se = new SecurityException
                      (Messages.formatMessage(ERROR_SCRIPT_NOT_EMBEDED,
                                              new Object[]{scriptURL}));
              }
          }
      }
  }
  
  
      
  
  
  
  1.4       +23 -1     xml-batik/test-resources/org/apache/batik/bridge/unitTesting.xml
  
  Index: unitTesting.xml
  ===================================================================
  RCS file: /home/cvs/xml-batik/test-resources/org/apache/batik/bridge/unitTesting.xml,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- unitTesting.xml	13 Jun 2002 11:19:38 -0000	1.3
  +++ unitTesting.xml	14 Jun 2002 13:12:25 -0000	1.4
  @@ -85,4 +85,26 @@
   
       </testGroup>
   
  +    <testGroup id="SecurityExceptions" name="Security Exceptions" class="org.apache.batik.test.svg.SVGOnLoadExceptionTest">
  +        <test id="bridge/ecmaCheckNoEmbed" >
  +            <property name="Scripts" class="java.lang.String" 
  +                      value="application/java-archive" />
  +            <property name="ScriptOrigin" class="java.lang.String"
  +                      value="NONE" />
  +            <property name="ExpectedExceptionClass" class="java.lang.String"
  +                      value="java.lang.SecurityException" />
  +        </test>
  +
  +        <test id="bridge/embedData" >
  +            <property name="Scripts" class="java.lang.String" 
  +                      value="application/java-archive" />
  +            <property name="ResourceOrigin" class="java.lang.String"
  +                      value="NONE" />
  +            <property name="ExpectedExceptionClass" class="java.lang.String"
  +                      value="org.apache.batik.bridge.BridgeException" />
  +            <property name="ExpectedErrorCode" class="java.lang.String"
  +                      value="uri.unsecure" />
  +        </test>
  +
  +    </testGroup>
   </testSuite>
  
  
  
  1.1                  xml-batik/test-resources/org/apache/batik/bridge/ecmaCheckNoEmbed.svg
  
  Index: ecmaCheckNoEmbed.svg
  ===================================================================
  <?xml version="1.0" standalone="no"?>
  <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
  "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
  
  <!-- ========================================================================= -->
  <!-- Copyright (C) The Apache Software Foundation. All rights reserved.        -->
  <!--                                                                           -->
  <!-- This software is published under the terms of the Apache Software License -->
  <!-- version 1.1, a copy of which has been included with this distribution in  -->
  <!-- the LICENSE file.                                                         -->
  <!-- ========================================================================= -->
  
  <!-- ========================================================================= -->
  <!-- Checks that embeded ecmaScript code is not executed if that feature is    -->
  <!-- disabled.                                                                 -->
  <!--                                                                           -->
  <!-- @author vincent.hardy@sun.com                                             -->
  <!-- @version $Id: ecmaCheckNoEmbed.svg,v 1.1 2002/06/14 13:12:25 vhardy Exp $   -->
  <!-- ========================================================================= -->
  
  <svg xmlns="http://www.w3.org/2000/svg" 
       xmlns:xlink="http://www.w3.org/1999/xlink" 
       xmlns:test="http://xml.apache.org/batik/test"
       width="450" height="500" viewBox="0 0 450 500"
       onload="document.getElementById('testResult').setAttributeNS(null, 'result', 'failed'); document.getElementById('testResult').setAttributeNS(null, 'errorCode', 'onload attribute should not have been run');" >
  
      <script>
      </script>
  
      <test:testResult id="testResult" result="passed"/>
  
      <circle cx="50%" cy="50%" r="200" fill="crimson" />
  </svg>
  
  
  
  1.1                  xml-batik/test-resources/org/apache/batik/bridge/embedData.svg
  
  Index: embedData.svg
  ===================================================================
  <?xml version="1.0" standalone="no"?>
  <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
  "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
  
  <!-- ========================================================================= -->
  <!-- Copyright (C) The Apache Software Foundation. All rights reserved.        -->
  <!--                                                                           -->
  <!-- This software is published under the terms of the Apache Software License -->
  <!-- version 1.1, a copy of which has been included with this distribution in  -->
  <!-- the LICENSE file.                                                         -->
  <!-- ========================================================================= -->
  
  <!-- ========================================================================= -->
  <!-- Used to validate security settings restricting use of *any* type of       -->
  <!-- external resources.                                                       -->
  <!--                                                                           -->
  <!-- @author vincent.hardy@eng.sun.com                                         -->
  <!-- @version $Id: embedData.svg,v 1.1 2002/06/14 13:12:25 vhardy Exp $ -->
  <!-- ========================================================================= -->
  
  <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="body" width="450" height="500" viewBox="0 0 450 500">
  <title>Data Protocol</title>
      <!-- ============================================================= -->
      <!-- Test content                                                  -->
      <!-- ============================================================= -->
      <g id="testContent" class="legend" style="text-anchor:middle">
          <text x="225" y="40" class="title">
              dataProtocol test
          </text>
  
