Merge pull request #223 from tomvantilburg/master

securing json input for idb

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "cow",
-  "version": "2.3.0-beta",
+  "version": "2.3.0-rc1",
   "main": "dist/cow.js",
   "homepage": "https://github.com/Geodan/cow",
   "description": "Concurrent Online WebGIS",

dist/cow.js

@@ -670,7 +670,8 @@ Cow.localdb.prototype.write = function(config){
             console.warn('Abort error');
         };
         var store = trans.objectStore(storename);
-        var request = store.put(record);
+        //parse / stringify will remove artifacts from other libs
+        var request = store.put(JSON.parse(JSON.stringify(record)));
         request.onsuccess = function(e) {
             resolve(request.result);
         };
@@ -698,8 +699,9 @@ Cow.localdb.prototype.writeAll = function(config){
             var record = list[i];
             record._id = record._id.toString();
             record.projectid = projectid;
-            var request = store.put(record);
-            request.onsuccess = function(e) {
+            //parse / stringify will remove artifacts from other libs
+            var request = store.put(JSON.parse(JSON.stringify(record)));
+        	request.onsuccess = function(e) {
                 //continue
             };
             request.onerror = function(e) {
@@ -2279,16 +2281,16 @@ Cow.websocket.prototype._onClose = function(event){
     var self = this;
     var restart = function(){
         try{
-        	this._core.websocket().trigger('notice','Trying to reconnect');
+        	self._core.websocket().trigger('notice','Trying to reconnect');
             self._core.websocket().disconnect();
         }
         catch(err){
-        	this._core.websocket().trigger('notice',err);
+        	self._core.websocket().trigger('notice',err);
         }
         self._core.websocket().connect().then(function(d){
            self._connection = d;
         }, function(e){
-        	this._core.websocket().trigger('notice',e);
+        	self._core.websocket().trigger('notice',e);
         });
     };
     if (this._core._autoReconnect){
@@ -2298,77 +2300,6 @@ Cow.websocket.prototype._onClose = function(event){
 
 _.extend(Cow.websocket.prototype, Events);
 }.call(this));
-/*TT:
-Added this from https://gist.github.com/revolunet/843889
-to enable LZW encoding
-*/
-// LZW-compress a string
-function lzw_encode(s) {
-    var dict = {};
-    var data = (s + "").split("");
-    var out = [];
-    var currChar;
-    var phrase = data[0];
-    var code = 256;
-    for (var i=1; i<data.length; i++) {
-        currChar=data[i];
-        if (dict[phrase + currChar] != null) {
-            phrase += currChar;
-        }
-        else {
-            out.push(phrase.length > 1 ? dict[phrase] : phrase.charCodeAt(0));
-            dict[phrase + currChar] = code;
-            code++;
-            phrase=currChar;
-        }
-    }
-    out.push(phrase.length > 1 ? dict[phrase] : phrase.charCodeAt(0));
-    for (var i=0; i<out.length; i++) {
-        out[i] = String.fromCharCode(out[i]);
-    }
-    return out.join("");
-}
-
-// Decompress an LZW-encoded string
-function lzw_decode(s) {
-    var dict = {};
-    var data = (s + "").split("");
-    var currChar = data[0];
-    var oldPhrase = currChar;
-    var out = [currChar];
-    var code = 256;
-    var phrase;
-    for (var i=1; i<data.length; i++) {
-        var currCode = data[i].charCodeAt(0);
-        if (currCode < 256) {
-            phrase = data[i];
-        }
-        else {
-           phrase = dict[currCode] ? dict[currCode] : (oldPhrase + currChar);
-        }
-        out.push(phrase);
-        currChar = phrase.charAt(0);
-        dict[code] = oldPhrase + currChar;
-        code++;
-        oldPhrase = phrase;
-    }
-    return out.join("");
-}
-function encode_utf8(s) {
-  return unescape(encodeURIComponent(s));
-}
-
-function decode_utf8(s) {
-try{
-  return decodeURIComponent(escape(s));
-}
-catch(e){
-	console.warn(e,s);
-	debugger;
-}
-}
-
-
 (function(){
 
