From d6e749cf6ad29349fd1bf522ebf9a9cb2e760dc0 Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Mon, 15 Feb 2010 13:53:07 -0600
Subject: [PATCH] Make the SVG-Edit sanitizeSVG() Namespace-Aware

---
 public/svg-edit/editor/svgcanvas.js | 38 +++++++++++++++++++++++------
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/public/svg-edit/editor/svgcanvas.js b/public/svg-edit/editor/svgcanvas.js
index a3146aa1..b67c3fbe 100644
--- a/public/svg-edit/editor/svgcanvas.js
+++ b/public/svg-edit/editor/svgcanvas.js
@@ -155,7 +155,6 @@ var isOpera = !!window.opera,
 	"semantics": []
 	},
 
-
 // console.log('Start profiling')
 // setTimeout(function() {
 // 	canvas.addToSelection(canvas.getVisibleElements());
@@ -947,7 +946,28 @@ function BatchCommand(text) {
     nsMap[se_ns] = 'se';
     nsMap[htmlns] = 'xhtml';
     nsMap[mathns] = 'mathml';
-	
+    
+    var nsRevMap = {};
+    $.each(nsMap, function(key,value){
+        nsRevMap[value] = key;
+    });
+
+
+    // Produce a Namespace-aware version of svgWhitelist
+    var svgWhiteListNS = {};
+    $.each(svgWhiteList, function(elt,atts){
+       attNS = {};
+        $.each(atts, function(i, att){
+            if (att.indexOf(':') != -1) {
+                v=att.split(':');
+                attNS[v[1]] = nsRevMap[v[0]];
+            } else {
+                attNS[att] = att == 'xmlns' ? xmlnsns : null;
+            }
+        });
+        svgWhiteListNS[elt] = attNS;
+    });
+
 	var svgcontent = svgdoc.createElementNS(svgns, "svg");
 	$(svgcontent).attr({
 		id: 'svgcontent',
@@ -1297,6 +1317,7 @@ function BatchCommand(text) {
 		if (!doc || !parent) return;
 
 		var allowedAttrs = svgWhiteList[node.nodeName];
+		var allowedAttrsNS = svgWhiteListNS[node.nodeName];
 		
 		// if this element is allowed
 		if (allowedAttrs != undefined) {
@@ -1307,12 +1328,13 @@ function BatchCommand(text) {
 				// if the attribute is not in our whitelist, then remove it
 				// could use jQuery's inArray(), but I don't know if that's any better
 				var attr = node.attributes.item(i);
-				// TODO: use localName here and grab the namespace URI.  Then, make sure that
-				// anything in our whitelist with a prefix is parsed out properly.  
-				// i.e. "xlink:href" in our whitelist would mean we check that localName matches
-				// "href" and that namespaceURI matches the XLINK namespace
 				var attrName = attr.nodeName;
-				if (allowedAttrs.indexOf(attrName) == -1) {
+				var attrLocalName = attr.localName;
+				var attrNsURI = attr.namespaceURI;
+				//Check that an attribute with the correct localName in the correct namespace is on our whitelist
+				//   or is a namespace declaration for one of our allowed namespaces
+				if (!(allowedAttrsNS.hasOwnProperty(attrLocalName) && attrNsURI == allowedAttrsNS[attrLocalName] && attrNsURI != xmlnsns) &&
+				    !(attrNsURI == xmlnsns && nsMap[attr.nodeValue]) ) {
 					// Bypassing the whitelist to allow se: prefixes. Is there
 					// a more appropriate way to do this?
 					if(attrName.indexOf('se:') == 0) {
@@ -7755,7 +7777,7 @@ function BatchCommand(text) {
 	// Function: getVersion
 	// Returns a string which describes the revision number of SvgCanvas.
 	this.getVersion = function() {
-		return "svgcanvas.js ($Rev: 1390 $)";
+		return "svgcanvas.js ($Rev: 1391 $)";
 	};
 	
 	this.setUiStrings = function(strs) {