      <!-- ==================================== -->
      <!-- Initially, was an encoded JPEG imag  -->
      <!-- ==================================== -->
      <text x="210" y="100">Initial JPEG, encoded as PNG, data protocol</text>
      <rect x="148" y="108" width="131" height="134" fill="rgb(200, 100, 0)" />
  	<image x="150" y="110" width="127" height="130" xlink:href="data:image/png;base64,/9j/4AAQSkZJRgABAgEASABIAAD//gAmRmlsZSB3cml0dGVuIGJ5IEFkb2JlIFBo
  b3Rvc2hvcKggNS4y/+4ADkFkb2JlAGRAAAAAAf/bAIQAAQEBAQEBAQEBAQEBAQEB
  AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQICAgICAgICAgICAwMDAwMDAwMD
  AwEBAQEBAQEBAQEBAgIBAgIDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD
  AwMDAwMDAwMDAwMDAwMDAwMD/8AAEQgAggB/AwERAAIRAQMRAf/dAAQAEP/EAaIA
  AAAGAgMBAAAAAAAAAAAAAAcIBgUECQMKAgEACwEAAAYDAQEBAAAAAAAAAAAABgUE
  AwcCCAEJAAoLEAACAQMEAQMDAgMDAwIGCXUBAgMEEQUSBiEHEyIACDEUQTIjFQlR
  QhZhJDMXUnGBGGKRJUOhsfAmNHIKGcHRNSfhUzaC8ZKiRFRzRUY3R2MoVVZXGrLC
  0uLyZIN0k4Rlo7PD0+MpOGbzdSo5OkhJSlhZWmdoaWp2d3h5eoWGh4iJipSVlpeY
  mZqkpaanqKmqtLW2t7i5usTFxsfIycrU1dbX2Nna5OXm5+jp6vT19vf4+foRAAIB
  AwIEBAMFBAQEBgYFbQECAxEEIRIFMQYAIhNBUQcyYRRxCEKBI5EVUqFiFjMJsSTB
  0UNy8BfhgjQlklMYY0TxorImNRlUNkVkJwpzg5NGdMLS4vJVZXVWN4SFo7PD0+Pz
  KRqUpLTE1OT0laW1xdXl9ShHV2Y4doaWprbG1ub2Z3eHl6e3x9fn90hYaHiImKi4
  yNjo+DlJWWl5iZmpucnZ6fkqOkpaanqKmqq6ytrq+v/aAAwDAQACEQMRAD8A3+Pf
  uvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r
  3Xvfuvde9+691737r3Xvfuvdf//Q3+Pfuvde9+691737r3XvfuvdMe4Ny4LauPly
  u4cpS4qhhSR2mqZLFhEhkkEUShpp2SNSxCKxCgk8An3G/uf7v+2nsxy8eafc/nKy
  2fZixVDMxMk8gFfCtoEDz3M1M+FbxySUzpoCejHbNo3LebkWu2WjyzedMBR6sxoq
  j5sQOqcO9f5z/T+3t65Lpj407T3n8o+8qdKiKPrro7aGb7Y3BSVaWWM7hi2gsuF2
  hjJSSVyNfXfaxaSZlQK3vDYfen9/veW5+l+7h7GNZcsOQF3rmPXCroSVMtttcDLM
  4X40aa5UkEeJbrQqZKtOSeVtlijuucN/Z5K5gtSoIxUappAagntISPB4P59ApUVv
  89v5HSVFRgOo+pviptLKUkb4yXvPv16HfmI1glqn+7/xm29vinmkZX1R0uQrqecG
  yzGJhwcQewH3qOc1gu/cn70W52c4kJaDZoodtg8PyRXt0S5rnjI7N6tgUO4ef/bb
  YTGuye2ljP2dzXeu5Yv6jxmZABj4UUHOOg1qv5T3813d4/iO8f5j3TuKyrtpajw/
  S/ZW6qeOEIhRf45le1ttV9UUcsoD0q2RVN+SqjC0+55s8Q8S89zOa57s01O+6XTE
  0FBxb+XWpffG+PZByns0cAOFWzhFP2L0jc5/Ji/meRxDI4D+ZB17kM3T+QUtMvX3
  bvW0TiSnmSQNuPbfau6MlSiZiqNopHsjM3JUKx1bfdej2usuz+5fMMV1TDPezvT9
  rdIZfd9ryiX3Ke1vD6C3jX/AOgwzfRf/AApD+LFRW5bYPaafIbBUr/cvTbb7dwPd
  zVOPhCNIldt75T7c2jvMSyxxgtBgqqorA+pIXkvqc7g5S99OU1Rtt51G8QLXUlxR
  nYeVGkBav2GtfPovk3r273osLvl/6GQ0oYqhQfsWgp+XWXqb/hR7290nvSPqv+Y/
  8Rdz7KytC0EeZ3f1ntjdOyd74GidkpqXNbo+Pvak0WbqsbVWaeavxWaKuisaSglD
  IgP9m94Z7a6j2nnrYpNu3HA1UIQk+mqo+ddX2Dotv+Ro5oWveXdxS6tc4qCwH5fs
  4faetlX40/LL45fMPr+Ls/41du7Q7a2f5YqXI1W3K2RMvtvJTQioTC7x2tkoaDdG
  y899uRIaHK0dHV+Mh/HpIYzTY7hZblAtzY3KSwnzU/4RxH59AG4tp7WQxXETJIPI
  /wCrPRh/azpjr3v3Xuve/de697917r//0d/j37r3Xvfuvde9+690Tv5lfNrpL4Td
  X5Psjt3dNDiYYNNJicXq+6yuazNSAMfhcPiKdxX5jMVzsBFSwDWwILFFIY4a/eI+
  9RP7e77bez3s1y9HzR94K/h1x2eomy2uFqBb3eZY2VooyDrhtVZZ7gD4oI3SYi7l
  vlj97ut3uNx9Nsyt3SHi1OIjB4082yAcUJx1V/tP4nfMH+ZnlR2b839wb7+LfxQy
  NXHkNlfEXY+aq9rd79nbebxtSzfIjf2Ienr+tNv5SmTUdr4Nocyq1B89XjKiJopQ
  b7Qfc18fmGH3h+8lzFLzj7yToC0l0AbSyzqEG32lBBaQJwCxxqWNXIVyWJvuXOEd
  hA+0csRrDZKWGpRlwfxGtSzED4iSR8x1dH0d8fukfjTsOg6x6C6s2T1JsTHN5otu
  7IwNFhaWrrnjSOoy+Ynp4xXZ/P1wjBqchXS1FdVP65pXYk+887WztbGFLezt0igU
  YVQAP5dR/NPNcSNLPKzyHzJr0MPtT011737r3Xvfuvde9+690CPfXxt6H+UOypuv
  fkB1XtDtPajmeSlotzY0S1+Eq6iIQy5Pa24KR6TcW0c0YRoFdi6ujrFS4WUAkeyz
  dtl2rfbVrLd7CK4tj5OK0+anip+akH59K7K/vdumFxY3LxTDzU0r8iOBHyII61Pf
  l1/JO+Un8vzsKp+aP8pbtTsOGs2ulVk891xSSx5nf9LgonesqcBV7fWjbA9/9eBL
  q+JyFDNmYBHE6JkagGohhbceTOY+QZn3nkm4lutnWpe1J1SovE+F/vxR/vsjVgUD
  HIH1rv21cyotjzBEkN8cLMBRGPlr/gP9IGnHhw6te/lH/wA6zrn+YXRP012ziMR0
  r8yNp4b7/cPXcdU8WzO0sbRl4shvPparytbVZOso6cIs2QwdVJNksUst1lraeOWq
