Allow the background page to get an OAuth token for apps v1.

remoting/webapp/base/js/base.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 /**
  * @fileoverview
  * A module that contains basic utility components and methods for the
  * chromoting project
  *
  */
@@ skipping 404 matching lines @@
 /**
   * Decodes UTF-8 string from ArrayBuffer.
   *
   * @param {ArrayBuffer} buffer
   * @return {string}
   */
 base.decodeUtf8 = function(buffer) {
   return decodeURIComponent(
       escape(String.fromCharCode.apply(null, new Uint8Array(buffer))));
 }
+
+/**
+ * Generate a nonce, to be used as an xsrf protection token.
+ *
+ * @return {string} A URL-Safe Base64-encoded 128-bit random value. */
+base.generateXsrfToken = function() {
+  var random = new Uint8Array(16);
+  window.crypto.getRandomValues(random);
+  var base64Token = window.btoa(String.fromCharCode.apply(null, random));
+  return base64Token.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+};
+
+/**
+ * @param {string} jsonString A JSON-encoded string.
+ * @return {*} The decoded object, or undefined if the string cannot be parsed.
+ */
+function jsonParseSafe(jsonString) {

[Jamie, 2014/10/29 01:35:59]

This should be moved into the base namespace, but I wanted to avoid too much
churn in this CL (I would have taken the same approach for generateXsrfToken,
but it was previously declared in a namespace that doesn't exist in this file).
LMK if you'd like it fixed up as part of this CL as opposed to a follow-up.

[kelvinp, 2014/10/29 20:28:54]

I think it may be easier to fix it up as part of this CL.  I would rather make
this CL a little bigger (fixes the 8 call sites of json parse safe) than to
leave code in base.js in the global namespace.

[Jamie, 2014/10/30 19:38:25]

In retrospect, I agree. Done.

+  try {
+    return JSON.parse(jsonString);
+  } catch (err) {
+    return undefined;
+  }
+}