forked from oyvindkinsey/easyXDM
-
Notifications
You must be signed in to change notification settings - Fork 1
/
changes.html
431 lines (431 loc) · 23 KB
/
changes.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
<!doctype HTML>
<html>
<head>
<title>Changes</title>
</head>
<body>
<ul>
<li>
2.4.19 18.01.14
<br/>
Removed XSS vulnerability:
<br/>
- XSS due to lack of validation in name.html (CVE-2014-1403) - disclosed by <a href="http://blog.kotowicz.net">Krzystof Kotowicz</a>
</li>
<li>
2.4.18 21.09.13
<br/>
Removed two sets of XSS vulnerabilities:
<br/>
- XSS due to lack of validation in easyxdm.as - disclosed responsibly by Jakob Heuser (LinkedIn)
<br/>
- XSS due to lack of validation in easyxdm.as (CVE-2013-5212) - disclosed by Krzystof Kotowicz (Cure53)
<br/>
+++ See commit log
</li>
<li>
2.4.16 09.02.12
<br/>
Improved many of the samples</br>
Fixed issues with logging</br>
Added support for posting to the initial src</br>
Several minor bugfixes</br>
+++ See commit log
</li>
<li>
2.4.15 07.07.11
<br/>
Fixed an issue with the FlashTransport and domains containing hyphens.
<br/>
Fixed an issue with the FlashTransport and IE7 due to aggressive caching.
<br/>
The stack will now only fall back to the FlashTransport if the swf: property has explicitly been set.
</li>
<li>
2.4.14 07.06.11
<br/>
Fixed several issues with the FlashTransport. These includes proper support for valid domain names, non-standard ports, a race condition relating to
creating multiple transports rapidly, allowing multiple transports to different providers, support for CDN.
<br/>
Refactored the testForNamePropertyBug so that it no longer errs when subjected to refreshing
<br/>
Fixed an issue with Safari, capitalized urls and the PostMessageTransport.
<br/>
Fixed an issue with some errors being thrown in IE8 due to named FE's having two 'references' in IE, one inside and one outside the function.
</li>
<li>
2.4.13 02.05.11
<br/>
Improved the FlashTransport in many ways, worked around a bug in Flash<10, added support for messages above 40k, the swf can now be hosted on both domains.
<br/>
Fixed several security related issues.
<br/>
Removed the NixTransport from the build.
</li>
<li>
2.4.12 12.04.11
<br/>
Added the FlashTransport that takes over for the NixTransport as a response to <a href="http://www.microsoft.com/technet/security/Bulletin/MS11-018.mspx">Microsoft Security Bulletin MS11-018</a>.
<br/>
Fixed several examples and some minor bugs
</li>
<li>
2.4.11 22.03.11
<br/>
Move hidden iframes to the top instead of left in order to support both right-to-left and left-to-right pages (Anton Kovalyov)
<br/>
Refactored the way attributes/properties were applied to created iframes in order to avoid redraw bugs in IE (George Courtsunis)
<br/>
Added support for passing data from the consumer to the provider using the hash instead of the query.
<br/>
Switched from using insertBefore to appendChild for adding the iframe to the DOM
<br/>
Minor improvements regarding url comparisons etc.
</li>
<li>
2.4.10 02.01.11
<br/>
easyXDM.noConflict added by Anton Kovalyov, this enables you to easily embed easyXDM in a distribution without risking version collisions.
<br/>
Fixed a bug in the DOM
<code>
whenReady
</code>
code where easyXDM wouldn't get initialized when loaded dynamically on WebKit.
<br/>
Improved the documentation and the shipped examples.
</li>
<li>
2.4.9 10.11.10
<br/>
Improved the
<code>
whenReady
</code>
feature - easyXDM will now work correctly in IE9 too.
<br/>
Replaced the xhr.html endpoint with a stricter /cors/ endpoint. This adhers to the CORS standard and enables a similar autorization scheme.
<br/>
Improved the error message sent by the RpcBehavior. This now includes extra error data passed from the origin of the error.
</li>
<li>
2.4.8 15.09.10
<br/>
Fixed a bug in the SameOriginTransport that could cause onReady to fire prior to the constructor of the Socket/Rpc returning.
