### Eclipse Workspace Patch 1.0
#P xwiki-platform-web
Index: standard/pom.xml
===================================================================
--- standard/pom.xml	(revision 22346)
+++ standard/pom.xml	(working copy)
@@ -62,6 +62,12 @@
       <artifactId>xwiki-rest</artifactId>
       <version>${platform.core.version}</version>
     </dependency>
+    <!-- The OpenSocial module -->
+    <dependency>
+      <groupId>org.xwiki.platform</groupId>
+      <artifactId>xwiki-social-opensocial</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
     <!-- needed for slf4j clients such as QueryPlugin and JCRStore 
          It is deployment time logging configuration, so it is here instead of xwiki-core. -->
     <dependency>
@@ -253,6 +259,9 @@
             </includes>
             <excludes>
               <!-- Exclude already minified files -->
+              <exclude>**/containers/default/*.js</exclude>
+              <exclude>**/shindig.properties</exclude>
+              <exclude>**/opensocial/*.js</exclude>
               <exclude>**/*-min.js</exclude>
               <exclude>**/*-debug.js</exclude>
               <exclude>**/langs/*.js</exclude>
Index: standard/src/main/webapp/templates/addfriend.vm
===================================================================
--- standard/src/main/webapp/templates/addfriend.vm	(revision 0)
+++ standard/src/main/webapp/templates/addfriend.vm	(revision 0)
@@ -0,0 +1,28 @@
+$response.setContentType("application/x-json")
+## verify if the current user has the necessary rights to add a friend
+## if no necessary rights, return 5 as error code
+#if(!$hasAdmin && !$xwiki.hasAccessLevel("edit", $context.user, $doc.fullName))
+  5
+#else
+#set($fullname = $request.get("name"))
+## verify is the user is self
+## is so, return 1 as error code
+#if($fullname == $doc.fullName)
+  1
+#else
+  ## verify if the user is already a friend
+  #set($exists = "$!doc.getObject('XWiki.FriendClass', 'friendName', $fullname)")
+  #if($exists != "")
+    ## verify if the user is already a friend
+    ## if so, return 2 as error code
+    2
+  #else 
+	## return 0, as success code
+    0
+    #set($obj = $doc.newObject("XWiki.FriendClass"))
+    $obj.set("friendName", $fullname)
+    #set($discard = $doc.save())
+    #end
+#end
+#end
+
Index: standard/src/main/webapp/resources/js/xwiki/opensocial/util.js
===================================================================
--- standard/src/main/webapp/resources/js/xwiki/opensocial/util.js	(revision 0)
+++ standard/src/main/webapp/resources/js/xwiki/opensocial/util.js	(revision 0)
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+/**
+ * @fileoverview Utility functions for the Open Gadget Container
+ */
+
+Function.prototype.inherits = function(parentCtor) {
+  function tempCtor() {};
+  tempCtor.prototype = parentCtor.prototype;
+  this.superClass_ = parentCtor.prototype;
+  this.prototype = new tempCtor();
+  this.prototype.constructor = this;
+};
\ No newline at end of file
Index: standard/src/main/webapp/templates/deletefriend.vm
===================================================================
--- standard/src/main/webapp/templates/deletefriend.vm	(revision 0)
+++ standard/src/main/webapp/templates/deletefriend.vm	(revision 0)
@@ -0,0 +1,30 @@
+## verify if the current user has the necessary rights to add a friend
+## if no necessary rights, return error
+#set($hasRights = !$hasAdmin && !$xwiki.hasAccessLevel("edit", $context.user, $doc.fullName))
+#if($hasRights)
+  #set($rspMsg = "not enough rights")
+  #set($redirectUrl = "?xpart=error")
+#else
+  #set($fullname = $request.get("name"))
+  #set($obj = $doc.getObject("XWiki.FriendClass", "friendName", $fullname))
+  ## verify if document really has such an object
+  ## if not, return error
+  #if(!$obj)
+    #set($rspMsg = "no such object")
+    #set($redirectUrl = "?xpart=error")
+  #else
+    ## finally remove the object
+    ## return ok, as success code or redirect
+    #set($discard = $doc.removeObject($obj))
+    #set($discard = $doc.save())
+    #set($rspMsg = "ok")
+    #set($redirectUrl = "")
+  #end
+#end
+#if($request.ajax)
+  $rspMsg
+#elseif($request.xredirect)
+  $response.sendRedirect("$request.xredirect$redirectUrl")
+#else
+  $response.sendRedirect("$doc.getURL('view')$redirectUrl")
+#end
Index: standard/src/main/webapp/resources/js/xwiki/opensocial/cookies.js
===================================================================
--- standard/src/main/webapp/resources/js/xwiki/opensocial/cookies.js	(revision 0)
+++ standard/src/main/webapp/resources/js/xwiki/opensocial/cookies.js	(revision 0)
@@ -0,0 +1,272 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+/**
+ * @fileoverview Functions for setting, getting and deleting cookies
+ */
+
+/**
+ * Namespace for cookie functions
+ */
+
+// TODO: find the official solution for a cookies library
+var shindig = shindig || {};
+shindig.cookies = shindig.cookies || {};
+
+
+shindig.cookies.JsType_ = {
+  UNDEFINED: 'undefined'
+};
+
+shindig.cookies.isDef = function(val) {
+  return typeof val != shindig.cookies.JsType_.UNDEFINED;
+};
+
+
+/**
+ * Sets a cookie.
+ * The max_age can be -1 to set a session cookie. To remove and expire cookies,
+ * use remove() instead.
+ *
+ * @param {string} name The cookie name.
+ * @param {string} value The cookie value.
+ * @param {number} opt_maxAge The max age in seconds (from now). Use -1 to set
+ *                            a session cookie. If not provided, the default is
+ *                            -1 (i.e. set a session cookie).
+ * @param {string} opt_path The path of the cookie, or null to not specify a
+ *                          path attribute (browser will use the full request
+ *                          path). If not provided, the default is '/' (i.e.
+ *                          path=/).
+ * @param {string} opt_domain The domain of the cookie, or null to not specify
+ *                            a domain attribute (browser will use the full
+ *                            request host name). If not provided, the default
+ *                            is null (i.e. let browser use full request host
+ *                            name).
+ */
+shindig.cookies.set = function(name, value, opt_maxAge, opt_path, opt_domain) {
+  // we do not allow '=' or ';' in the name
+  if (/;=/g.test(name)) {
+    throw new Error('Invalid cookie name "' + name + '"');
+  }
+  // we do not allow ';' in value
+  if (/;/g.test(value)) {
+    throw new Error('Invalid cookie value "' + value + '"');
+  }
+
+  if (!shindig.cookies.isDef(opt_maxAge)) {
+    opt_maxAge = -1;
+  }
+
+  var domainStr = opt_domain ? ';domain=' + opt_domain : '';
+  var pathStr = opt_path ? ';path=' + opt_path : '';
+
+  var expiresStr;
+
+  // Case 1: Set a session cookie.
+  if (opt_maxAge < 0) {
+    expiresStr = '';
+
+  // Case 2: Expire the cookie.
+  // Note: We don't tell people about this option in the function doc because
+  // we prefer people to use ExpireCookie() to expire cookies.
+  } else if (opt_maxAge === 0) {
+    // Note: Don't use Jan 1, 1970 for date because NS 4.76 will try to convert
+    // it to local time, and if the local time is before Jan 1, 1970, then the
+    // browser will ignore the Expires attribute altogether.