  WR+T+dtt5ts0kgkVbsDuX5+dAcgjzU5HkSM9BXfeX7vZZ2SRSYa4P+Cv+Q/4Or0v
  Y16IOve/de697917r//S3+Pfuvde9+690V35cfKfrj4j9Nbx7b7Gz+PweJ2vg6zM
  TzVs8MeiKBGWFYYpWH3NdX1VqejgAZp6hrBSqSFcNvvcfeQ3X2g2zl3269rrJNx9
  /ua3MG1W2nxFtIq6Zt1u04C3tsiJX7Z5xpo0UVxpGXKHLCb7dNc7hMIdlhP6jsdI
  ZqVEan1Iy1PhX0LLWsL4C/Djsn5Gdn4P+Zj8+cLXHs6vM+a+Inxt3JDIcH8YthZY
  /c4ff258FWAiq+QO7qGVap5KqMT7dhlVNKZDUKI7+7B923ZvZLly53XdZn3L3M3m
  ZrzddyuO+5vLyYmSWWVzmmtmKJwQZpqOKcz7+L6drKxOnbo+xQMDSuAAPJaD8/s4
  3v8AvK7oIde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691q7/wA6T+TRk+wc
  g3z0+C0Vd178nurstT9o7g27sJHxmY3NndrVCZ2HszreLGoHpu0sZU0QqKzHwrp3
  FoMkS/xPUmRhnnXku7269l515PjK7gnfc26YE4XJkjA4TilSB/acQPExIPdg3+G7
  t05f3xgbY9sUrf6GTjQ5PGM8AT8Pn2/CdL+Sr/Ndov5i/TmX2V2qcTtn5g9GU1Dj
  e5dqUcUWMpN74WRlosN3Ls3FAhUwO4ZwIMpSwALiMveMpFTVNAZRvybzXa81bXFd
  ROPqAo1D1+dPtww8j8iOg9vuzTbPePC6nwq4P+T/ACj1HzB6u29i/oj697917r//
  09/j37r3TXm8xQbexGTzmUm8GOxNDU5CsltqZYKWJpXEaXBlmcLpRB6nchRyR7Df
  OPNuxchcp8x868zXgt+X9qsprq4kP4YoEaR9IqNTkLpRBl3KotSQOl22bdd7vuNl
  tdjHrvLiVY0HlqYgCp8gK1YnAAJOB1ruYXa2V/mjfzH66k3rRvX/ABE+AW5MDu3f
  mCqkiqNvdpfLOphgzPXXXFbHLGI81tfpnBGLMZSnIMM1caFZ0eGumRuc33J+Td79
  4ebudvvje5tn/wAiPmWcrtkLMXWx2mIlLW2iqAKaFBd1CmRgzuuqViZX59vLTlvb
  rPk3Z5P04lpI1AC7V7nP4lZzU6STpBAU0UdbDmY3JgtvxiTMZSkodS6kilk1VMqi
  4JhpIhJVTAEf2Eb3m/7qe/3sv7JWkd37re5e07IXTUkU86/UyrUjVDaR67qZQQQT
  FC4BwTXqLdu2Xdd3cpt1hJLQ0JAoo+1zRV/MjoK8n8g+u8XIyyyZ+ojW/wC/Tbfy
  BiYA/UfcJTy/7dR7xEuf71L7ncd3LbWXN+6XcSmgli225VHzxUTrDKAePdGpocgG
  oA9sfaHnG/RWRLRHP4WuI6/8ZLD+fSUT5f8AQUVWlFm96Has0sqwxSbmxGVxdCzM
  QNUmVNLNi6OJb8tPNEoHJNgfclch/wB4B91v3AuksbDn97G7dqKL61uLdD8zOUa3
  QZ4ySp68OjS99hPc+0s2v4NhW7tVFWNvLFIw/wCbeoSMf9IjdGHwubw25MVQ53bu
  XxmewmTgWqxuYwtfSZTFZCmYkLUUOQoZZ6SrgYqQHjdlJH195h7fuFhu1lbbltd9
  Dc7dMgaOWJ1kjkU8GR0JVlPkVJB6iK5tbmyuJbS8t5IrqNqMjqVdSOIZWAIPyIr0
  5+1nTHXvfuvde9+691737r3Xvfuvde9+691pe/zevjvvr+VL84en/wCbN8RsLLS7
  Mzm9J4e5Ou8U/wDDcBlcjmRNW9jbCrxTUskNLtnt/bEFXW0QeKpGMzlJPVRBPFRR
  xwDzDav7c85We/7eunl3dJtMi8EiuTUkeipcKCwH4ZFYinYBJW2TLzTsU+23LV3S
  zjqp83hGAfm0RoPmpHzPW3x0123sXvzqbrfuzrHMJn+ve1tlbc39s/LKFSSqwO6M
  VTZbHisp1kkNFkqeGpEVVTOfLS1KPFIA6MBPFvPHcwRXELVidQwPyIr/AMX1HEkb
  xSPE4o6kg/l0JXt7qnX/1N/j37r3Vd38xz5DYXojprK5HK5Olx1Li9sbu7Jzc1WX
  +2GI6+x8NXiqSrEZ1LHlN41+OVb8OsEg98zv7yzmndtx5J9tfYPlwyHdOdt9hiuF
  j+I2VrJG7ocimuZ4pFOQfp3HU8+yWyoBzbzncBAm3WoiiLmi+Pc6lJ1U8oVlQ+YM
  qnoLPgB1xkPif8OOquuK+iNL312bQVPyA+RFdVBp6/Gdu91PHvLdGOy7zPKKrLbV
  pqyl27RhraMZhadnXldcUffS++Rbfc89uOVvu++ybQH3afa4Q8+lHj2i2KKqSvGQ
  Y3vp1FYInBWOOlzMjK8CzEG2cvvzRf3nNG86/wB1NMyxKSdU2k0oG4+GnBmHFqoD
  UNpErfvZm0dh082W3hnI0qpdUz/cT+evqXtcu5kcyEn+pPv5732/nP3N5h3HmHmD
  cr3d+Zb2UyXF1cyyTSyyNxaSWQszH7SaDAxTqaeXOUt55g022zWISzTFaaI0H8h+
  Q6Jjun+YF1bjWqI6ejFVAjGFZah0bXJ9dOkem5Xn6/T3KG1/d45iuhGzdjkVoB5d
  Shae0S26pJf8yokoOQgJ/n0WzfvyX6w7GpK2nnoI8cZIJCzKA4XyXAUrwdZv7kTY
  varmTl2aGWGYyUYfLh1LPK+1xcvjQd7M0NKEMPLh1WjVfM75AfAHsCLsro7cb5LY
  tXkY6zdvU24KmpqNgb6xQZWqqepx4d2wOfanFqbLUQjq6dwAxlgMsEvU77p3u5zR
  yddxWEF85tGI8a3YkxSHhUrwV6cJFo44ElaqYV96OSdn32B7mW3UTgHw5QAHXzpX
  zX1U1X7DQ9bbfwN+c3TH8wf4+be786armghnqZdub/2NkamCbc3V/YeMpqWbP7H3
  KkAjVqmiWsinpKpUSLI4+ogqo1VZQq9oNk3m137bbbcbQ9jqCV81NKlTw4eRpkUP
  WBW4WE223ctpOO5SaH1Hr/q4dHO9m3SLr3v3Xuve/de697917r3v3Xuiy/Mn45YH
  5Z/GPuPoDPw0jjsDZuQosBVVoP2+J3ljwmX2XmZWVHlWmxu6KClknVLNLTCSK4Dn
  2F+dOXE5s5X3nYiwWaaE+Ex/BMnfC/2LIqk04rUefRxsG6Ns272O4gVjjcax/FG3
  bIv5oSB6Gh8uqGv+Ey3ee4afp75IfBHfrVtNuP4ldpNn9i4/KI1PU0vVfcNdn8pJ
  g6amklkcptjsvBZySewURDLQJb8kGezfMr8wcqQLcYvYDokU8VcEq6H+krg6vQt0
  e89bSNs3qQx5gkGpT5MpyrD5FSKfZ1s/+5b6BXX/1d/j37r3WvD/ADIavIdx/JiL
  qlzj6zrvbG8/jXs3uPFV48tJXdYDK1feXZeEl8STPSz7v2hDFjVkKNpaaIlXACnk
  R95nnDlu2++xyfuvN3jPs/KPLst2I42oxeCB76QoM1l8KckAAs2hQAcdZb8g7Xcf
