Sun GlassFish Web Space Server 10.0 Secure Web Access Add-On Guide

Rules for JavaScript Content

JavaScript can contain URLs in various locations. Rewriter cannot directly parse the JavaScript and determine the URL portion. A special set of rules need to be written to help the JavaScript processor to identify and translate the URL.

JavaScript elements with type URL are classified as follows:

Variables

The generic syntax for variables is:

<Variable name=”variableName“ [type="URL|EXPRESSION|DHTML|DJS|SYSTEM" source=”*”]>

JavaScript variables can be subclassified into 5 categories depending on the type of value they hold:

URL Variables

The variable value is a simple string which can be treated as a URL.

This section is divided into the following parts:

URL Variable Syntax

<Variable name=”variableName“ type="URL" [source=”*”]>

where

variableName is the name of the variable. The value of the variableName is rewritten (mandatory).

type is the URL variable (mandatory, and the value must to be a URL)

source is the URI of the page in which this JavaScript variable is found (optional, default is *, meaning in any page)

URL Variable Example

Assume the base URL is:

http://abc.siroe.com/tmp/page.html

Page Content

<script LANGUAGE="Javascript">
<!--
//URL Variables
var imgsrc1="/tmp/tmp.jpg";
var imgsrc2="http://srap.sesta.com/tmp/tmp.jpg";
var imgsrc3=imgsrc2;
//-->
</SCRIPT>

Rules

<Variable name=”imgsrc*” type="URL"/>

Output

<script LANGUAGE="Javascript">
<!--
//URL Variables
var imgsrc="gateway-URL/http://abc.siroe.com/tmp/tmp.jpg";
var imgsrc="gateway-URL/http://srap.sesta.com/tmp/tmp.jpg";
var imgsrc3=imgsrc2;
//-->
</SCRIPT>

Description

All variables of type URL and name beginning with imgsrc are rewritten. For the first line of the output, the Gateway URL and the base URL of the page on which the variable displays are prefixed. The second line already contains the absolute path, and hence only the Gateway URL is prefixed. Third var imagsrc2 would not be rewritten as it’s value is not a string but another JavaScript value.

EXPRESSION Variables

Expression variables have an expression on the right hand side. The result of this expression is a URL. Rewriter appends a JavaScript function (psSRAPRewriter_convert_expression) to the HTML page as it cannot evaluate such expressions on the server. This function takes the expression as a parameter and evaluates it to the required URL at the client browser.

If you are not sure whether a statement contains a simple URL or an EXPRESSION URL, use EXPRESSION rules because it can handle both scenarios.

This section is divided into the following parts:

EXPRESSION Variable Syntax

<Variable name=”variableName” [type="EXPRESSION" source=”*”]/>

where

variableName is the name of the JavaScript variable whose value is a expression (mandatory)

type is the type of JavaScript variable (optional, default value is EXPRESSION)

source is the URI of the pages (optional, default is *, meaning any source)

EXPRESSION Variable Example

Assume the base URL of the page is:

http://abc.siroe.com/dir1/dir2/page.html

Page Content

<script LANGUAGE="Javascript">
<!--
//Expression variables
var expvar= getURIPreFix() + "../../images/graphics"+".gif";
document.write("<A HREF="+expvar+">Link to XYZ content</A><P>")
var expvar="../../images/graphics"+".gif";
//-->
</SCRIPT>

Rules

<Variable name=”expvar” type="EXPRESSION"/>
or
<Variable name=”expvar”/>

Output

var expvar=psSRAPRewriter_convert_expression(getURIPreFix()
 + "../../images/graphics"+".gif");document.write("<a href="+expvar+">>
Link to XYZ content</A><P>")var expvar=”gateway-URL/http://abc.siroe.com/images/graphics"+".gif";

Description

The function psSRAPRewriter_convert_expression is prefixed to the right side of the expression variable expvar in the first line. This function processes the expression and rewrites the content at runtime. In the third line the value is rewritten as a simple URL.

DHTML(Dynamic HTML) Variables

These are JavaScript variables that contain HTML content.