+    var pastDate = new Date(1970, 1 /*Feb*/, 1);  // Feb 1, 1970
+    expiresStr = ';expires=' + pastDate.toUTCString();
+
+  // Case 3: Set a persistent cookie.
+  } else {
+    var futureDate = new Date((new Date).getTime() + opt_maxAge * 1000);
+    expiresStr = ';expires=' + futureDate.toUTCString();
+  }
+
+  document.cookie = name + '=' + value + domainStr + pathStr + expiresStr;
+};
+
+
+/**
+ * Returns the value for the first cookie with the given name
+ * @param {string} name The name of the cookie to get
+ * @param {string} opt_default If not found this is returned instead.
+ * @return {string|undefined} The value of the cookie. If no cookie is set this
+ *                            returns opt_default or undefined if opt_default is
+ *                            not provided.
+ */
+shindig.cookies.get = function(name, opt_default) {
+  var nameEq = name + "=";
+  var cookie = String(document.cookie);
+  for (var pos = -1; (pos = cookie.indexOf(nameEq, pos + 1)) >= 0;) {
+    var i = pos;
+    // walk back along string skipping whitespace and looking for a ; before
+    // the name to make sure that we don't match cookies whose name contains
+    // the given name as a suffix.
+    while (--i >= 0) {
+      var ch = cookie.charAt(i);
+      if (ch == ';') {
+        i = -1;  // indicate success
+        break;
+      }
+    }
+    if (i == -1) {  // first cookie in the string or we found a ;
+      var end = cookie.indexOf(';', pos);
+      if (end < 0) {
+        end = cookie.length;
+      }
+      return cookie.substring(pos + nameEq.length, end);
+    }
+  }
+  return opt_default;
+};
+
+
+/**
+ * Removes and expires a cookie.
+ *
+ * @param {string} name The cookie name.
+ * @param {string} opt_path The path of the cookie, or null to expire a cookie
+ *                          set at the full request path. If not provided, the
+ *                          default is '/' (i.e. path=/).
+ * @param {string} opt_domain The domain of the cookie, or null to expire a
+ *                            cookie set at the full request host name. If not
+ *                            provided, the default is null (i.e. cookie at
+ *                            full request host name).
+ */
+shindig.cookies.remove = function(name, opt_path, opt_domain) {
+  var rv = shindig.cookies.containsKey(name);
+  shindig.cookies.set(name, '', 0, opt_path, opt_domain);
+  return rv;
+};
+
+
+/**
+ * Gets the names and values for all the cookies
+ * @private
+ * @return {Object} An object with keys and values
+ */
+shindig.cookies.getKeyValues_ = function() {
+  var cookie = String(document.cookie);
+  var parts = cookie.split(/\s*;\s*/);
+  var keys = [], values = [], index, part;
+  for (var i = 0; part = parts[i]; i++) {
+    index = part.indexOf('=');
+
+    if (index == -1) { // empty name
+      keys.push('');
+      values.push(part);
+    } else {
+      keys.push(part.substring(0, index));
+      values.push(part.substring(index + 1));
+    }
+  }
+  return {keys: keys, values: values};
+};
+
+
+/**
+ * Gets the names for all the cookies
+ * @return {Array} An array with the names of the cookies
+ */
+shindig.cookies.getKeys = function() {
+  return shindig.cookies.getKeyValues_().keys;
+};
+
+
+/**
+ * Gets the values for all the cookies
+ * @return {Array} An array with the values of the cookies
+ */
+shindig.cookies.getValues = function() {
+  return shindig.cookies.getKeyValues_().values;
+};
+
+
+/**
+ * Whether there are any cookies for this document
+ * @return {boolean}
+ */
+shindig.cookies.isEmpty = function() {
+  return document.cookie === '';
+};
+
+
+/**
+ * Returns the number of cookies for this document
+ * @return {number}
+ */
+shindig.cookies.getCount = function() {
+  var cookie = String(document.cookie);
+  if (cookie === '') {
+    return 0;
+  }
+  var parts = cookie.split(/\s*;\s*/);
+  return parts.length;
+};
+
+
+/**
+ * Returns whether there is a cookie with the given name
+ * @param {string} key The name of the cookie to test for
+ * @return {boolean}
+ */
+shindig.cookies.containsKey = function(key) {
+  var sentinel = {};
+  // if get does not find the key it returns the default value. We therefore
+  // compare the result with an object to ensure we do not get any false
+  // positives.
+  return shindig.cookies.get(key, sentinel) !== sentinel;
+};
+
+
+/**
+ * Returns whether there is a cookie with the given value. (This is an O(n)
+ * operation.)
+ * @param {string} value The value to check for
+ * @return {boolean}
+ */
+shindig.cookies.containsValue = function(value) {
+  // this O(n) in any case so lets do the trivial thing.
+  var values = shindig.cookies.getKeyValues_().values;
+  for (var i = 0; i < values.length; i++) {
+    if (values[i] == value) {
+      return true;
+    }
+  }
+  return false;
+};
+
+
+/**
+ * Removes all cookies for this document
+ */
+shindig.cookies.clear = function() {
+  var keys = shindig.cookies.getKeyValues_().keys;
+  for (var i = keys.length - 1; i >= 0; i--) {
+    shindig.cookies.remove(keys[i]);
+  }
+};
+
+/**
+ * Static constant for the size of cookies. Per the spec, there's a 4K limit
+ * to the size of a cookie. To make sure users can't break this limit, we
+ * should truncate long cookies at 3950 bytes, to be extra careful with dumb
+ * browsers/proxies that interpret 4K as 4000 rather than 4096
+ * @type number
+ */
+shindig.cookies.MAX_COOKIE_LENGTH = 3950;
Index: standard/src/main/webapp/WEB-INF/classes/shindig.properties
===================================================================
--- standard/src/main/webapp/WEB-INF/classes/shindig.properties	(revision 0)
+++ standard/src/main/webapp/WEB-INF/classes/shindig.properties	(revision 0)
@@ -0,0 +1,102 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Location of feature manifests (comma separated)
+shindig.features.default=res://features/features.txt
+
+# Location of container configurations (comma separated)
+shindig.containers.default=res://containers/default/container.js
+
+# A file containing blacklisted gadgets.
+shindig.blacklist.file=
+
+### Inbound OAuth support
+# The URL base to use for full OAuth support (three-legged)
+shindig.oauth.base-url=/xwiki/oauth/
+shindig.oauth.authorize-action=/xwiki/WEB-INF/authorize.jsp
+shindig.oauth.legacy-body-signing=true
+shindig.oauth.enable-oauth-1.0=true
+shindig.oauth.enable-signed-callbacks=true
+
+### Outbound OAuth support
+shindig.signing.state-key=
+shindig.signing.key-name=
+shindig.signing.key-file=
+shindig.signing.global-callback-url=http://localhost:8080/xwiki/gadgets/oauthcallback
+shindig.signing.enable-signed-callbacks=true
+
+# If enabled here, configuration values can be found in container configuration files.
+shindig.locked-domain.enabled=false
+
+# TODO: This needs to be moved to container configuration.
+shindig.content-rewrite.include-urls=.*
+shindig.content-rewrite.exclude-urls=
+shindig.content-rewrite.include-tags=link,script,embed,img,style
+shindig.content-rewrite.expires=86400
+shindig.content-rewrite.proxy-url=/xwiki/gadgets/proxy?url=
+shindig.content-rewrite.concat-url=/xwiki/gadgets/concat?