  6yI22wiVtx3zdmVCV1AU0wqTkYVk+waiejbdg9003Xm0K7c2frqet3luE1GcyAjl
  WWNK3IXmSOPn00lHCUihjHEcaKo4AHvhVzPuHNnv17r82c/8yytJum77jLcTMQQB
  rc6YowSSsUS0jiStEjVEGFHQ92DkJd93aOxtIWh5VsFEKEihKR4JPq7tVnP4mJPE
  9ap38xT+YrkNqSZGeTIPWZGskngx9ACshkdg6nSHLeJUDfUWK/UH30p+7b92yHfT
  boIAlsgBd+FB/lr/AD6GfO/O23ck7Ym27TEqRqNKqAKsfU/P59a82R+YXyX7CzlT
  Pt2sy1U0eqrOLweKrMtJT0wkVFkmSmjmlWIM6rqIC6iB9T76Y7P93/292+0W1/dB
  mlC5bz+2g6xmvvczme5nM31oRK4H/F9Gw+LPzU31uDdEWzd8SStVFjEZbywFnjfx
  sk8DWKTwyXBUjg39wl7v+w2xbRtcu87HHpReKkAkfYfTqQOR/cfcb67Sw3B6seBH
  n1Zh2/BJvDYtbHVa5y9CxpEIbhvESDqYE/Q3494rcmSLs2/27xUWkncflXqZN+U3
  +2yh8krjoDf5Bnza3H8L/wCaHhum87nKik6W+WW48f0vvvBzzt/DaffmVnqYOl94
  wU10iTMUO96+PDNM7KkeMztYzBmSLT2F9qN9pZbMwk/xW5jVD6avwn7a4+wnrBrn
  Tbv8YvwV/WiYkfZ5j9mfyHX0xPeQfUZde9+691inngpYZaipmip6eBGlmnnkSKGG
  NBqeSWWQqkaKBckkAD2xdXVrY2813e3McNpGpZ3dgiKo4lmYgKB5kkAdXiilnkSG
  GNnlY0CqCSSeAAGST6Dppw+5dubiNWNv7gwmdNA8cdcMPlaDJmjkmV2hSr+ynn+3
  eVY2Kh7Fgpt9PaTbd52jeYnn2fdba7hU0LQypKoJ4AlGYA/b0/d2N9YOsd9ZywyE
  YEiMhP2BgD09+zLpL1737r3Wpj0LS0/xZ/4Uz9mdfYtaimw/yx6o7fp6qH1RYqrz
  Vbh9t/JnFmihciI1OGo8BlqdBHfxxyTKoC3Ax19uWk2X3X90eWS6i1+v8eJRjF5C
  l45A9A7svoCCB1KPNQXcOTeT93Cky/TeG5+cDtAo+0qoP5g9bZ3vIrqLuv/W3+Pf
  uvdanvcnyAx+xP5lnzCxmfjrskKzdG0sXTR1Ne8dDTxUnWOyKaI1tC6yJXRR0aeO
  mJI8UTekDi3B77/3J26b57p8yblt03hz9qM9GMuhraKJljcMNIaOsbKQymNqUBCk
  Z7exsVpf8lcv2VzcmNYmd10hfiMjmucgg91RnVx6L/3539W7vrKunjqiYFD+FYHt
  GIxc2UHUoAXgC3HvEvkD2+h2iGGR4u/FajNep3u7u02+2+g29aRAZPmx8yT69ann
  zii3JvDvnEYSSXQuWq6PEYt6wyx0EVZlK+GkilmMUczpGHmBcqjMEBsCePfYn7t9
  pYwcmCO1C/UtINXr6Cvy6wv91Z7iTfdUtfCCmnX1Qfg38HuifgF0FtDojo3aeIxF
  NiMRil3tvOPF0NLu3tPeFNSePKb33xlqeFKvMZfI1csrQpK7xUFM60tMsdPGka5+
  7dt1ttltHbWyAAAVNMsfMk+Z/wAHAY6xrurqW7laWVqk8B5Aeg6qk/nOfywum+5q
  7rf5b7C2ZhNqd+7a3tjNr79zuBoKTE/6Utk7igqYkn3nHRUYOc3ZtXKUVN9hkZWW
  oFBNUU8zzIlItPiT99febLkz2dv+b5CsZS6ihc0+MShwvDiwcLk/hLVqQvU0ewlp
  JvPO8O0M1YzA8gqcL4ZUnj5FSceoHz6p2+TXUr9YbexNHVRzRA41IxEW0iR/F63+
  ga5t74x+1vNo5pv7qeNgT4hNfQVx1nRzFa2kFhFJay64aaag4qOPWp33Jns1118j
  P76bdkbH57ae6cDu/AVJaS9LmMDkqfL4yp1QSwzAwV1GjXV0fjgg8++zHtRdFuTd
  llR6yIOPzBFOsHOdIdO/X6Mva3+Xr7LOEy1Ln8NiM7QiUUWaxlBlqMTosc4pclSR
  VlOJo1eRUlEMw1AMwB4ufeZCsGVWHAivUFEUJB4jpz97611Xx8g+2Nh5DfW6uvN/
  bnx+C2/s+jxvnx+Sr46Gjq6vI4ajzkmUrFkZPN4KbIpHEHuiaCyW1kn5yv70b3a9
  2+cffm49ndjlvI/b/l+Oz020IYJdXlxbQ3bXM6gAysi3CQQh9SRrG0kQUzSM+V/t
  ZyjvWy8pbNzpsNj4u5XzynxQAWjjjmeHw1JPaGaNmcihOoBvhAHz6vmX/Mh3z0H/
  ADDW7Z+GfZFVh/8ARBu5UpMliq6sG198Y2lr6afMbM3VjqKqpYdy7Iz60ggrqORt
  EqWZCkqRyJnv9ynkfmL2/wDbXYt932F7fmG6iVijVDBDQhXHmGxVT/hp0n95OY4+
  aN0FhIVdYkUSEZHi6Rq0n1BrkdfTp643lB2L15sPsGloZcZTb72ZtfeVPjZ5kqJ8
  fBufB0ObhoZqiNI455aSOuEbOqqGK3AANvfTqKQSxRSgUDKD+0V6xaddDuleBI/Z
  0s/bnVetX35f0Axv/Cgj+XzuCgBoq6v3lm8XVVtIzU9RU01T8XezqKrp55oSkksV
  Vj2MEisSJIToa68e8U9uuWH3sebbRTRf3FZOQPMkOtT6mgp9mOHUy3UQPsvskxFT
  +8bhfyGk0/bn7etoL3lZ1DXX/9ff49+691oKfzN96VHXn83L5VYGpk/dqM51dn6V
  tEkUdTQbj6W65yULReQDyinlqJKd2W6+WFwPp75kfes5MkvebN/vXSsUnhsD/wA2
  Y+H2cPtHWW/s1vyQbJtturd6agR/t26Cer3SK+oklZiPKoLJq5Gocj/AEH3hRDtH
  gRqoHDz6n573xXJPn0EO5fiThPkHkY5UEH8T8mtfHOy1kJVlMUtPMNMqTI4BUqbg
  jj2NNo95dz9s4axs4gXzpivz6Ib7kSz5sko6qXPl59bxvw/+XeW3f1LtHC974vNY
  7tfbuCxeI3NuKjxUtfhd8VdBSQ0j7rp/4bEXxeRzTRGorKRoUghnkbwuUIVMpeTP
  70H2Ci2dIPdK+vNp36EBWeO2luoLimNafTq8kbmlXjeMIDTRI9aLjhz793zmDly7
  Nxs97a3G2SE0VpVjliPHSwchWUcFZWJP4lU5Is9qbloOw4qGgkgem2nhqxczM2QU
  QS5Kup4Zo4JZoWJ8FDSRzuyq/qdyGIUqB75i/f4+/wBwfeZG1+2PtLt93be11ldC
  4lurhDFcbhdKrxx6YQxMVrCsjlFkPiSyMJHSLw0U05D2S65PkurpJQ+/3MZhAj7h
  GjEFgD+J3KgEjAAIBOo9asv8yntrbu7+yJcDtyWN6DDs9KGhZGid4zpkcEC2m4sP
  x7K/u18obhs/Lq31+pE0ormtaeXWVumfbOXNp2u9k1X2nXJ8i2aH5gdahvzF23UY
  /sNsz45DDkEYSysllEnkJjubAC6fT32P9kd0jueWvodQ1xHAr5Uz1i57hWbxbr9T
  pOlx19Xr+XX3bjvkb8EfiN3TjshT5KTfPQHWdVn5qaeSpjpt64nbFBt/f+JaeZ5J