<br/>
Removed the browser sniffing related to the element.name bug (IE). This also makes easyXMD work correctly in IE9 (beta)!
<br/>
<strong>Removed the ajax feature from the core in order to streamline the library.</strong>
If you rely on this, then please use the
<code>
tinylib
</code>
library present in
<code>
xhr.html
</code>
(the only place easyXDM itself used the ajax feature).
<br/>
Added support to the Rpc object for using named parameters.
</li>
<li>
2.4.7 23.08.10
<br/>
Fixed <a href="http://github.com/oyvindkinsey/easyXDM/issues/issue/28">http://github.com/oyvindkinsey/easyXDM/issues/issue/28</a>
<br/>
Implemented consistent naming of the iframes so that they can be accessed using the frames collection.
<br/>
Improved the ReliableBehavior. The HashTransport is now working much better and is more deterministic.
</li>
<li>
2.4.6 03.08.10
<br/>
Fixed a small bug in the RpcBehaviors error handling. The message passed back on errors was formatted wrongly with the [data]
field a property of the message instead of of the error object.
</li>
<li>
2.4.5 03.08.10
<br/>
Fixed a bug in the dom_onReady function. This would cause easyXDM to load unreliably when loaded using a script loader.
</li>
<li>
2.4.4 02.08.10
<br/>
Fixed <a href="http://github.com/oyvindkinsey/easyXDM/issues/issue/23">http://github.com/oyvindkinsey/easyXDM/issues/issue/23</a>
<br/>
Implemented return of ajax error messages: <a href="http://github.com/oyvindkinsey/easyXDM/issues/issue/24">http://github.com/oyvindkinsey/easyXDM/issues/issue/24</a>
<br/>
Implemented lazy initialization: <a href="http://github.com/oyvindkinsey/easyXDM/issues/issue/25">http://github.com/oyvindkinsey/easyXDM/issues/issue/25</a>
<br/>
Implemented DOMContentReady detection: <a href="http://github.com/oyvindkinsey/easyXDM/issues/issue/26">http://github.com/oyvindkinsey/easyXDM/issues/issue/26</a>
<br/>
</li>
<li>
2.4.3 26.07.10
<br/>
Added two more transports, the SameOriginTransport and the FrameElementTransport.
Made some improvements in the NixTransport
</li>
<li>
2.4.2 25.07.10
<br/>
Major improvements on the support for older browsers.
The use of resize in the HashTransport to notify about incoming messages has now been removed as it was not reliant across browsers.
The library has now been tested on IE6/7/8, Opera 10, Firefox 2, 3.6, Safari 3.2, 5 and Chrome 5, and there are now no tests that are failing.
</li>
<li>
2.4.1 25.07.10
<br/>
Fixed http://github.com/oyvindkinsey/easyXDM/issues/issue/22
Implemented http://github.com/oyvindkinsey/easyXDM/issues/issue/20
Fixed some minor issues relating to ajax.
</li>
<li>
2.4.0 20.06.10
<br/>
Implemented http://github.com/oyvindkinsey/easyXDM/issues/19
You can now interact with the Socket/Rpc prior to the onReady event being fired.
These actions will be buffered and executed once the transport is ready.
Fixed an issue that lead to the minified file *not* being properly minified.
</li>
<li>
2.3.3 18.06.10
<br/>
Fixed http://github.com/oyvindkinsey/easyXDM/issues/issue/15
Fixed http://github.com/oyvindkinsey/easyXDM/issues/issue/17
</li>
<li>
2.3.2 05.06.10
<br/>
Improved the ajax feature - this is now propely implemented and which should make the xhr.html file more suiting.
Minor security fixes to the NixTransport.
The transport configuration now takes a 'props' property that can be used to apply arbitrary properties onto the created iframe.
This can be used to style the iframe using e.g 'props: {style: {border: "1px solid red"}}'
</li>
<li>
2.3.1 24.05.10
<br/>
Fixed a bug in the NixTransport that would cause the provider to fire onReady before the constructor has returned.
</li>
<li>
2.3.0 22.05.10
<br/>
Fixed some minor bugs (debug related)
The biggest change is a new first-class transport for IE6 and IE7, a transport that is actually faster than postMessage for IE8!
This means that you can now support IE6+ and Opera 9+ Firefox 3+ and Chrome using javascript only (no more name.html!)