+
+#
+# Default set of forced libs to allow for better caching
+#
+# NOTE: setting this causes the EndToEnd test to fail the opensocial-templates test
+#shindig.gadget-rewrite.default-forced-libs=core:core.io
+shindig.gadget-rewrite.default-forced-libs=
+
+# Configuration for image rewriter
+shindig.image-rewrite.max-inmem-bytes = 1048576
+shindig.image-rewrite.max-palette-size = 256
+shindig.image-rewrite.allow-jpeg-conversion = true
+shindig.image-rewrite.jpeg-compression = 0.75
+shindig.image-rewrite.min-threshold-bytes = 200
+
+# Configuration for template rewriter
+shindig.template-rewrite.extension-tag-namespace=http://ns.opensocial.org/2009/extensions
+
+# These values provide default TTLs for HTTP responses that don't use caching headers.
+shindig.cache.http.defaultTtl=3600000
+shindig.cache.http.negativeCacheTtl=60000
+
+# A default refresh interval for XML files, since there is no natural way for developers to
+# specify this value, and most HTTP responses don't include good cache control headers.
+shindig.cache.xml.refreshInterval=300000
+
+# Add entries in the form shindig.cache.lru.<name>.capacity to specify capacities for different
+# caches when using the LruCacheProvider.
+# It is highly recommended that the EhCache implementation be used instead of the LRU cache.
+shindig.cache.lru.default.capacity=1000
+shindig.cache.lru.expressions.capacity=1000
+shindig.cache.lru.gadgetSpecs.capacity=1000
+shindig.cache.lru.messageBundles.capacity=1000
+shindig.cache.lru.httpResponses.capacity=10000
+
+# The location of the EhCache configuration file.
+shindig.cache.ehcache.config=res://org/apache/shindig/common/cache/ehcache/ehcacheConfig.xml
+
+# True to enable JMX integration with cache stats
+shindig.cache.ehcache.jmx.enabled=true
+
+# true to enable JMX stats.
+shindig.cache.ehcache.jmx.stats=true
+
+# true to skip expensive encoding detection.
+# if true, will only attempt to validate utf-8. Assumes all other encodings are ISO-8859-1.
+shindig.http.fast-encoding-detection=true
+
+# true to force strict content type checking for requests made to API endpoints.
+# E.g. require application/json for JSON-RPC
+shindig.api.disallow-unknown-content-types=true
Index: standard/src/main/webapp/resources/js/xwiki/opensocial/gadgets.js
===================================================================
--- standard/src/main/webapp/resources/js/xwiki/opensocial/gadgets.js	(revision 0)
+++ standard/src/main/webapp/resources/js/xwiki/opensocial/gadgets.js	(revision 0)
@@ -0,0 +1,804 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+/**
+ * @fileoverview Open Gadget Container
+ */
+
+var gadgets = gadgets || {};
+
+gadgets.error = {};
+gadgets.error.SUBCLASS_RESPONSIBILITY = 'subclass responsibility';
+gadgets.error.TO_BE_DONE = 'to be done';
+
+gadgets.log = function(message) {
+  if (window.console && console.log) {
+    console.log(message);
+  } else {
+    var logEntry = document.createElement('div');
+    logEntry.className = 'gadgets-log-entry';
+    logEntry.innerHTML = message;
+    document.body.appendChild(logEntry);
+  }
+};
+
+/**
+ * Calls an array of asynchronous functions and calls the continuation
+ * function when all are done.
+ * @param {Array} functions Array of asynchronous functions, each taking
+ *     one argument that is the continuation function that handles the result
+ *     That is, each function is something like the following:
+ *     function(continuation) {
+ *       // compute result asynchronously
+ *       continuation(result);
+ *     }
+ * @param {Function} continuation Function to call when all results are in.  It
+ *     is pass an array of all results of all functions
+ * @param {Object} opt_this Optional object used as "this" when calling each
+ *     function
+ */
+gadgets.callAsyncAndJoin = function(functions, continuation, opt_this) {
+  var pending = functions.length;
+  var results = [];
+  for (var i = 0; i < functions.length; i++) {
+    // we need a wrapper here because i changes and we need one index
+    // variable per closure
+    var wrapper = function(index) {
+      functions[index].call(opt_this, function(result) {
+        results[index] = result;
+        if (--pending === 0) {
+          continuation(results);
+        }
+      });
+    };
+    wrapper(i);
+  }
+};
+
+
+// ----------
+// Extensible
+
+gadgets.Extensible = function() {
+};
+
+/**
+ * Sets the dependencies.
+ * @param {Object} dependencies Object whose properties are set on this
+ *     container as dependencies
+ */
+gadgets.Extensible.prototype.setDependencies = function(dependencies) {
+  for (var p in dependencies) {
+    this[p] = dependencies[p];
+  }
+};
+
+/**
+ * Returns a dependency given its name.
+ * @param {String} name Name of dependency
+ * @return {Object} Dependency with that name or undefined if not found
+ */
+gadgets.Extensible.prototype.getDependencies = function(name) {
+  return this[name];
+};
+
+
+
+// -------------
+// UserPrefStore
+
+/**
+ * User preference store interface.
+ * @constructor
+ */
+gadgets.UserPrefStore = function() {
+};
+
+/**
+ * Gets all user preferences of a gadget.
+ * @param {Object} gadget Gadget object
+ * @return {Object} All user preference of given gadget
+ */
+gadgets.UserPrefStore.prototype.getPrefs = function(gadget) {
+  throw Error(gadgets.error.SUBCLASS_RESPONSIBILITY);
+};
+
+/**
+ * Saves user preferences of a gadget in the store.
+ * @param {Object} gadget Gadget object
+ * @param {Object} prefs User preferences
+ */
+gadgets.UserPrefStore.prototype.savePrefs = function(gadget) {
+  throw Error(gadgets.error.SUBCLASS_RESPONSIBILITY);
+};
+
+
+// -------------
+// DefaultUserPrefStore
+
+/**
+ * User preference store implementation.
+ * TODO: Turn this into a real implementation that is production safe
+ * @constructor
+ */
+gadgets.DefaultUserPrefStore = function() {
+  gadgets.UserPrefStore.call(this);
+};
+gadgets.DefaultUserPrefStore.inherits(gadgets.UserPrefStore);
+
+gadgets.DefaultUserPrefStore.prototype.getPrefs = function(gadget) { };
+
+gadgets.DefaultUserPrefStore.prototype.savePrefs = function(gadget) { };
+
+
+// -------------
+// GadgetService
+
+/**
+ * Interface of service provided to gadgets for resizing gadgets,
+ * setting title, etc.
+ * @constructor
+ */
+gadgets.GadgetService = function() {
+};
+
+gadgets.GadgetService.prototype.setHeight = function(elementId, height) {
+  throw Error(gadgets.error.SUBCLASS_RESPONSIBILITY);
+};
+
+gadgets.GadgetService.prototype.setTitle = function(gadget, title) {
+  throw Error(gadgets.error.SUBCLASS_RESPONSIBILITY);
+};
+
+gadgets.GadgetService.prototype.setUserPref = function(id) {
+  throw Error(gadgets.error.SUBCLASS_RESPONSIBILITY);
+};
+
+
+// ----------------
+// IfrGadgetService
+
+/**
+ * Base implementation of GadgetService.