  pZ8FvfE5CilLsXMtO2o3v7zk2q4F3ttjcA11RLX7QKMPyII6x5vIjDdXERHBz+yu
  P5dHN9mHSbrWl/np/wAqn5a/LQR9z/B7duMn37W4Wk292f01ndy0ezZN8UmLpxRY
  bcWxt15aaj27R7khoFjoqyiy1XQUU9LBHLFUxzRtFU4988fd/wCUOZ+eG9xhtMUv
  MMiRrKHC0kaFRHHJUj4xGqRmpppRKUINZN5e9y982jl4crfWum2KzlCpNVDksy0H
  4SxZhTNWP5a8vwf/AOEuPzu7P7w23L82do4n48dD4XL0mY39OvZ3XO/uwd94immW
  oqdq7Hpert172oMXkc6w+2myWUqqNMfBJJURR1cscdNKLNs5L3B5okvYlhs1pUBl
  JIH4VCkgelTSgznh0S3e/WwR2t3Mk5+RAr6moFf8vX0ZMTisbgcVjMHhqGmxmHw2
  PosVisbRxLBR4/G46mjo6GhpIUASGmpKWFI41HCqoA9yuqhVCqKKBQdA0kkkk5PT
  h731rrVM753xP2p/wos+DOx8HJT1GM2zujundVTWxIZpMdD1d8b9+bYy9NW+Ekwx
  Ve56Orp4Xay+SZBz7wr9styh5z+9F71czWc2uy26a22lCPhra21bjPAlbkSofTAP
  U9c2W77H7Rch7PPHpuLlJb1q8aTS/pfkYSh/b1tZ+81OoF6//9Df49+691oW/wDC
  n/YeS6c+fPQvfFHEaXbXfXSEe3qiskVgtRv3pzc1XRZsRVCqqBE2dvTbq+M3ZWVm
  uQ4C43e+fKke6+HeeGSXg0/mhNf5MvUre3e9NZa7fUBpkr/vXD+YPVbuxuwRncRR
  VTVEcjtDHcq7PI1lFyzH8f0984t+5cO33s8IjIAY+VB1lPt26fUwRvrBNOh62T2f
  kto5SmyePqXjenlSX0EXOgghbn+yT7j/AH3lW23i1ltriIEMKZ6Eu3bxLYzJLG9K
  Hq2jpv8AmqNsnEQ0GfwsVZIkYV5Up7u5UBVBdbH/AFz7xK5w+6kN5vXuLC60qTgE
  4HSneoeVuaGWfdRPFcjiYzgn/SnHSa72/mu7x3/hqrb20KP+AUNYjwzzQgxzyRMC
  CrNwQDf+v09nPI33Vdr2O7hvt4n8eRDUKeAPRft1lyry9IbjabN5b0fDJLkr81Xg
  D8+qjdxbtyG4cjU5TJ1T1FVUu8jO7lramLEAkk2595bbbs1tt1tFa2sQWJRTHSe6
  vpbqV5pnJcnonvyG63o9/wCBmVYmesQ+SJ1JLB1HBBP00ge5n9tuZ5+W9yRi4EBw
  R8ugHzXtEe7WrCn6nV/v/CYP+YPH1XNm/wCWx3tnDjMfndx5benxY3FmJhDihnsx
  IavfXTBqpplgoKvP5ENncDDoCVmQqMpCZTU1FDBN0H9tee9s3ONdpe5VZXNYgTxJ
  4oPmTlR5mo4kDrGTmvly7tGN6sRKKKPQeQ4Mfs4H5U8q9bt3uZugH1737r3Xvfuv
  de9+690AHyN7rx3SfXuQy6VNId25anrKDZuOqWQpJkkpy9Rmq6NjZMFtunb7uskf
  TGVVYtQkmjBxx+8/7/bN93/22v8AfpJkk5xvQ1vtdr8Tz3TCgcpxMNvqEkpNFPZF
  UPLGDJftZ7fXXuBzJFaurJsFtSW8l4BIgfgDf78mIKRjiO56aUYjUy/kgVUvzD/n
  JfLr5WU9RV5rrv419LP1RtHMyGSQ1e7Oxd1QY3HZqqqpPIs9RmsFs3dMknIeZpEk
  1WUhgL9zrkDceTvb/b5d+Z35kvVe9vHclnNzeN4h1sckha1rmpPQh96eY4N75gnW
  yCrt8JEMKqKKI4RpAVeAFaYGMY63TPeZHUJ9f//R3+PfuvdUGf8ACjn4T5H5efy6
  937p2RiHynbXxZyrd97OhpEdsnlNq4PGVdH2vtujVBJJOanZE0uVip40aarrsLSw
  x+p7EL83bZ+8dol0pWWLvA9RTuH7M/MgdG+yXf0t6lWoj4/PyP7cfn189v469usB
  HhcjVkTJpWNXf6/gFAfwfeDHubyYKtf20P6Z406yI5S34kC3lk7h0fyg3IssaOso
  IIFiDce8d7jbGRmUp1KEV2GAIbHT7Hm9Q/WP9v7L2sqfh6VLc/PrKcvf+0P9v/xv
  3X6QD8PWzOPXqNJlL/2vx/W//G/bi21Pw9Uab59NVRXRyf5yzLzccG4PBHIJtb2q
  jgZfh49MtKDx4dNlJsPFZ6vp67FSS4/N0k8FZQ1dBK9LVUddTSrPTVtJWQvHPS1V
  NNGrpIjK6OoIII9mCc0brseiRZmCKag1IIpwp0mO0We46kKDURw62yfgB/OV3Ng9
  tYLqv5sUGazEmGo6PF4bv/BY+bLZLI0dNGIo37P2/Rq1fX5Kngj/AHMtjY56isOk
  zUjTGWpkyY9u/vkbFbrDtHuMXCiireRKXIH/AC8RLV2p/vyFXdsViJq5ibmj2J3G
  UyX3Kukk5MDnSK/8Kc9o/wBK5UDycCijYE2H390l2fQwZDYHa2wt0w1EayLDjNzY
  psjErx+VVrMRNUxZWgl8R1aJ4Y3C8ke8t+XvdL235rhWbl3nrarsH8KXMXiLQVIe
  IsJEIGSHVSBxHUJ7nyfzVszmPdOXbyE+rRPpPzVwCrD5qSOlxX7z2fiqZ6zKbr21
  jaSM2eqr87i6OmQ6Wazz1FVHEp0oTyfoD7N9x505O2e1a93fmzbLWyXjJNdQRIME
  5d3VRgE8eAPSK12Hfb6YW9lst3NOeCpDI7H8lUnzHl59Fw378vOvcNHUYzrot2du
  dg8dMmCZxtWklNgtTkt0GM0NRSLctpoPu3YrpJjDaxhJ76f3insb7Wbfe2fJ26Jz
  RzgFKxxWjf4mj+TTXtPDdPMC18dmI0kxBvEEzcpfd+5t3V4r7m0DZdiwWM1PqXHm
  sdtXWrHhWbwgK1GsjSdQj+eb/M0rOvNu7j6b29vKl3H8iO0MS2H3dkMNKBjuqNhV
  CsJNv4aFJZVxlXkI5GVU1GUh3llZpHZjg57D8r+5P3sfdZvvB+9Ujvy7ZSD6OAqU
  gYxkmKG3iJIS2hJLHJMkhZ5GeRndpl5u3vZPb7lWHkzk62+nSQE0JrM2oUa4uGoK
  yOMIKAKtAqqgVRdt/wAJxPhJkPiB/Lp2fufeuHfF9sfKTKr33vCGrV1yeL2rnMZS
  UfVG3KwSCOSFqbZEMWVlp5EWakr81VQyepLDt5ynt37v2mNnSk03eR6CnaP95zTy
  JI6w03q6+pvXCtVE7R9vmf24/Lq/X2J+inr/0t/j37r3XCWKKeKSGaNJoZkeKWKV
  FkilikUpJHJG4KujqSCCCCD79xwevdfLY/nl/wAszcn8s35gZHdPXGEqaX4vd55j
  M706Oy1FE38L2jVzTrX7r6ZrZEUCiq9jVlb/ALilkLGqwMtK4klnirBFB/OPLUUE
  s0DxV26epT0Hqv8AtfL1WnnXqQdi3V5ESRXpdR0DfP5/n5/P8uia9TdxQZ2hhpqu
  o01kaqkkcjrquOLj6H3ibzjyTJt1xJLDHWAmoI6mnYt/W6iVHf8AUHRkqTPh1Vlk
  BBAsQeD/AMU9xhNtxUkFc9C5LqorXp1TM3H6/wDbH/kXtG1jTy6fFx8+uZyosfV/