</li>
<li>
2.2.0 21.04.10
<br/>
Rpc
No more isVoid/isAsync
These are no longer needed as all of this is automatically handled by the RpcBehavior.
Optional callbacks when calling methods, success, success+error, or none if the remote method does not return data or you just don't care about it
A shorthand notation for defining local methods, nameOfMethod: function(... instead of nameOfMethod: { method: function(...
Smaller code base due to a simpler(!) RpcBehavior
Overall
Reduced the public API
This makes it more manageable for most
Proper documentation with code examples for Socket and Rpc
Restructured internal methods so that they are faster and more easy to minify
</li>
<li>
2.1.0 18.04.10
<br/>
The Rpc behavior is now using the JSON-PRC 2.0 protocol, and will now also support an error callback.
The Rpc class will also make sure that the serializer being used actually works, and so is not wrecked by the inclusion
of PrototypeJs and other libraries that interferes with HTML5's JSON object.
The xhr.html file is now completely self-contained and now uses separate callbacks for success and error.
Lots of small changes to improve scope lookup, and to improve minifying the code.
</li>
<li>
2.0.1 27.03.10
<br/>
See commit log at github
github.com/oyvindkinsey/easyXDM
</li>
<li>
2.0 18.03.10
<br/>
Refactored all the transport classes into stack elements.
The transports are now exposed as a single Socket that selects the appropriate stack to initialize based on the available features and config parameters.
Removed the Channel class as this can easily be implemented when needed using the Socket class and JSON.parse/stringify.
Refactored the Interface class and renamed it Rpc as this is more descriptive.
The optional onReady method is now a member of the config argument instead of being a separate one.
Removed the serializing namespace as this was not used internally, and as it can easily be injected when needed.
Renamed the methods for adding and removing events to on and un.
The HashTransport is now only used when access to name.html (old hash.html) is not available.
</li>
<li>
1.8.0 27.02.10
<br/>
Both the HashTransport and the Nametransport has received a major overhaul.
Generic Behaviors are now implemented, and deal with reliability (making the HashTransport reliable), queueing and sender verification.
This means that all the transports are now equal when it comes to behavior, the only difference is speed.
They are all reliant,
they are all able to queue and dispatch messages automatically
they are all secure from spoofing
and they are all easy to use!
With the new behavior architecture it will also be easier to add new functionality
- it might even be that the transport internals will be moved into similar behaviors.
</li>
<li>
1.7.5 25.02.10
<br/>
Made several improvements to the HashTransport - this now verifies that it actually can communicate with the other end
and thereby disables the spoofing the origin (as previously possible).
</li>
<li>
1.7.4 - 22.02.10
<br/>
Implemented queing for NameTransport, this also made it more reliable.
This means that all transports now support rapid sending of messages, even within the same js thread.
The tests has also been updated, and from tests that are supposed to fail are now skipped by default.
1.7.3 - 21.02.10
<br/>
Fixed NameTransport - for some unknown reason, the implementation released did not work.
</li>
<li>
1.7.2 - 19.02.10
<br/>
Applied an important bugfix contributed by Bjorn Blomqvist (http://github.com/bjornblomqvist).
The bug breaks easyXDM under the following conditions
the host is set up to use the BestAvailableTransport
the host is set up with local: window (to support HashTransport without hash.html)
the browser supports postMessage
</li>
<li>
1.7.1 - 19.02.10
<br/>
Refactored the transport classes so that all query arguments are namespaced.
This should avoid errors happening due to colliding argument names.
Examples of such errors are when using a wordpress page as the host, as wordpress' p argument (used for paging) would
cause easyXDM to believe it was the provider instead of the consumer (host).
Breaking changes:
As longs as both parties are using the new version no errors will occur.
But this version is unable to communicate with earlier versions.
</li>
<li>
1.7.0 - 02.02.10
<br/>
Many adjustments has been made to how the transports select mode and how the BestAvailableTransport selects a transport.
For the host the BestAvailableTransport will pick the best transport dependend on the available features and parameters.
For the guest the BestAvailableTransport will choose the on specified in use by reading the query line.
A new transport, NameTransport has also been introduced, and is now preferred over HashTransport as long as the
correct parameters are set. This is due to its ability to transfer huge amounts of data compared to the HashTransport.