+ * @constructor
+ */
+gadgets.IfrGadgetService = function() {
+  gadgets.GadgetService.call(this);
+  gadgets.rpc.register('resize_iframe', this.setHeight);
+  gadgets.rpc.register('set_pref', this.setUserPref);
+  gadgets.rpc.register('set_title', this.setTitle);
+  gadgets.rpc.register('requestNavigateTo', this.requestNavigateTo);
+};
+
+gadgets.IfrGadgetService.inherits(gadgets.GadgetService);
+
+gadgets.IfrGadgetService.prototype.setHeight = function(height) {
+  if (height > gadgets.container.maxheight_) {
+    height = gadgets.container.maxheight_;
+  }
+
+  var element = document.getElementById(this.f);
+  if (element) {
+    element.style.height = height + 'px';
+  }
+};
+
+gadgets.IfrGadgetService.prototype.setTitle = function(title) {
+  var element = document.getElementById(this.f + '_title');
+  if (element) {
+    element.innerHTML = title.replace(/&/g, '&amp;').replace(/</g, '&lt;');
+  }
+};
+
+/**
+ * Sets one or more user preferences
+ * @param {String} editToken
+ * @param {String} name Name of user preference
+ * @param {String} value Value of user preference
+ * More names and values may follow
+ */
+gadgets.IfrGadgetService.prototype.setUserPref = function(editToken, name,
+    value) {
+  var id = gadgets.container.gadgetService.getGadgetIdFromModuleId(this.f);
+  var gadget = gadgets.container.getGadget(id);
+  var prefs = gadget.getUserPrefs() || {};
+  for (var i = 1, j = arguments.length; i < j; i += 2) {
+    prefs[arguments[i]] = arguments[i + 1];
+  }
+  gadget.setUserPrefs(prefs);
+};
+
+/**
+ * Navigates the page to a new url based on a gadgets requested view and
+ * parameters.
+ */
+gadgets.IfrGadgetService.prototype.requestNavigateTo = function(view,
+    opt_params) {
+  var id = gadgets.container.gadgetService.getGadgetIdFromModuleId(this.f);
+  var url = gadgets.container.gadgetService.getUrlForView(view);
+
+  if (opt_params) {
+    var paramStr = gadgets.json.stringify(opt_params);
+    if (paramStr.length > 0) {
+      url += '&appParams=' + encodeURIComponent(paramStr);
+    }
+  }
+
+  if (url && document.location.href.indexOf(url) == -1) {
+    document.location.href = url;
+  }
+};
+
+/**
+ * This is a silly implementation that will need to be overriden by almost all
+ * real containers.
+ * TODO: Find a better default for this function
+ *
+ * @param view The view name to get the url for
+ */
+gadgets.IfrGadgetService.prototype.getUrlForView = function(
+    view) {
+  if (view === 'canvas') {
+    return '/canvas';
+  } else if (view === 'profile') {
+    return '/profile';
+  } else {
+    return null;
+  }
+};
+
+gadgets.IfrGadgetService.prototype.getGadgetIdFromModuleId = function(
+    moduleId) {
+  // Quick hack to extract the gadget id from module id
+  return parseInt(moduleId.match(/_([0-9]+)$/)[1], 10);
+};
+
+
+// -------------
+// LayoutManager
+
+/**
+ * Layout manager interface.
+ * @constructor
+ */
+gadgets.LayoutManager = function() {
+};
+
+/**
+ * Gets the HTML element that is the chrome of a gadget into which the content
+ * of the gadget can be rendered.
+ * @param {Object} gadget Gadget instance
+ * @return {Object} HTML element that is the chrome for the given gadget
+ */
+gadgets.LayoutManager.prototype.getGadgetChrome = function(gadget) {
+  throw Error(gadgets.error.SUBCLASS_RESPONSIBILITY);
+};
+
+// -------------------
+// StaticLayoutManager
+
+/**
+ * Static layout manager where gadget ids have a 1:1 mapping to chrome ids.
+ * @constructor
+ */
+gadgets.StaticLayoutManager = function() {
+  gadgets.LayoutManager.call(this);
+};
+
+gadgets.StaticLayoutManager.inherits(gadgets.LayoutManager);
+
+/**
+ * Sets chrome ids, whose indexes are gadget instance ids (starting from 0).
+ * @param {Array} gadgetChromeIds Gadget id to chrome id map
+ */
+gadgets.StaticLayoutManager.prototype.setGadgetChromeIds =
+    function(gadgetChromeIds) {
+  this.gadgetChromeIds_ = gadgetChromeIds;
+};
+
+gadgets.StaticLayoutManager.prototype.getGadgetChrome = function(gadget) {
+  var chromeId = this.gadgetChromeIds_[gadget.id];
+  return chromeId ? document.getElementById(chromeId) : null;
+};
+
+
+// ----------------------
+// FloatLeftLayoutManager
+
+/**
+ * FloatLeft layout manager where gadget ids have a 1:1 mapping to chrome ids.
+ * @constructor
+ * @param {String} layoutRootId Id of the element that is the parent of all
+ *     gadgets.
+ */
+gadgets.FloatLeftLayoutManager = function(layoutRootId) {
+  gadgets.LayoutManager.call(this);
+  this.layoutRootId_ = layoutRootId;
+};
+
+gadgets.FloatLeftLayoutManager.inherits(gadgets.LayoutManager);
+
+gadgets.FloatLeftLayoutManager.prototype.getGadgetChrome =
+    function(gadget) {
+  var layoutRoot = document.getElementById(this.layoutRootId_);
+  if (layoutRoot) {
+    var chrome = document.createElement('div');
+    chrome.className = 'gadgets-gadget-chrome';
+    chrome.style.cssFloat = 'left';
+    layoutRoot.appendChild(chrome);
+    return chrome;
+  } else {
+    return null;
+  }
+};
+
+
+// ------
+// Gadget
+
+/**
+ * Creates a new instance of gadget.  Optional parameters are set as instance
+ * variables.
+ * @constructor
+ * @param {Object} params Parameters to set on gadget.  Common parameters:
+ *    "specUrl": URL to gadget specification
+ *    "private": Whether gadget spec is accessible only privately, which means
+ *        browser can load it but not gadget server
+ *    "spec": Gadget Specification in XML
+ *    "viewParams": a javascript object containing attribute value pairs
+ *        for this gadgets
+ *    "secureToken": an encoded token that is passed on the URL hash
+ *    "hashData": Query-string like data that will be added to the
+ *        hash portion of the URL.
+ *    "specVersion": a hash value used to add a v= param to allow for better caching
+ *    "title": the default title to use for the title bar.
+ *    "height": height of the gadget
+ *    "width": width of the gadget
+ *    "debug": send debug=1 to the gadget server, gets us uncompressed
+ *        javascript
+ */
+gadgets.Gadget = function(params) {
+  this.userPrefs_ = {};
+
+  if (params) {
+    for (var name in params)  if (params.hasOwnProperty(name)) {
+      this[name] = params[name];
+    }
+  }
+  if (!this.secureToken) {
+    // Assume that the default security token implementation is
+    // in use on the server.