  vI/4r70LP5db8evUaTJX/tf7z/X26tr8uqGb59YqfcFTj5RNTTMjqQeGI/Sbg8Ee
  7SbbFcpolSo60l28R1I1D0ajqr5SU+1mhp90Ui5amEh1+ZEASIAAqpsdTG3HuKOb
  fah92DybXJ4UlMUPE9DPZecxZFVu01pXz9OrI+tPmD8YquPzZuhGIqRDEWZkjJYi
  wVeGBAUE+8ZuZ/ZH3JjfRZTeNFU4z1KVhz9y5JGCNMUtOJFeh8/2er4b7RpmyH3a
  Vk8QDlYoIzyvJDMWPHsCL93v3b3aVbc25VDjJ6Z3DnbbgjmPmBEQjOlTXqs75pfz
  6v4PtrL9ffF/b1NhcxkoJqB93VIR5sbFIrRyVFJCgCrUWPpJ+h95VeyH3A0utys+
  YPc29MtjGwbwFwHIyAxPl69QPzj7nbbZh49pMl3uZwJJTVU+YXzPpXolP8kj+XFv
  v+ap80z2P3RFldx/HrqDcGL7E+Qm69wNUVMG/wDLmsOQ2z07TVUyyffVu+qykJyi
  K0Yo9vwVTeWKololm7A8h8n7dbRWW1bXYR2+wWaKAiKFQAfCgA/i8/lU1qR1jBzF
  vdzI093dXDSbhMT3E1Pzb7B5fOnl19RWKKKCKOGGNIYYUSKKKJFjiiijUJHHHGgC
  oiKAAAAAB7nfhgdR31z9+691/9Pf49+691737r3RVPml8Nukvnn8et6/G/vrAtld
  nbsiirMXmaBaWLdOwt4Y6OoG3t+7JydVTVa4jdOAlqZBHJoeKopZp6SoSakqaiGR
  FuFhb7layWlytY24HzU+TD0I/wA4OCR0/bXMtpMs0R7h+wj0Py6+V3/MH/l7fI7+
  Vx8hKzq7tjGz1O3snVZjJdQds42keLZ/bmycfkmpafN4xo6itjxO4KWCSD+L4Sad
  6zEzzoGMtPNTVNRBvMXLjW7SWG4RaoWrpamGHqPQ+o4j7KEyHte6iQLc2r0cUqPQ
  +h+XofPoNeve7KeuSGiykop6qyqRI1lY/S6Ne3P+PuAuZOQ5bdnntE1Q/L/L1JW0
  8xpKFjmaj9GModx09XGskE6SoQCCrA2/1/z7jSfbJImKyRkN0LI7tXAKuCOndctc
  fq/3n2iNlTy6fE/z67bJgj9X+8j/AIr78LSnl1vxuosmRuL6v959ura08uqGb59N
  01fe/q9qkt/l0y0vSfyWcpqCJ5qqqSnjVSxLSaSQAfoLg/j/AFv8fZja2Etw6pFE
  WY/LpLNcpEpZ3oOitdhdxSVSyY3BSm3rR6gM1hc2uGv6m/1uPctct8kLEUutxTPE
  L0Ct25hLhobVvtPQ7/y6P5cnyF/mad+UPU3T2LqKXbuLqsRlO4u3cpSvNtPqfZmQ
  yS0tTnctJJUUUeY3DVwR1BxGEhnSsy08DhDFTw1NTTzHs+zT7nOlraR6YVpqanai
  +vzPoOJ+ypAEvr+O0jaadqua0HmT/q4ny6+qn8Lfht0l8DPj1sr439C4FsVs7acU
  tZlMzXrSy7p37vDIx043Dv3e2TpaakXL7pz8tNGJJNCRU9LDBSU6Q0lNTwxzVt9h
  b7bax2lstI14nzY+bH1J/wAwGAB0Abm5lu5mmlPcf2Aeg+XRq/a3pjr3v3Xuv//U
  3+Pfuvde9+691737r3Raflj8Qvj583Onc90Z8kevcZv7YubH3FKZi9FuHamciRlo
  N1bL3HS6MptncuNZj46incCWMvBOk1NLNDIkvbG13GBra7iDRn9oPqD5H/ijjp+3
  uJrWQSwvRx/P5EeY6+d9/M0/4Tj/AC8+EmS3B2P0HjM/8qPjZDVVldR7i2Vh5q7t
  /r7EKGqo4Oy+vMPDLW19PjaYOsuewcVTjXjp2qauHFCWOn9xXvHKd7Ya5LdTPZ+o
  FWA/pL5/aKjzOnh0MLHere40rIfDn+fA/Yf8h/n1QdguxNzbecRpUvKkRKGGcsHQ
  qbMpJ9QZbWsfp7jPceV9r3HUXh0yHzH+boW2m8XlrQLJVfn0MOK7/VUC5GilDcAs
  vr/1zdSCST/X2Cbz25Ykm1uBT546EEHNQAAljNelhD3xtl0Bf7iNrC4Jt/r29Psl
  k9vt2U9ukjpevM9kRmoPWKp7521EhMSVMzWNlXkD62v6eR/h7tF7e7q5o5RR1p+Z
  7IDFSekPme/Z5VaPFULJdbLJIdNmve/JZx/sPZ/Ze3SKQ15cA54DotuOaSQRBF5d
  AznN5bh3JKRWVczLK9lpoS1mLkAJYXZyT9B+fY627Ytu2xVFvANY8zx6Dt1uV3dk
  mWQ6fTrYE/lj/wDCcb5c/NjJbf7F78xO4Piv8aZaimrKrP7xxEmO7f7AxLJ9yYes
  +vczTLWUFLkITGI87nIqXHLFULUUkWT8ckHuQtn5UvtwKy3KmG09SO5h/RU/4Tjz
  FeHQXvt5t7YMkREk/wAuA+0/5B/Lr6IHxO+IXx8+EfTuB6M+N3XuM2DsXCD7iqMJ
  et3DuvOSoq1+6t6bjqteU3NuXJMo8lRUORFGEggSGmihhjlOysbXboFtrSILGP2k
  +pPmf+KGOghcXE11IZZnq5/l8gPIdGW9q+mOve/de697917r/9Xf49+691737r3X
  vfuvde9+691737r3VVnzJ/ks/wAub5yVeW3J3B8fsHt/szMeeWr7g6jnbrHsepyF
  QHD5jOV+3okwO+MsA1lm3FjsuQqqttKqAS3/AC/tW4lnntQJj+Je1vtNME/6YHpf
  bbleWoCxzEoPI5H+x+VOte3uz/hHVtepq6mu+OXzUz+GoPIRR7W7s6vx25qsREOV
  ep39sXP7ShMkZCqVXbYD6i2pdIVgvcchoSTabgQPR1r/AMaBH/HejeLmNqUmtgT6
  qafyNf8AD0Q/Jf8ACQr+YlFWSJh++fhbXUAEfiqclvjvLE1jsUUyiShpfj9mYYgk
  lwpFQ+pQCQpNgWnkbda9tzbkfa4/58PSscw2dMxS1+xf+guvY3/hIV/MSlrI0zHf
  PwtoaAiTy1ON3x3llqxGCMYhHQ1Xx+w0MoeSwYmoTSpJAYix8ORt1r3XNuB9rn/n
  wdePMNnTEUtfsX/oLo+HSf8Awjq2vTVdNXfI35qZ/M0HkArNrdJ9X47bNWYgELPT
  b+31n92wiSQllCttshNIbU2oqplb8hoCDd7gSPRFp/xok/8AHekkvMbUpDbAH1Y1
  /kKf4ethL4bfyWf5c3wbq8TuTp/4/YPcHZmH8EtJ3B25O3Z3Y9NkKcIEzGDr9wxP
  gdj5YhbNNt3HYglWZbaWYEUWHL+1bcVeC1BmH4m7m+0VwD/pQOii53K8ugVkmIQ+
  QwP9n869Wp+zrpB1737r3Xvfuvde9+691737r3X/1t/j37r3Xvfuvde9+691737r
  3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+691
  737r3X//19/j37r3Xvfuvde9+691737r3Xvfuvde9+691737r3Xvfuvde9+69173
  7r3Xvfuvde9+691737r3Xvfuvde9+691737r3X//2e69
  "/>
      </g>
  </svg>
  