This does on the other hand mean that the host need to specify the location of the remote hash.html.
Breaking changes:
The NameTransport will not work with users who has the old hash.html file, it is therefor adviced that you
rename the hash.html file so that your uses will download the correct version.
</li>
<li>
1.6.0 - 04.01.10
<br/>
Added the option to use the already loaded window as the local document for messaging when falling back
to the HashTransport. This can be done by setting 'local:window' in the transports configuration.
The documentation has also been changed sligtly making it a bit easier to see the necessary configuration attributes
The version is being upped to 1.6 as we now have complete support for scenarios where you are not able to upload
the hash.html file to the local domain, something I think is a big step forward.
</li>
<li>
1.5.5 - 02.01.10
<br/>
For scenarios where you are unable to place hash.html on the local domain, you can now
set the local attribute to point at any file available on the domain, like robots.txt or favicon.ico,
and set the readyAfter attribute to when you want the library to transition to the ready state.
It is important that the local file has had time to load before this.
</li>
<li>
1.5.4 - 11.11.09
<br/>
easyXDM.Interface can now take an new configuration parameter, 'serializer'.
This will be used instead of the JSON object if present and has to implement the same signature as the JSON object.
This is to enable users to use serializing methods present in their main framework.
Users of prototypejs will have to use this to override the serializer using the following serializer object
<pre>
{
stringify(obj){
return Object.toJSON(obj);
},
parse(str){
return str.evalJSON();
}
}
</pre>
This is due to prototypejs adding the toJSON method to Array.prototype which causes the native JSON object to fail.
The test suite has also been fixed so that it doesnt crash WebKit.
</li>
<li>
1.5.3 - 06.09.09
<br/>
The transports now support using remote urls containing query parameters.
Added the easyXDM.apply method, and also easyXMD.WidgetManager and easyXDM.Widget.
The widget classes makes it extremely easy to support widgets.
</li>
<li>
1.5.2 - 29.08.09
<br/>
Modified the HashTransport to using the resize event to trigger new messages to be read.
This is a lot faster and less resource consuming than polling.
For iframes placed in a container we still use polling so that we don't disturbe the layout.
Added a test suite.
</li>
<li>
1.5.1 - 17.08.09
<br/>
Namespaces are now in lowercase. This makes it easier to distinguish between classes
and namespaces.
Refactored the createFrame method as we do no longer require the ability to name frames.
Took away passing the version as a parameter to hash.html, versioning should be handled
by renaming the file or by other means.
Breaking changes:
Namespaces changed to all lowercase letters.
</li>
<li>
1.5.0 - 08.08.09
<br/>
Restructured the HashTransport so that all dependencies are contained in one class.
Also removed the need to use the fragile window.open(.. method to get a reference
to the window to read from.
hash.html is now called with the version as a parameter. This should help to avoid the cached
version being used accross version changes.
Breaking changes:
hash.html calls a new method with a new signature.
</li>
<li>
1.4.0 - 07.08.09
<br/>
Renamed the library to easyXDM to avoid being associated with the XSS-vulnerability
Alle references to easyXSS can be replaced with easyXDM
The communication protocol has not changed, so easyXDM 1.4.0 is 100% compatible with easyXSS 1.4.0
</li>
<li>
1.4.0 - 07.08.09
<br/>
Restructured the implementation of easyXSS.Interface, this now creates its own easyXSS.Channel,
just like easyXSS.Channel creates its own easyXSS.Transport.ITransport.
The internals of this class has also been restructured and should be easier to understand.
Breaking changes:
The easyXSS.Interface constructor now takes the configuration of a channel instead of a ready channel.
</li>
<li>
1.3.0 - 02.08.09
<br/>
Restructured the code again sot that it will be easier to understand.
Changed to using the 'new classname' construct instead of easyXSS.createClassname
Added documentation to the examples.
Breaking changes:
Removed several create.. methods.
</li>
<li>
1.2
<br/>
Restructured the code to allow better documentation
Converted most of the code to JsDoc format
The debug version will try to easyXSS.trace all relevant actions to console.info if available
Breaking changes:
The method called by hash.html has moved.
</li>
</ul>
</body>
</html>