 var root = this;
@@ -2441,7 +2372,6 @@ Cow.messenger.prototype.sendData = function(data, action, target){
     message.sender = this._core.peerid();
     message.target = target;
     message.action = action;
-    //message.payload = lzw_encode(encode_utf8(JSON.stringify(data)));
     message.payload = lzwCompress.pack(data);
     var stringified;
     var endcoded;
@@ -2466,13 +2396,11 @@ Cow.messenger.prototype._onMessage = function(message){
     var sender = data.sender;
     var PEERID = core.peerid(); 
     var action = data.action;        
-    //if (typeof(data.payload) == 'object'){
     if (data.action == 'connected'){
 		data.payload = data.payload;
     }
     else {
     	try {
-    		//data.payload = JSON.parse(decode_utf8(lzw_decode(data.payload)));
     		data.payload = lzwCompress.unpack(data.payload);
     	}
     	catch(e){
@@ -2916,7 +2844,7 @@ Cow.core = function(config){
     if (typeof(config) == 'undefined' ) {
         config = {};
     }
-    this._version = '2.3.0-beta';
+    this._version = '2.3.0-rc1';
     this._herdname = config.herdname || 'cow';
     this._userid = null;
     this._socketserverid = null;

dist/cow.nodb.js

@@ -2121,77 +2121,6 @@ Cow.websocket.prototype._onClose = function(event){
 };
 _.extend(Cow.websocket.prototype, Events);
 }.call(this));
-/*TT:
-Added this from https://gist.github.com/revolunet/843889
-to enable LZW encoding
-*/
-// LZW-compress a string
-function lzw_encode(s) {
-    var dict = {};
-    var data = (s + "").split("");
-    var out = [];
-    var currChar;
-    var phrase = data[0];
-    var code = 256;
-    for (var i=1; i<data.length; i++) {
-        currChar=data[i];
-        if (dict[phrase + currChar] != null) {
-            phrase += currChar;
-        }
-        else {
-            out.push(phrase.length > 1 ? dict[phrase] : phrase.charCodeAt(0));
-            dict[phrase + currChar] = code;
-            code++;
-            phrase=currChar;
-        }
-    }
-    out.push(phrase.length > 1 ? dict[phrase] : phrase.charCodeAt(0));
-    for (var i=0; i<out.length; i++) {
-        out[i] = String.fromCharCode(out[i]);
-    }
-    return out.join("");
-}
-
-// Decompress an LZW-encoded string
-function lzw_decode(s) {
-    var dict = {};
-    var data = (s + "").split("");
-    var currChar = data[0];
-    var oldPhrase = currChar;
-    var out = [currChar];
-    var code = 256;
-    var phrase;
-    for (var i=1; i<data.length; i++) {
-        var currCode = data[i].charCodeAt(0);
-        if (currCode < 256) {
-            phrase = data[i];
-        }
-        else {
-           phrase = dict[currCode] ? dict[currCode] : (oldPhrase + currChar);
-        }
-        out.push(phrase);
-        currChar = phrase.charAt(0);
-        dict[code] = oldPhrase + currChar;
-        code++;
-        oldPhrase = phrase;
-    }
-    return out.join("");
-}
-function encode_utf8(s) {
-  return unescape(encodeURIComponent(s));
-}
-
-function decode_utf8(s) {
-try{
-  return decodeURIComponent(escape(s));
-}
-catch(e){
-	console.warn(e,s);
-	debugger;
-}
-}
-
-
 (function(){
 
 var root = this;
@@ -2264,7 +2193,6 @@ Cow.messenger.prototype.sendData = function(data, action, target){
     message.sender = this._core.peerid();
     message.target = target;
     message.action = action;
-    //message.payload = lzw_encode(encode_utf8(JSON.stringify(data)));
     message.payload = lzwCompress.pack(data);
     var stringified;
     var endcoded;
@@ -2289,13 +2217,11 @@ Cow.messenger.prototype._onMessage = function(message){
     var sender = data.sender;
     var PEERID = core.peerid(); 
     var action = data.action;        
-    //if (typeof(data.payload) == 'object'){
     if (data.action == 'connected'){
 		data.payload = data.payload;
     }
     else {
     	try {
-    		//data.payload = JSON.parse(decode_utf8(lzw_decode(data.payload)));
     		data.payload = lzwCompress.unpack(data.payload);
     	}
     	catch(e){
@@ -2739,7 +2665,7 @@ Cow.core = function(config){
     if (typeof(config) == 'undefined' ) {
         config = {};
     }
-    this._version = '2.3.0-beta';
+    this._version = '2.3.0-rc1';
     this._herdname = config.herdname || 'cow';
     this._userid = null;
     this._socketserverid = null;