  
  
  1.51      +10 -4     xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/GUI.properties
  
  Index: GUI.properties
  ===================================================================
  RCS file: /home/cvs/xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/GUI.properties,v
  retrieving revision 1.50
  retrieving revision 1.51
  diff -u -r1.50 -r1.51
  --- GUI.properties	13 Jun 2002 11:19:36 -0000	1.50
  +++ GUI.properties	14 Jun 2002 13:12:25 -0000	1.51
  @@ -404,15 +404,21 @@
   PreferenceDialog.label.selection.xor.mode = Display selection overlay using XOR mode
   PreferenceDialog.label.is.xml.parser.validating = Use a validating XML parser
   PreferenceDialog.label.enforce.secure.scripting = Enforce secure scripting
  -PreferenceDialog.label.load.java = Enable Java jar files
  -PreferenceDialog.label.load.ecmascript = Enable linked Ecmascript
  +PreferenceDialog.label.load.java = Java jar files
  +PreferenceDialog.label.load.ecmascript = Ecmascript/Javascript
   PreferenceDialog.label.constrain.script.origin = Scripts constrained to same origin as document
   PreferenceDialog.label.constrain.external.resource.origin = External resources (images, stylesheets, etc..) constrained to same origin as document
   PreferenceDialog.label.host = Proxy Host
   PreferenceDialog.label.port = Proxy Port
   PreferenceDialog.label.ok = OK
   PreferenceDialog.label.cancel = Cancel
  -
  +PreferenceDialog.label.load.scripts = Load Scripts:
  +PreferenceDialog.label.origin.any = Any
  +PreferenceDialog.label.origin.document = Same as document
  +PreferenceDialog.label.origin.embed = Embeded
  +PreferenceDialog.label.origin.none = Not allowed
  +PreferenceDialog.label.script.origin = Script Origin:
  +PreferenceDialog.label.resource.origin = External Resources Origin:
   PreferenceDialog.title.behavior = Optional Browser Behaviors
   PreferenceDialog.title.network = Network Options
   PreferenceDialog.title.dialog = Preferences
  