This section is divided into the following parts:

DHTML Syntax

<Variable name=”variableName” type="DHTML" [source=”*”]/>

where

variableName is the name of the JavaScript variable with DHTML content (mandatory)

type is the type of the variable (mandatory, the value must be DHTML)

source is the URL of the page (optional, the default is *, meaning in any page)

DHTML Example

Assume the base URL of the page is:

http://abc.sesta.com/graphics/set1/
graphics/jsscript/JSVAR/page.html

Page Content

<script LANGUAGE="Javascript">
<!--
//DHTML Var
var dhtmlVar="<a href=../../images/test.html>"
var dhtmlVar="<a href=/images/test.html>"
var dhtmlVar="<a href=images/test.html>"
//-->
</SCRIPT>

Rules

<Variable name=”dhtmlVar” type="DHTML"/>
<Attribute name="href"/>
or
<Attribute name="href" tag="a"/>

Output

<script LANGUAGE="Javascript">
<!--
//DHTML Var
var dhtmlVar="<a href=gateway-URL
/http://abc.sesta.com/graphics/
set1/graphics/images/test.html>"
var dhtmlVar="<a href=gateway-URL/
http
://abc.sesta.com/images/test.html>"
var dhtmlVar="<a href=gateway-URL/
http://abc.sesta.com/graphics/set1/
graphics/jscript/JSVAR/images/test.html>"
//--></SCRIPT>

Description

The JavaScript parser reads the value of dhtmlVar as HTML content and sends the content through the HTML parser. The HTML parser applies the HTML rules where the href attribute rules are matched and hence the URL is rewritten.

DJS (Dynamic JavaScript) Variables

These are JavaScript variables that contain JavaScript content.

This section is divided into the following parts:

DJS Syntax

<Variable name=”variableName” type="DJS" [source=”*”]/>

where

variable is the JavaScript varible whose value is javascript.

DJS Example

Assume the base URL of the page is:

http://abc.sesta.com/dir1/dir2/dir3/jscript/dir4/page.html

Page Content

//DJS Var
var dJSVar="var dJSimgsrc=\q/tmp/tmp.jpg\q;"
var dJSVar="var dJSimgsrc=\q../tmp/tmp.jpg\q;"
var dJSVar="var dJSimgsrc=
\qhttp://abc.sesta.com/tmp/tmp.jpg\q;"

Rules

<Variable name="dJSVar" type="DJS"/>
<Variable name="dJSimgsrc" type=URL"/>

Output

//DJS Var - need 2 rules
var dJSVar="var dJSimgsrc=\qgateway-URL
/http://abc.sesta.com/tmp/tmp.jpg\q;"var dJSVar="var dJSimgsrc=\q
gateway-URL/http
://abc.sesta.com/dir1/dir2/dir3/jscript/tmp/tmp.jpg\q;"
var dJSVar="var dJSimgsrc=\qgateway-URL/
http://abc.sesta.com/tmp/tmp.jpg\q;"

Description

Two rules are required here. The first rule locates the dynamic JavaScript variable dJSVar. The value of this variable is again a JavaScript of type URL. The second rule is applied to rewrite the value of this JavaScript variable.

SYSTEM Variables

These are variables are not declared by the use and have limited support. They are available as a part of the JavaScript standard. For example, window.location.pathname.

This section is divided into the following parts:

SYSTEM Variable Syntax

<Variable name=”variableName” type="SYSTEM" [source=”*”]/>

where

variableName is the JavaScript system variable (mandatory and the values could be ones that match these patterns: document.URL, document.domain, location, doument.location, location.pathname, location.href, location.protocol, location.hostname, location.host and location.port. All these are present in the generic_ruleset. Do not modifiy these system var rules .

type specifies system type values (mandatory and value is SYSTEM)

source is the URI of this pages (optional, default value is *, meaning in any page)

SYSTEM Variable Example

Assume the base URL of the page is:

http://abc.siroe.com/dir1/page.html

Page Content

<script LANGUAGE="Javascript">
<!--
//SYSTEM Var
alert(window.location.pathname);
//-->
</SCRIPT>

Rules

<Variable name=”window.location.pathname” type="SYSTEM"/>

Output

</SCRIPT>
<SCRIPT LANGUAGE="Javascript">
<!--
//SYSTEM Var
alert(psSRAPRewriter_convert_system(window.location.pathname));
//-->
</SCRIPT>

Description

Rewriter locates the system variable which matches the rule, then the psSRAPRewriter_convert_system function is prefixed. This function processes the system variable at runtime and rewrites the resulting URL accordingly.