+    this.secureToken = 'XWiki.Alice:XWiki.Alice:appid:cont:url:0:default';
+  }
+};
+
+gadgets.Gadget.prototype.getUserPrefs = function() {
+  return this.userPrefs_;
+};
+
+gadgets.Gadget.prototype.setUserPrefs = function(userPrefs) {
+  this.userPrefs_ = userPrefs;
+  gadgets.container.userPrefStore.savePrefs(this);
+};
+
+gadgets.Gadget.prototype.getUserPref = function(name) {
+  return this.userPrefs_[name];
+};
+
+gadgets.Gadget.prototype.setUserPref = function(name, value) {
+  this.userPrefs_[name] = value;
+  gadgets.container.userPrefStore.savePrefs(this);
+};
+
+gadgets.Gadget.prototype.render = function(chrome) {
+  if (chrome) {
+    var gadget = this;
+    this.getContent(function(content) {
+      chrome.innerHTML = content;
+      window.frames[gadget.getIframeId()].location = gadget.getIframeUrl(); 
+    });
+  }
+};
+
+gadgets.Gadget.prototype.getContent = function(continuation) {
+  gadgets.callAsyncAndJoin([
+      this.getTitleBarContent, this.getUserPrefsDialogContent,
+      this.getMainContent], function(results) {
+        continuation(results.join(''));
+      }, this);
+};
+
+/**
+ * Gets title bar content asynchronously or synchronously.
+ * @param {Function} continuation Function that handles title bar content as
+ *     the one and only argument
+ */
+gadgets.Gadget.prototype.getTitleBarContent = function(continuation) {
+  throw Error(gadgets.error.SUBCLASS_RESPONSIBILITY);
+};
+
+/**
+ * Gets user preferences dialog content asynchronously or synchronously.
+ * @param {Function} continuation Function that handles user preferences
+ *     content as the one and only argument
+ */
+gadgets.Gadget.prototype.getUserPrefsDialogContent = function(continuation) {
+  throw Error(gadgets.error.SUBCLASS_RESPONSIBILITY);
+};
+
+/**
+ * Gets gadget content asynchronously or synchronously.
+ * @param {Function} continuation Function that handles gadget content as
+ *     the one and only argument
+ */
+gadgets.Gadget.prototype.getMainContent = function(continuation) {
+  throw Error(gadgets.error.SUBCLASS_RESPONSIBILITY);
+};
+
+/*
+ * Gets additional parameters to append to the iframe url
+ * Override this method if you need any custom params.
+ */
+gadgets.Gadget.prototype.getAdditionalParams = function() {
+  return '';
+};
+
+
+// ---------
+// IfrGadget
+
+gadgets.IfrGadget = function(opt_params) {
+  gadgets.Gadget.call(this, opt_params);
+  this.serverBase_ = '../../../'; // default gadget server
+};
+
+gadgets.IfrGadget.inherits(gadgets.Gadget);
+
+gadgets.IfrGadget.prototype.GADGET_IFRAME_PREFIX_ = 'remote_iframe_';
+
+gadgets.IfrGadget.prototype.CONTAINER = 'default';
+
+gadgets.IfrGadget.prototype.cssClassGadget = 'gadgets-gadget';
+gadgets.IfrGadget.prototype.cssClassTitleBar = 'gadgets-gadget-title-bar';
+gadgets.IfrGadget.prototype.cssClassTitle = 'gadgets-gadget-title';
+gadgets.IfrGadget.prototype.cssClassTitleButtonBar =
+    'gadgets-gadget-title-button-bar';
+gadgets.IfrGadget.prototype.cssClassGadgetUserPrefsDialog =
+    'gadgets-gadget-user-prefs-dialog';
+gadgets.IfrGadget.prototype.cssClassGadgetUserPrefsDialogActionBar =
+    'gadgets-gadget-user-prefs-dialog-action-bar';
+gadgets.IfrGadget.prototype.cssClassTitleButton = 'gadgets-gadget-title-button';
+gadgets.IfrGadget.prototype.cssClassGadgetContent = 'gadgets-gadget-content';
+gadgets.IfrGadget.prototype.rpcToken = (0x7FFFFFFF * Math.random()) | 0;
+gadgets.IfrGadget.prototype.rpcRelay = 'files/container/rpc_relay.html';
+
+gadgets.IfrGadget.prototype.getTitleBarContent = function(continuation) {
+  continuation('<div id="' + this.cssClassTitleBar + '-' + this.id +
+      '" class="' + this.cssClassTitleBar + '"><span id="' +
+      this.getIframeId() + '_title" class="' +
+      this.cssClassTitle + '">' + (this.title ? this.title : 'Title') + '</span> | <span class="' +
+      this.cssClassTitleButtonBar +
+      '"><a href="#" onclick="gadgets.container.getGadget(' + this.id +
+      ').handleOpenUserPrefsDialog();return false;" class="' + this.cssClassTitleButton +
+      '">settings</a> <a href="#" onclick="gadgets.container.getGadget(' +
+      this.id + ').handleToggle();return false;" class="' + this.cssClassTitleButton +
+      '">toggle</a></span></div>');
+};
+
+gadgets.IfrGadget.prototype.getUserPrefsDialogContent = function(continuation) {
+  continuation('<div id="' + this.getUserPrefsDialogId() + '" class="' +
+      this.cssClassGadgetUserPrefsDialog + '"></div>');
+};
+
+gadgets.IfrGadget.prototype.setServerBase = function(url) {
+  this.serverBase_ = url;
+};
+
+gadgets.IfrGadget.prototype.getServerBase = function() {
+  return this.serverBase_;
+};
+
+gadgets.IfrGadget.prototype.getMainContent = function(continuation) {
+  var iframeId = this.getIframeId();
+  gadgets.rpc.setRelayUrl(iframeId, this.serverBase_ + this.rpcRelay);
+  gadgets.rpc.setAuthToken(iframeId, this.rpcToken);
+  continuation('<div class="' + this.cssClassGadgetContent + '"><iframe id="' +
+      iframeId + '" name="' + iframeId + '" class="' + this.cssClassGadget +
+      '" src="about:blank' +
+      '" frameborder="no" scrolling="no"' +
+      (this.height ? ' height="' + this.height + '"' : '') +
+      (this.width ? ' width="' + this.width + '"' : '') +
+      '></iframe></div>');
+};
+
+gadgets.IfrGadget.prototype.getIframeId = function() {
+  return this.GADGET_IFRAME_PREFIX_ + this.id;
+};
+
+gadgets.IfrGadget.prototype.getUserPrefsDialogId = function() {
+  return this.getIframeId() + '_userPrefsDialog';
+};
+
+gadgets.IfrGadget.prototype.getIframeUrl = function() {
+  return this.serverBase_ + 'gadgets/ifr?' +
+      'container=' + this.CONTAINER +
+      '&mid=' +  this.id +
+      '&nocache=' + gadgets.container.nocache_ +
+      '&country=' + gadgets.container.country_ +
+      '&lang=' + gadgets.container.language_ +
+      '&view=' + gadgets.container.view_ +
+      (this.specVersion ? '&v=' + this.specVersion : '') +
+      (gadgets.container.parentUrl_ ? '&parent=' + encodeURIComponent(gadgets.container.parentUrl_) : '') +
+      (this.debug ? '&debug=1' : '') +
+      this.getAdditionalParams() +
+      this.getUserPrefsParams() +
+      (this.secureToken ? '&st=' + this.secureToken : '') +
+      '&url=' + encodeURIComponent(this.specUrl) +
+      '#rpctoken=' + this.rpcToken +
+      (this.viewParams ?
