* Components.utils.evalInSandboxが使えるなら、そちらを使う様に修正

git-svn-id: http://svn.coderepos.org/share/lang/javascript/vimperator-plugins/trunk@13217 d0d07461-0603-4401-acd4-de1884942a52

2 files changed, 31 insertions, 11 deletions

diff --git a/direct_bookmark.js b/direct_bookmark.js
index f1334f3..10e4a6a 100644
--- a/direct_bookmark.js
+++ b/direct_bookmark.js
@@ -1,6 +1,6 @@
 // Vimperator plugin: 'Direct Post to Social Bookmarks'

-// Version: 0.08

-// Last Change: 03-Jun-2008. Jan 2008

+// Version: 0.09

+// Last Change: 04-Jun-2008. Jan 2008

 // License: Creative Commons

 // Maintainer: Trapezoid <trapezoid.g@gmail.com> - http://unsigned.g.hatena.ne.jp/Trapezoid

 // Parts:

@@ -46,12 +46,22 @@
 //  ':bicon'

 //      Show Bookmark Count as Icon

 (function(){

+    var evalFunc = window.eval;

+    try {

+        var sandbox = new Components.utils.Sandbox(window);

+        if (Components.utils.evalInSandbox("true", sandbox) === true) {

+            evalFunc = function(text) {

+                return Components.utils.evalInSandbox(text, sandbox);

+            }

+        }

+    } catch(e) { liberator.log('warning: wassr.js is working with unsafe sandbox.'); }

+

     var useServicesByPost = liberator.globalVariables.direct_sbm_use_services_by_post || 'hdl';

     var useServicesByTag = liberator.globalVariables.direct_sbm_use_services_by_tag || 'hdl';

     var isNormalize = liberator.globalVariables.direct_sbm_is_normalize ?

-        window.eval(liberator.globalVariables.direct_sbm_is_normalize) : true;

+        evalFunc(liberator.globalVariables.direct_sbm_is_normalize) : true;

     var isUseMigemo = liberator.globalVariables.direct_sbm_is_use_migemo ?

-        window.eval(liberator.globalVariables.direct_sbm_is_use_migemo) : true;

+        evalFunc(liberator.globalVariables.direct_sbm_is_use_migemo) : true;

 

     var XMigemoCore;

     try{

@@ -380,7 +390,7 @@
                 xhr.open("GET", feed_url + user + "?raw", false, user, password);

                 xhr.send(null);

 

-                var tags = window.eval("(" + xhr.responseText + ")");

+                var tags = evalFunc("(" + xhr.responseText + ")");

                 for(var tag in tags)

                     returnValue.push(tag);

                 liberator.echo("del.icio.us: Tag parsing is finished. Taglist length: " + returnValue.length);

diff --git a/wassr.js b/wassr.js
index 31cddd1..7b2ca97 100644
--- a/wassr.js
+++ b/wassr.js
@@ -1,5 +1,5 @@
 // Vimperator plugin: "Update Wassr"

-// Last Change: 09-May-2008. Jan 2008

+// Last Change: 04-Jun-2008. Jan 2008

 // License: Creative Commons

 // Maintainer: mattn <mattn.jp@gmail.com> - http://mattn.kaoriya.net/

 // Based On: twitter.js by Trapezoid

@@ -7,6 +7,16 @@
 // The script allows you to update Wassr status from Vimperator 0.6.*.

 

 (function(){

+    var evalFunc = window.eval;

+    try {

+        var sandbox = new Components.utils.Sandbox(window);

+        if (Components.utils.evalInSandbox("true", sandbox) === true) {

+            evalFunc = function(text) {

+                return Components.utils.evalInSandbox(text, sandbox);

+            }

+        }

+    } catch(e) { liberator.log('warning: wassr.js is working with unsafe sandbox.'); }

+

     var passwordManager = Cc["@mozilla.org/login-manager;1"].getService(Ci.nsILoginManager);

     function sayWassr(username, password, stat){

         var xhr = new XMLHttpRequest();

@@ -26,7 +36,7 @@
         //xhr.open("GET", "http://api.wassr.jp/statuses/user_timeline/otsune.json", false, username, password);

         xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

         xhr.send(null);

-        var statuses = window.eval(xhr.responseText);

+        var statuses = evalFunc(xhr.responseText);

 

         var html = <style type="text/css"><![CDATA[

             span.wassr.entry-content a { text-decoration: none; }

@@ -78,7 +88,7 @@
         xhr.open("GET", "http://api.wassr.jp/todo/list.json", false, username, password);

         xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

         xhr.send(null);

-        var todos = window.eval(xhr.responseText);

+        var todos = evalFunc(xhr.responseText);

 

         var html = <style type="text/css"><![CDATA[

             span.wassr.entry-content a { text-decoration: none; }

@@ -104,7 +114,7 @@
         xhr.open("GET", "http://api.wassr.jp/footmark/recent.json", false, username, password);

         xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

         xhr.send(null);

-        var footmarks = window.eval(xhr.responseText);

+        var footmarks = evalFunc(xhr.responseText);

 

         var html = <style type="text/css"><![CDATA[

             img.wassr.photo { border; 0px; width: 16px; height: 16px; vertical-align: baseline; }

@@ -127,7 +137,7 @@
         xhr.open("GET", "http://api.wassr.jp/footmark/recent.json", false, username, password);

         xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

         xhr.send(null);

-        var footmarks = window.eval(xhr.responseText);

+        var footmarks = evalFunc(xhr.responseText);

 

         var html = <style type="text/css"><![CDATA[

             img.wassr.photo { border; 0px; width: 16px; height: 16px; vertical-align: baseline; }

@@ -205,7 +215,7 @@
                     xhr.open("GET", "http://api.wassr.jp/todo/list.json", false, username, password);

                     xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

                     xhr.send(null);

-                    var todos = window.eval(xhr.responseText);

+                    var todos = evalFunc(xhr.responseText);

                     for(let i in todos) candidates.push([filter + ' ' + todos[i].todo_rid, todos[i].body]);

                 }

                 catch (ex){