Allow the background page to get an OAuth token for apps v1.

remoting/webapp/base/js/base.js

Index: remoting/webapp/base/js/base.js
diff --git a/remoting/webapp/base/js/base.js b/remoting/webapp/base/js/base.js
index ee909bede327c38f7cac29fcca6f379d5c7ea42e..39ae5e99d3864715a02b8203a7febeb624999dfb 100644
--- a/remoting/webapp/base/js/base.js
+++ b/remoting/webapp/base/js/base.js
@@ -422,3 +422,26 @@ base.decodeUtf8 = function(buffer) {
   return decodeURIComponent(
       escape(String.fromCharCode.apply(null, new Uint8Array(buffer))));
 }
+
+/**
+ * Generate a nonce, to be used as an xsrf protection token.
+ *
+ * @return {string} A URL-Safe Base64-encoded 128-bit random value. */
+base.generateXsrfToken = function() {
+  var random = new Uint8Array(16);
+  window.crypto.getRandomValues(random);
+  var base64Token = window.btoa(String.fromCharCode.apply(null, random));
+  return base64Token.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+};
+
+/**
+ * @param {string} jsonString A JSON-encoded string.
+ * @return {*} The decoded object, or undefined if the string cannot be parsed.
+ */
+function jsonParseSafe(jsonString) {

[Jamie, 2014/10/29 01:35:59]

This should be moved into the base namespace, but I wanted to avoid too much
churn in this CL (I would have taken the same approach for generateXsrfToken,
but it was previously declared in a namespace that doesn't exist in this file).
LMK if you'd like it fixed up as part of this CL as opposed to a follow-up.

[kelvinp, 2014/10/29 20:28:54]

I think it may be easier to fix it up as part of this CL.  I would rather make
this CL a little bigger (fixes the 8 call sites of json parse safe) than to
leave code in base.js in the global namespace.

[Jamie, 2014/10/30 19:38:25]

In retrospect, I agree. Done.

+  try {
+    return JSON.parse(jsonString);
+  } catch (err) {
+    return undefined;
+  }
+}