dist/cow.node.js

@@ -2228,77 +2228,6 @@ Cow.websocket.prototype._onClose = function(event){
 };
 _.extend(Cow.websocket.prototype, Events);
 }.call(this));
-/*TT:
-Added this from https://gist.github.com/revolunet/843889
-to enable LZW encoding
-*/
-// LZW-compress a string
-function lzw_encode(s) {
-    var dict = {};
-    var data = (s + "").split("");
-    var out = [];
-    var currChar;
-    var phrase = data[0];
-    var code = 256;
-    for (var i=1; i<data.length; i++) {
-        currChar=data[i];
-        if (dict[phrase + currChar] != null) {
-            phrase += currChar;
-        }
-        else {
-            out.push(phrase.length > 1 ? dict[phrase] : phrase.charCodeAt(0));
-            dict[phrase + currChar] = code;
-            code++;
-            phrase=currChar;
-        }
-    }
-    out.push(phrase.length > 1 ? dict[phrase] : phrase.charCodeAt(0));
-    for (var i=0; i<out.length; i++) {
-        out[i] = String.fromCharCode(out[i]);
-    }
-    return out.join("");
-}
-
-// Decompress an LZW-encoded string
-function lzw_decode(s) {
-    var dict = {};
-    var data = (s + "").split("");
-    var currChar = data[0];
-    var oldPhrase = currChar;
-    var out = [currChar];
-    var code = 256;
-    var phrase;
-    for (var i=1; i<data.length; i++) {
-        var currCode = data[i].charCodeAt(0);
-        if (currCode < 256) {
-            phrase = data[i];
-        }
-        else {
-           phrase = dict[currCode] ? dict[currCode] : (oldPhrase + currChar);
-        }
-        out.push(phrase);
-        currChar = phrase.charAt(0);
-        dict[code] = oldPhrase + currChar;
-        code++;
-        oldPhrase = phrase;
-    }
-    return out.join("");
-}
-function encode_utf8(s) {
-  return unescape(encodeURIComponent(s));
-}
-
-function decode_utf8(s) {
-try{
-  return decodeURIComponent(escape(s));
-}
-catch(e){
-	console.warn(e,s);
-	debugger;
-}
-}
-
-
 (function(){
 
 var root = this;
@@ -2371,7 +2300,6 @@ Cow.messenger.prototype.sendData = function(data, action, target){
     message.sender = this._core.peerid();
     message.target = target;
     message.action = action;
-    //message.payload = lzw_encode(encode_utf8(JSON.stringify(data)));
     message.payload = lzwCompress.pack(data);
     var stringified;
     var endcoded;
@@ -2396,13 +2324,11 @@ Cow.messenger.prototype._onMessage = function(message){
     var sender = data.sender;
     var PEERID = core.peerid(); 
     var action = data.action;        
-    //if (typeof(data.payload) == 'object'){
     if (data.action == 'connected'){
 		data.payload = data.payload;
     }
     else {
     	try {
-    		//data.payload = JSON.parse(decode_utf8(lzw_decode(data.payload)));
     		data.payload = lzwCompress.unpack(data.payload);
     	}
     	catch(e){
@@ -2846,7 +2772,7 @@ Cow.core = function(config){
     if (typeof(config) == 'undefined' ) {
         config = {};
     }
-    this._version = '2.3.0-beta';
+    this._version = '2.3.0-rc1';
     this._herdname = config.herdname || 'cow';
     this._userid = null;
     this._socketserverid = null;

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cow",
-  "version": "2.3.0-beta",
+  "version": "2.3.0-rc1",
   "author": "Geodan Research",
   "private": true,
   "devDependencies": {