  
  
  1.11      +8 -2      xml-batik/resources/org/apache/batik/bridge/resources/Messages.properties
  
  Index: Messages.properties
  ===================================================================
  RCS file: /home/cvs/xml-batik/resources/org/apache/batik/bridge/resources/Messages.properties,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- Messages.properties	13 Jun 2002 11:19:36 -0000	1.10
  +++ Messages.properties	14 Jun 2002 13:12:25 -0000	1.11
  @@ -68,10 +68,16 @@
   Could not access the current document URL when trying to load script file {0}. Script will not be loaded as it is not possible to verify it comes from the same location as the document.
   
   DefaultScriptSecurity.error.script.from.different.url = \
  -The document references a script file ({0}) which comes from different location than the document itself. This is not allowed for security reasons and that script will not be loaded.
  +The document references a script file ({0}) which comes from different location than the document itself. This is not allowed with the current security settings and that script will not be loaded.
  +
  +EmbededScriptSecurity.error.script.not.embeded = \
  +The document references a script file ({0}) which is not embeded in the document. This is not allowed with the current security settings and that script will not be loaded.
  +
  +EmbededExternalResourceSecurity.error.external.resource.not.embeded = \
  +The document references a resource ({0}) which is not embeded in the document. This is not allowed with the current security settings and that resource cannot be loaded.
   
   NoLoadScriptSecurity.error.no.script.of.type.allowed = \
  -Scripts of type ({0}) cannot be loaded for security reasons.
  +Scripts of type ({0}) cannot be loaded and executed with the current security settings.
   
   DefaultExternalResourceSecurity.error.cannot.access.document.url = \
   Could not access the current document URL when trying to load an external resource {0}. The external resource will not be loaded as it is not possible to verify it comes from the same location as the document.
  
  
  
  1.2       +2 -3      xml-batik/test-sources/org/apache/batik/bridge/ExternalResourcesTest.java
  
  Index: ExternalResourcesTest.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/test-sources/org/apache/batik/bridge/ExternalResourcesTest.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- ExternalResourcesTest.java	13 Jun 2002 11:19:39 -0000	1.1
  +++ ExternalResourcesTest.java	14 Jun 2002 13:12:25 -0000	1.2
  @@ -391,8 +391,7 @@
           public ExternalResourceSecurity 
               getExternalResourceSecurity(ParsedURL resourcePURL,
                                           ParsedURL docPURL){
  -            return new NoLoadExternalResourceSecurity(resourcePURL,
  -                                                      docPURL);
  +            return new NoLoadExternalResourceSecurity();
               
           }
   
  
  
  
  1.3       +31 -4     xml-batik/test-sources/org/apache/batik/bridge/ScriptSelfTest.java
  
  Index: ScriptSelfTest.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/test-sources/org/apache/batik/bridge/ScriptSelfTest.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- ScriptSelfTest.java	5 Jun 2002 21:14:49 -0000	1.2
  +++ ScriptSelfTest.java	14 Jun 2002 13:12:25 -0000	1.3
  @@ -24,6 +24,9 @@
   public class ScriptSelfTest extends SelfContainedSVGOnLoadTest {
       boolean secure = true;
       boolean constrain = true;
  +    boolean document = true;
  +    boolean embed = false;
  +
       String scripts = "text/ecmascript, application/java-archive";
       TestUserAgent userAgent = new TestUserAgent();
   
  @@ -48,6 +51,23 @@
           return new Boolean(this.constrain);
       }
   
  +    public void setEmbed(Boolean embed){
  +        this.embed = embed.booleanValue();
  +    }
  +
  +    public Boolean getEmbed(){
  +        return new Boolean(this.embed);
  +    }
  +
  +    public void setDocument(Boolean document){
  +        this.document = document.booleanValue();
  +    }
  +
  +    public Boolean getDocument(){
  +        return new Boolean(this.document);
  +    }
  +
  +
       public void setScripts(String scripts){
           this.scripts = scripts;
       }
  @@ -84,9 +104,16 @@
               if (scripts.indexOf(scriptType) == -1){
                   return new NoLoadScriptSecurity(scriptType);
               } else {
  -                if (constrain){
  -                    return new DefaultScriptSecurity
  -                        (scriptType, scriptPURL, docPURL);
  +                if (constrain) {
  +                    if (document) {
  +                        return new DefaultScriptSecurity
  +                            (scriptType, scriptPURL, docPURL);
  +                    } else if (embed){
  +                        return new EmbededScriptSecurity
  +                            (scriptType, scriptPURL, docPURL);
  +                    } else {
  +                        return new NoLoadScriptSecurity(scriptType);
  +                    }
                   } else {
                       return new RelaxedScriptSecurity
                           (scriptType, scriptPURL, docPURL);
  
  
  
  1.3       +3 -1      xml-batik/test-sources/org/apache/batik/test/svg/SelfContainedSVGOnLoadTest.java
  
  Index: SelfContainedSVGOnLoadTest.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/test-sources/org/apache/batik/test/svg/SelfContainedSVGOnLoadTest.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- SelfContainedSVGOnLoadTest.java	3 May 2002 12:28:53 -0000	1.2
  +++ SelfContainedSVGOnLoadTest.java	14 Jun 2002 13:12:25 -0000	1.3
  @@ -245,12 +245,14 @@
               scriptEnvironment.loadScripts();
               scriptEnvironment.dispatchSVGLoadEvent();
           } catch (BridgeException e){
  +            e.printStackTrace();
               report.setErrorCode(ERROR_WHILE_PROCESSING_SVG_DOCUMENT);
               report.addDescriptionEntry(ENTRY_KEY_ERROR_DESCRIPTION,
                                          e.getMessage());
               report.setPassed(false);
               return report;
           } catch(Exception e){
  +            e.printStackTrace();
               report.setErrorCode(ERROR_WHILE_PROCESSING_SVG_DOCUMENT);
               report.addDescriptionEntry(ENTRY_KEY_ERROR_DESCRIPTION,
                                          e.getMessage());
  
  
  
  1.55      +2 -1      xml-batik/sources/org/apache/batik/swing/svg/JSVGComponent.java
  
  Index: JSVGComponent.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/swing/svg/JSVGComponent.java,v
  retrieving revision 1.54
  retrieving revision 1.55
  diff -u -r1.54 -r1.55
  --- JSVGComponent.java	13 Jun 2002 11:19:38 -0000	1.54
  +++ JSVGComponent.java	14 Jun 2002 13:12:25 -0000	1.55
  @@ -2074,6 +2074,7 @@
                   Query q = new Query();
                   invokeAndWait(q);
                   if (q.se != null) {
  +                    q.se.fillInStackTrace();
                       throw q.se;
                   }
               }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: batik-dev-help@xml.apache.org


Mime
View raw message