+          '&view-params=' +  encodeURIComponent(gadgets.json.stringify(this.viewParams)) : '') +
+      (this.hashData ? '&' + this.hashData : '');
+};
+
+gadgets.IfrGadget.prototype.getUserPrefsParams = function() {
+  var params = '';
+  if (this.getUserPrefs()) {
+    for(var name in this.getUserPrefs()) {
+      var value = this.getUserPref(name);
+      params += '&up_' + encodeURIComponent(name) + '=' +
+          encodeURIComponent(value);
+    }
+  }
+  return params;
+};
+
+gadgets.IfrGadget.prototype.handleToggle = function() {
+  var gadgetIframe = document.getElementById(this.getIframeId());
+  if (gadgetIframe) {
+    var gadgetContent = gadgetIframe.parentNode;
+    var display = gadgetContent.style.display;
+    gadgetContent.style.display = display ? '' : 'none';
+  }
+};
+
+gadgets.IfrGadget.prototype.handleOpenUserPrefsDialog = function() {
+  if (this.userPrefsDialogContentLoaded) {
+    this.showUserPrefsDialog();
+  } else {
+    var gadget = this;
+    var igCallbackName = 'ig_callback_' + this.id;
+    window[igCallbackName] = function(userPrefsDialogContent) {
+      gadget.userPrefsDialogContentLoaded = true;
+      gadget.buildUserPrefsDialog(userPrefsDialogContent);
+      gadget.showUserPrefsDialog();
+    };
+
+    var script = document.createElement('script');
+    script.src = 'http://gmodules.com/ig/gadgetsettings?mid=' + this.id +
+        '&output=js' + this.getUserPrefsParams() +  '&url=' + this.specUrl;
+    document.body.appendChild(script);
+  }
+};
+
+gadgets.IfrGadget.prototype.buildUserPrefsDialog = function(content) {
+  var userPrefsDialog = document.getElementById(this.getUserPrefsDialogId());
+  userPrefsDialog.innerHTML = content +
+      '<div class="' + this.cssClassGadgetUserPrefsDialogActionBar +
+      '"><input type="button" value="Save" onclick="gadgets.container.getGadget(' +
+      this.id +').handleSaveUserPrefs()"> <input type="button" value="Cancel" onclick="gadgets.container.getGadget(' +
+      this.id +').handleCancelUserPrefs()"></div>';
+  userPrefsDialog.childNodes[0].style.display = '';
+};
+
+gadgets.IfrGadget.prototype.showUserPrefsDialog = function(opt_show) {
+  var userPrefsDialog = document.getElementById(this.getUserPrefsDialogId());
+  userPrefsDialog.style.display = (opt_show || opt_show === undefined)
+      ? '' : 'none';
+};
+
+gadgets.IfrGadget.prototype.hideUserPrefsDialog = function() {
+  this.showUserPrefsDialog(false);
+};
+
+gadgets.IfrGadget.prototype.handleSaveUserPrefs = function() {
+  this.hideUserPrefsDialog();
+
+  var prefs = {};
+  var numFields = document.getElementById('m_' + this.id +
+      '_numfields').value;
+  for (var i = 0; i < numFields; i++) {
+    var input = document.getElementById('m_' + this.id + '_' + i);
+    if (input.type != 'hidden') {
+      var userPrefNamePrefix = 'm_' + this.id + '_up_';
+      var userPrefName = input.name.substring(userPrefNamePrefix.length);
+      var userPrefValue = input.value;
+      prefs[userPrefName] = userPrefValue;
+    }
+  }
+
+  this.setUserPrefs(prefs);
+  this.refresh();
+};
+
+gadgets.IfrGadget.prototype.handleCancelUserPrefs = function() {
+  this.hideUserPrefsDialog();
+};
+
+gadgets.IfrGadget.prototype.refresh = function() {
+  var iframeId = this.getIframeId();
+  document.getElementById(iframeId).src = this.getIframeUrl();
+};
+
+
+// ---------
+// Container
+
+/**
+ * Container interface.
+ * @constructor
+ */
+gadgets.Container = function() {
+  this.gadgets_ = {};
+  this.parentUrl_ = 'http://' + document.location.host;
+  this.country_ = 'ALL';
+  this.language_ = 'ALL';
+  this.view_ = 'default';
+  this.nocache_ = 1;
+
+  // signed max int
+  this.maxheight_ = 0x7FFFFFFF;
+};
+
+gadgets.Container.inherits(gadgets.Extensible);
+
+/**
+ * Known dependencies:
+ *     gadgetClass: constructor to create a new gadget instance
+ *     userPrefStore: instance of a subclass of gadgets.UserPrefStore
+ *     gadgetService: instance of a subclass of gadgets.GadgetService
+ *     layoutManager: instance of a subclass of gadgets.LayoutManager
+ */
+
+gadgets.Container.prototype.gadgetClass = gadgets.Gadget;
+
+gadgets.Container.prototype.userPrefStore = new gadgets.DefaultUserPrefStore();
+
+gadgets.Container.prototype.gadgetService = new gadgets.GadgetService();
+
+gadgets.Container.prototype.layoutManager =
+    new gadgets.StaticLayoutManager();
+
+gadgets.Container.prototype.setParentUrl = function(url) {
+  this.parentUrl_ = url;
+};
+
+gadgets.Container.prototype.setCountry = function(country) {
+  this.country_ = country;
+};
+
+gadgets.Container.prototype.setNoCache = function(nocache) {
+  this.nocache_ = nocache;
+};
+
+gadgets.Container.prototype.setLanguage = function(language) {
+  this.language_ = language;
+};
+
+gadgets.Container.prototype.setView = function(view) {
+  this.view_ = view;
+};
+
+gadgets.Container.prototype.setMaxHeight = function(maxheight) {
+  this.maxheight_ = maxheight;
+};
+
+gadgets.Container.prototype.getGadgetKey_ = function(instanceId) {
+  return 'gadget_' + instanceId;
+};
+
+gadgets.Container.prototype.getGadget = function(instanceId) {
+  return this.gadgets_[this.getGadgetKey_(instanceId)];
+};
+
+gadgets.Container.prototype.createGadget = function(opt_params) {
+  return new this.gadgetClass(opt_params);
+};
+
+gadgets.Container.prototype.addGadget = function(gadget) {
+  gadget.id = this.getNextGadgetInstanceId();
+  gadget.setUserPrefs(this.userPrefStore.getPrefs(gadget));
+  this.gadgets_[this.getGadgetKey_(gadget.id)] = gadget;
+};
+
+gadgets.Container.prototype.addGadgets = function(gadgets) {
+  for (var i = 0; i < gadgets.length; i++) {
+    this.addGadget(gadgets[i]);
+  }
+};
+
+/**
+ * Renders all gadgets in the container.
+ */
+gadgets.Container.prototype.renderGadgets = function() {
+  for (var key in this.gadgets_) {
+    this.renderGadget(this.gadgets_[key]);
+  }
+};
+
+/**
+ * Renders a gadget.  Gadgets are rendered inside their chrome element.
+ * @param {Object} gadget Gadget object
+ */
+gadgets.Container.prototype.renderGadget = function(gadget) {
+  throw Error(gadgets.error.SUBCLASS_RESPONSIBILITY);
+};
+
+gadgets.Container.prototype.nextGadgetInstanceId_ = 0;
+
+gadgets.Container.prototype.getNextGadgetInstanceId = function() {
+  return this.nextGadgetInstanceId_++;
+};
+
+/**
+ * Refresh all the gadgets in the container.