Function Arguments

Function parameters whose value needs to be rewritten are classified into 4 categories:

Generic Syntax

<Function name="functionName" paramPatterns="y,y," [type="URL|EXPRESSION|DHTML|DJS" source=”*”]/>

where

name is the name of the JavaScript function (mandatory)

paramPatterns specifies the parameters that need to be rewritten (mandatory)

y the position of y indicates the parameter that the needs to be rewritten. For example, in the syntax, the first parameter needs to be rewritten, but the second parameter should not be rewritten.

type specifies the kind of value this parameter needs (optional, default is EXPRESSION type)

source page source URI (optional, default is *, meaning in any page)

URL Parameters

Function takes this parameter as a string and this string could be treated as URL.

This section is divided into the following parts:

URL Parameter Syntax

<Function name="functionName" paramPatterns="y,," type="URL" [source=”*”]/>

where

name is the name of the function with a type parameter of URL (mandatory)

paramPatterns specifies the parameters that need to be rewritten (mandatory)

y the position of y indicates the parameter that needs to be rewritten. For example, in the syntax, the first parameter needs to be rewritten, but the second parameter should not be rewritten.

type is the type of the function (mandatory, and the value must be URL)

source is the URL of the page which has this function call (optional, default is *, meaning in any URL)

URL Parameter Example

Assume the base URL of the page is:

http://abc.sesta.com/test/rewriter/test1/jscript/test2/page.html

Page Content

<script language="JavaScript">
<!--
function test(one,two,three){
alert(one + "##" + two + "##" +three);
}
test("/test.html","../test.html","123");
window.open("/index.html","gen",width=500,height=500);
//-->
</SCRIPT>

Rules

<Function type="URL" name="test" paramPatterns="y,y,"/>
<Function type="URL" name="window.open" paramPatterns="y,,,"/>

Output

<SCRIPT language="JavaScript">
<!--
function test(one,two,three) {
alert(one + "##" + two + "##" +three);
}
test("gateway-URL/http://abc.sesta.com/test.html","
gateway-URL/http://abc.sesta.com/test/rewriter/
test1/jscript/test.html","123");window.open("gateway-URL/
http://abc.sesta.com/index.html","gen",width=500,height=500);
//-->
</SCRIPT>

Description

The first rule specifies that the first two parameters in the function with name test need to be rewritten. Hence the first two parameters of the test function are rewritten. The second rule specifies that the first parameter of the window.open function needs to be written. The URL within the window.open function is prefixed with the Gateway URL and the base URL of the page that contains the function parameters.

EXPRESSION Parameters

These parameters take an expression value, which when evaluated, results in a URL.

This section is divided into the following parts:

EXPRESSION Parameter Syntax

<Function name="functionName" paramPatterns="y" [type="EXPRESSION" source=”*”]/>

where

name is the name of the function (mandatory).

paramPatterns specifies the parameters that need to be rewritten (mandatory)

y the position of y indicates the function parameter that needs to be rewritten. In the syntax above, only the first parameter is rewritten.

type specifies the value EXPRESSION (optional)

source URI of the page where this function is called.

EXPRESSION Parameter Example

Assume the base URL of the page is:

http://abc.sesta.com/dir1/dir2/page.html

Page Content

<script language="JavaScript">
<!--
function jstest2(){
return ".html";
}
function jstest1(one){
return one;
}
var dir="/images/test"
var test1=jstest1(dir+"/test"+jstest2());
document.write("<a HREF="+test1+">TEST</a>");
alert(test1);
//-->
</SCRIPT>

Rules

<Function type="EXPRESSION" name="jstest1" paramPatterns="y"/>
or
<Function name="jstest1" paramPatterns="y"/>

Output

<script language="JavaScript">
<!--
function jstest2(){
return ".html";
}
function jstest1(one){
return one;
}
var dir="/images/test"
var test1=jstest1(psSRAPRewriter_convert_expression(dir+"/test"+jstest2()));
document.write("<a HREF="+test1+">TEST</a>");
alert(test1);
//-->
</SCRIPT>

Description

The rule specifies that the first parameter of the jstest1 function needs to be rewritten by considering this as an EXPRESSION function param. In the sample page content, the first parameter is an expression that will be evaluated only at runtime. Rewriter prefixes this expression with the psSRAPRewriter_convert_expression function. The expression is evaluated, and the psSRAPRewriter_convert_expression function rewrites the output at runtime.


