1. Modified code so that external script includes from a secure (https) source in a template are also accepted.

2. Removed include of google vis api form individual template & moved it to sparkline template.
2011-01-05 19:15:24 +00:00 · 2011-01-05 19:15:24 +00:00 · 587e83f6b1
commit 587e83f6b1
parent 206edf5dbb
2 changed files with 18 additions and 3 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/files/Files.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/files/Files.java
@ -2,7 +2,9 @@

 package edu.cornell.mannlib.vitro.webapp.web.templatemodels.files;

+import java.util.HashSet;
 import java.util.LinkedHashSet;
+import java.util.Set;

 import edu.cornell.mannlib.vitro.webapp.web.templatemodels.BaseTemplateModel;

@ -11,6 +13,12 @@ public abstract class Files extends BaseTemplateModel {
    protected LinkedHashSet<String> list = null;
    private String themeDir = null;
    
+    @SuppressWarnings("serial")
+	private static final Set<String> allowedExternalUrlPatterns = new HashSet<String>() {{
+    	add("http://");
+    	add("https://");
+    }};  
+    
    public Files() {
        this.list = new LinkedHashSet<String>();
    }
@ -25,9 +33,17 @@ public abstract class Files extends BaseTemplateModel {
    }
    
    public void add(String path) {
+
    	// Allow for an external url
-    	String url = path.startsWith("http://") ? path : getUrl(path);
-        list.add(url);
+    	for (String currentPattern : allowedExternalUrlPatterns) {
+    		if (path.startsWith(currentPattern)) {
+    			list.add(path);
+    			return;
+    		}
+    	}
+
+    	// If an external url pattern was not found. 
+        list.add(getUrl(path));
    }
    
    public void add(String... paths) {
--- a/webapp/web/templates/freemarker/body/individual/individual.ftl
+++ b/webapp/web/templates/freemarker/body/individual/individual.ftl
@ -108,7 +108,6 @@ ${headScripts.add("/js/jquery_plugins/getUrlParam.js",
                  "/js/jquery_plugins/jquery.form.js",
                  "/js/tiny_mce/tiny_mce.js", 
                  "/js/controls.js",
-                  "http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22visualization%22%2C%22version%22%3A%221%22%2C%22packages%22%3A%5B%22areachart%22%2C%22imagesparkline%22%5D%7D%5D%7D",
                  "/js/toggle.js")}
                  
 ${scripts.add("/js/imageUpload/imageUploadUtils.js")}