+ */
+gadgets.Container.prototype.refreshGadgets = function() {
+  for (var key in this.gadgets_) {
+    this.gadgets_[key].refresh();
+  }
+};
+
+
+// ------------
+// IfrContainer
+
+/**
+ * Container that renders gadget using ifr.
+ * @constructor
+ */
+gadgets.IfrContainer = function() {
+  gadgets.Container.call(this);
+};
+
+gadgets.IfrContainer.inherits(gadgets.Container);
+
+gadgets.IfrContainer.prototype.gadgetClass = gadgets.IfrGadget;
+
+gadgets.IfrContainer.prototype.gadgetService = new gadgets.IfrGadgetService();
+
+gadgets.IfrContainer.prototype.setParentUrl = function(url) {
+  if (!url.match(/^http[s]?:\/\//)) {
+    url = document.location.href.match(/^[^?#]+\//)[0] + url;
+  }
+
+  this.parentUrl_ = url;
+};
+
+/**
+ * Renders a gadget using ifr.
+ * @param {Object} gadget Gadget object
+ */
+gadgets.IfrContainer.prototype.renderGadget = function(gadget) {
+  var chrome = this.layoutManager.getGadgetChrome(gadget);
+  gadget.render(chrome);
+};
+
+/**
+ * Default container.
+ */
+gadgets.container = new gadgets.IfrContainer();
Index: standard/src/main/webapp/WEB-INF/web.xml
===================================================================
--- standard/src/main/webapp/WEB-INF/web.xml	(revision 22419)
+++ standard/src/main/webapp/WEB-INF/web.xml	(working copy)
@@ -15,6 +15,18 @@
     </param-value>
   </context-param> 
   
+  <!-- Shidig Guice modules -->
+  <context-param>
+    <param-name>guice-modules</param-name>
+    <param-value>
+      org.apache.shindig.common.PropertiesModule:
+      org.apache.shindig.gadgets.DefaultGuiceModule:
+      org.apache.shindig.gadgets.oauth.OAuthModule:
+      org.apache.shindig.common.cache.ehcache.EhCacheModule:
+      org.xwiki.opensocial.social.XWSocialModule
+    </param-value>
+  </context-param>
+  
   <!-- Filter that sets a custom encoding to all requests, since usually clients don't specificy
        the encoding used for submitting the request, so by default containers fall back to the
        encoding globally configured in their settings. This allows XWiki to use a custom encoding,
@@ -66,6 +78,12 @@
     <filter-name>ActionDispatcher</filter-name>
     <filter-class>com.xpn.xwiki.web.ActionFilter</filter-class>
   </filter>
+  
+  <!-- Shindig filters -->
+  <filter>
+    <filter-name>authFilter</filter-name>
+    <filter-class>org.apache.shindig.auth.AuthenticationServletFilter</filter-class>
+  </filter>
 
   <!-- The encoding filter MUST always be the first one, as setting the encoding does not work after accessing the request data. -->
   <filter-mapping>
@@ -103,10 +121,41 @@
     <url-pattern>/*</url-pattern>
   </filter-mapping>
 
+  <!-- Shindig filter mappings -->
+  <filter-mapping>
+    <filter-name>authFilter</filter-name>
+    <url-pattern>/social/*</url-pattern>
+  </filter-mapping>
+
+  <filter-mapping>
+    <filter-name>authFilter</filter-name>
+    <url-pattern>/gadgets/ifr</url-pattern>
+  </filter-mapping>
+
+  <filter-mapping>
+    <filter-name>authFilter</filter-name>
+    <url-pattern>/gadgets/makeRequest</url-pattern>
+  </filter-mapping>
+
+  <filter-mapping>
+    <filter-name>authFilter</filter-name>
+    <url-pattern>/gadgets/api/rpc/*</url-pattern>
+  </filter-mapping>
+
+  <filter-mapping>
+    <filter-name>authFilter</filter-name>
+    <url-pattern>/gadgets/api/rest/*</url-pattern>
+  </filter-mapping>
+  
   <!-- Initializes XWiki -->
   <listener>
     <listener-class>org.xwiki.container.servlet.XWikiServletContextListener</listener-class>
   </listener>
+  
+  <!-- Shindig Guice listener -->
+  <listener>
+    <listener-class>org.apache.shindig.common.servlet.GuiceServletContextListener</listener-class>
+  </listener>
 
   <listener>
     <listener-class>org.xwiki.container.servlet.SetThreadNameServletRequestListener</listener-class>
@@ -192,6 +241,108 @@
     </servlet-class>
   </servlet>
 
+  <!-- Shindig servlets -->
+   <!-- Render a Gadget -->
+  <servlet>
+    <servlet-name>xml-to-html</servlet-name>
+    <servlet-class>
+      org.apache.shindig.gadgets.servlet.GadgetRenderingServlet
+    </servlet-class>
+  </servlet>
+
+  <!-- Proxy -->
+  <servlet>
+    <servlet-name>proxy</servlet-name>
+    <servlet-class>
+      org.apache.shindig.gadgets.servlet.ProxyServlet
+    </servlet-class>
+  </servlet>
+
+  <!-- makeRequest -->
+  <servlet>
+    <servlet-name>makeRequest</servlet-name>
+    <servlet-class>
+      org.apache.shindig.gadgets.servlet.MakeRequestServlet
+    </servlet-class>
+  </servlet>
+
+  <servlet>
+    <servlet-name>concat</servlet-name>
+    <servlet-class>
+      org.apache.shindig.gadgets.servlet.ConcatProxyServlet
+    </servlet-class>
+  </servlet>
+
+  <!-- OAuth callback -->
+  <servlet>
+    <servlet-name>oauthCallback</servlet-name>
+    <servlet-class>
+      org.apache.shindig.gadgets.servlet.OAuthCallbackServlet
+    </servlet-class>
+  </servlet>
+
+  <!-- Metadata RPC -->
+  <servlet>
+    <servlet-name>metadata</servlet-name>
+    <servlet-class>
+      org.apache.shindig.gadgets.servlet.RpcServlet
+    </servlet-class>
+  </servlet>
+
+  <!-- javascript serving -->
+  <servlet>
+    <servlet-name>js</servlet-name>
+    <servlet-class>org.apache.shindig.gadgets.servlet.JsServlet</servlet-class>
+  </servlet>
+
+  <!-- Serve social REST api -->
+  <servlet>
+    <servlet-name>socialRestapiServlet</servlet-name>
+    <servlet-class>
+      org.apache.shindig.protocol.DataServiceServlet
+    </servlet-class>
+    <init-param>
+      <param-name>handlers</param-name>
+      <param-value>org.apache.shindig.social.handlers</param-value>
+    </init-param>
+  </servlet>
+
+  <!-- Serve social RPC api -->
+  <servlet>
+    <servlet-name>socialJsonRpcServlet</servlet-name>
+    <servlet-class>
+      org.apache.shindig.protocol.JsonRpcServlet
+    </servlet-class>
+    <init-param>
+      <param-name>handlers</param-name>
+      <param-value>org.apache.shindig.social.handlers</param-value>
+    </init-param>
+  </servlet>
+
+  <!-- Serve gadgets RPC api -->
+  <servlet>
+    <servlet-name>gadgetsJsonRpcServlet</servlet-name>
+    <servlet-class>
+      org.apache.shindig.protocol.JsonRpcServlet
+    </servlet-class>
+    <init-param>