Note –

In the above example, the variable test1 is not required as a part of the JavaScript variable rule. The function rule for jstest1 takes care of the rewriting.


DHTML Parameters

Function parameter whose value is HTML

Native JavaScript methods such as document.write() that generate an HTML page dynamically fall under this category.

This section is divided into the following parts:

DHTML Parameter Syntax

<Function name="functionName" paramPatterns="y" type="DHTML" [source=”*”]/>

where

name is the name of the function.

paramPatterns specifies the parameters that need to be rewritten (mandatory)

y the position of y indicates the function parameter that needs to be rewritten. In the syntax above, only the first parameter is rewritten.

DHTML Parameter Example

Assume the base URL of the page is:

http://xyz.siroe.com/test/rewriter/test1/jscript/JSFUNC/page.html

Page Content

<script>
<!--
document.write(\q<a href="/index.html">write</a><BR>\q)
document.writeln(\q<a href="index.html">writeln</a><BR>\q)
document.write("http://abc.sesta.com/index.html<BR>")
document.writeln("http://abc.sesta.com/index.html<BR>")
//-->
</SCRIPT>

Rules

<Function type="DHTML" name="document.write" paramPatterns="y"/>
<Function type="DHTML" name="document.writeln" paramPatterns="y"/>
<Attribute name="href"/>

Output

<SCRIPT>
<!--
document.write(\q<a href="gateway-URL/
http://xyz.siroe.com/index.html">write</a><BR>\q)
document.writeln(\q<a href="gateway-URL/
http://xyz.siroe.com/test/rewriter/test1/
jscript/JSFUNC/index.html">writeln</a><BR>\q)
document.write("http://abc.sesta.com/index.html<BR>")
document.writeln("http://abc.sesta.com/index.html<BR>")
//-->
</SCRIPT>

Description

The first rule specifies that the first parameter in the function document.write needs to be rewritten. The second rule specifies that the first parameter in the function document.writeln needs to be rewritten. The third rule is a simple HTML rule that specifies that all attributes with the name href need to be rewritten. In the example, the DHTML parameter rules identify the parameters in the functions that need to be rewritten. Then the HTML attribute rule is applied to actually rewrite the identified parameter.

DJS Parameters

Function parameters whose value is JavaScript.

This section is divided into the following sections:

DJS Parameter Syntax

<Function name="functionName" paramPatterns="y" type="DJS" [source=”*”]/>

where

name is the name of the function where one parameter is DJS (mandatory)

paramPatterns specifies which parameter in the above function is DJS (mandatory)

y the position of y indicates the function parameter that needs to be rewritten. In the syntax above, only the first parameter is rewritten.

type is DJS (mandatory)

source is the URI of the page (optional, default is *, meaning any URI)

DJS Parameter Example

Assume the base URL of the page is:

http://abc.sesta.com/page.html

Page Content

<script>
menu.addItem(new NavBarMenuItem("All Available Information","JavaScript:top.location=\qhttp://abc.sesta.com\q"));
</script>

Rules

<Function type="DJS" name="NavBarMenuItem" paramPatterns=",y"/>
<Variable type="URL" name="top.location"/>

Output

<script>
menu.addItem(new NavBarMenuItem("All Available Information",
"JavaScript:top.location=\qgateway-URL/
http://abc.sesta.com\q"));
</script>

Description

The first rule specifies that the second parameter of the function NavBarMenuItem which contains JavaScript needs is to be rewritten. Within the JavaScript, the variable top.location also needs to be rewritten. This variable is rewritten using the second rule.