Fix security issue by avoiding use of eval() within postMessage calls between embedAPI and main editor (also namespace the messages and protect the imagelib extension message listener from non-string messages); avoid embedAPI's unneeded randomizing of callback IDs in favor of incrementing; deprecate old embedded_svg_edit API name in favor of JS/JSLint-friendly EmbeddedSVGEdit name (and allow it to be instantiated w/o new keyword); JSLint/HTML5-ize embedAPI files, remove HTML5/browser-optional type="text/javascript", remove unused comments for embedAPI

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2585 eee81c28-f429-11dd-99c0-75d572ba1ddd
2013-10-13 23:59:32 +00:00
parent 109cbaf99b
commit ffde8814ac
4 changed files with 92 additions and 95 deletions
--- a/editor/embedapi.html
+++ b/editor/embedapi.html
@@ -1,19 +1,23 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" >
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
+    <meta charset="utf-8" />
 	<title>Embed API</title>
-</head>
-<body>
-	<script type="text/javascript" src="embedapi.js"></script>
-	<script type="text/javascript">
-		var svgCanvas = null;
+    <script src="jquery.js"></script>
+	<script src="embedapi.js"></script>
+	<script>
+    /*globals $, EmbeddedSVGEdit*/
+    $(function () {'use strict';
+		
+        var svgCanvas = null;

 		function init_embed() {
-			var frame = document.getElementById('svgedit');
-			svgCanvas = new embedded_svg_edit(frame);
-			// Hide main button, as we will be controlling new/load/save etc from the host document
-			var doc = frame.contentDocument || frame.contentWindow.document;
-			var mainButton = doc.getElementById('main_button');
+			var doc, mainButton,
+                frame = document.getElementById('svgedit');
+			svgCanvas = new EmbeddedSVGEdit(frame);
+			// Hide main button, as we will be controlling new, load, save, etc. from the host document
+			doc = frame.contentDocument || frame.contentWindow.document;
+			mainButton = doc.getElementById('main_button');
 			mainButton.style.display = 'none';
 		}

@@ -33,10 +37,20 @@
 		function saveSvg() {
 			svgCanvas.getSvgString()(handleSvgData);
 		}
+        
+        // Add event handlers
+        $('#load').click(loadSvg);
+        $('#save').click(saveSvg);
+        
+        // Export globals
+        window.init_embed = init_embed;
+    });
 	</script>
-	<button onclick="loadSvg();">Load example</button>
-	<button onclick="saveSvg();">Save data</button>
+</head>
+<body>
+	<button id="load">Load example</button>
+	<button id="save">Save data</button>
 	<br/>
-	<iframe src="svg-editor.html" width="900px" height="600px" id="svgedit" onload="init_embed()"></iframe>
+	<iframe src="svg-editor.html" width="900px" height="600px" id="svgedit" onload="init_embed();"></iframe>
 </body>
 </html>