+      <param-name>handlers</param-name>
+      <param-value>org.apache.shindig.gadgets.handlers</param-value>
+    </init-param>
+  </servlet>
+
+  <!-- Serve gadgets REST api -->
+  <servlet>
+    <servlet-name>gadgetsRestapiServlet</servlet-name>
+    <servlet-class>
+      org.apache.shindig.protocol.DataServiceServlet
+    </servlet-class>
+    <init-param>
+      <param-name>handlers</param-name>
+      <param-value>org.apache.shindig.gadgets.handlers</param-value>
+    </init-param>
+  </servlet>
+  
   <!-- RESTful API mapping -->
   <servlet-mapping>
     <servlet-name>RestletServlet</servlet-name>
@@ -242,6 +393,62 @@
    <servlet-name>webdav</servlet-name>
    <url-pattern>/webdav/*</url-pattern>
   </servlet-mapping>
+  
+  <!-- Shindig servlet mappings -->
+  <servlet-mapping>
+    <servlet-name>js</servlet-name>
+    <url-pattern>/gadgets/js/*</url-pattern>
+  </servlet-mapping>
+
+  <servlet-mapping>
+    <servlet-name>proxy</servlet-name>
+    <url-pattern>/gadgets/proxy/*</url-pattern>
+  </servlet-mapping>
+
+  <servlet-mapping>
+    <servlet-name>makeRequest</servlet-name>
+    <url-pattern>/gadgets/makeRequest</url-pattern>
+  </servlet-mapping>
+
+  <servlet-mapping>
+    <servlet-name>gadgetsJsonRpcServlet</servlet-name>
+    <url-pattern>/gadgets/api/rpc/*</url-pattern>
+  </servlet-mapping>
+
+  <servlet-mapping>
+    <servlet-name>gadgetsRestapiServlet</servlet-name>
+    <url-pattern>/gadgets/api/rest/*</url-pattern>
+  </servlet-mapping>
+
+  <servlet-mapping>
+    <servlet-name>concat</servlet-name>
+    <url-pattern>/gadgets/concat</url-pattern>
+  </servlet-mapping>
+
+  <servlet-mapping>
+    <servlet-name>oauthCallback</servlet-name>
+    <url-pattern>/gadgets/oauthcallback</url-pattern>
+  </servlet-mapping>
+
+  <servlet-mapping>
+    <servlet-name>xml-to-html</servlet-name>
+    <url-pattern>/gadgets/ifr</url-pattern>
+  </servlet-mapping>
+
+  <servlet-mapping>
+    <servlet-name>metadata</servlet-name>
+    <url-pattern>/gadgets/metadata</url-pattern>
+  </servlet-mapping>
+
+  <servlet-mapping>
+    <servlet-name>socialRestapiServlet</servlet-name>
+    <url-pattern>/social/rest/*</url-pattern>
+  </servlet-mapping>
+
+  <servlet-mapping>
+    <servlet-name>socialJsonRpcServlet</servlet-name>
+    <url-pattern>/social/rpc/*</url-pattern>
+  </servlet-mapping>
 
   <!-- We override the mime type definition for javascript and css files, as some containers don't
        provide it, causing problems for javascript files containg velocity code, like
Index: standard/src/main/webapp/resources/js/xwiki/opensocial/gadgets.css
===================================================================
--- standard/src/main/webapp/resources/js/xwiki/opensocial/gadgets.css	(revision 0)
+++ standard/src/main/webapp/resources/js/xwiki/opensocial/gadgets.css	(revision 0)
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+ 
+.gadgets-gadget-chrome {
+  float: left;
+  margin: 4px;
+  border: 1px solid #7aa5d6;
+}
+
+.gadgets-gadget {
+  border: none;
+}
+
+.gadgets-gadget-title-bar {
+  padding: 2px 4px;
+  background-color: #e5ecf9;
+}
+
+.gadgets-gadget-title {
+  font-weight: bold;
+  color: #3366cc;
+}
+
+.gadgets-gadget-title-button-bar {
+  font-size: smaller;
+}
+
+.gadgets-gadget-user-prefs-dialog {
+  background-color: #e5ecf9;
+}
+
+.gadgets-gadget-user-prefs-dialog-action-bar {
+  text-align: center;
+  padding-bottom: 4px;
+}
+
+.gadgets-gadget-title-button {
+}
+
+.gadgets-gadget-content {
+  padding: 4px;
+}
+
+.gadgets-log-entry {
+}
Index: standard/src/main/webapp/templates/getuserfriends.vm
===================================================================
--- standard/src/main/webapp/templates/getuserfriends.vm	(revision 0)
+++ standard/src/main/webapp/templates/getuserfriends.vm	(revision 0)
@@ -0,0 +1,39 @@
+#template('xwikivars.vm')
+$response.setContentType('application/x-json')
+#set($offset = $util.parseInt($request.get('offset')))
+#set($off = $offset - 1 )
+#set($limit = $util.parseInt($request.get('limit')))
+#set($order = true)
+#if("$!{request.dir}" == 'desc')
+  #set($order = false)
+#end
+##
+#set($friends = $doc.getObjects("XWiki.FriendClass"))
+#set($countm = $friends.size())
+
+{
+"totalrows": $countm,
+"returnedrows": #if($friends.size() < $limit) $friends.size() #else $limit #end,
+"offset": $offset,
+"rows": [
+#foreach( $f in $friends )
+    #set($fvalue = $f.getProperty('friendName').getValue())
+    #set($mdoc = $xwiki.getDocument($fvalue))
+    #set($wikiname = $mdoc.getWiki())
+    #if($wikiname != 'xwiki' || $wikiname == $context.database) #set($wikiname = 'local') #end
+    #if( $velocityCount > 1 ) , #end
+   {
+    "fullname"     : "$fvalue",
+    "prettyname"   : "$xwiki.getUserName($fvalue, false)#if($hasAdmin || $isAdvancedUser) (#if($wikiname != 'local')$wikiname:#end$fvalue)#end",
+    "wikiname"     : "$wikiname",
+    "friendNameurl": "$xwiki.getURL($fvalue)",
+    "docurl"       : "$doc.getURL()",
+## livetable data
+    "doc_viewable" : "${xwiki.hasAccessLevel('view', $context.user, $fvalue)}",
+    "doc_hasadmin" : "${xwiki.hasAccessLevel('admin', $context.user, $doc)}",
+    "friendName"   : "$xwiki.getUserName($fvalue, false)#if($hasAdmin || $isAdvancedUser) (#if($wikiname != 'local')$wikiname:#end$fvalue)#end",
+    "friendName_url" : "$xwiki.getURL($fvalue)",
+    "doc_delete_url" : "$doc.getURL('view', "xpage=deletefriend&name=${fvalue}&ajax=true")"
+   }
+#end
+]}
Index: standard/src/main/webapp/resources/js/xwiki/opensocial/cookiebaseduserprefstore.js
===================================================================
--- standard/src/main/webapp/resources/js/xwiki/opensocial/cookiebaseduserprefstore.js	(revision 0)
+++ standard/src/main/webapp/resources/js/xwiki/opensocial/cookiebaseduserprefstore.js	(revision 0)
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+/**
+ * @fileoverview Implements the gadgets.UserPrefStore interface using a cookies
+ * based implementation. Depends on cookies.js. This code should not be used in
+ * a production environment.
+ */
+
+/**
+ * Cookie-based user preference store.
+ * @constructor
+ */
+gadgets.CookieBasedUserPrefStore = function() {
+  gadgets.UserPrefStore.call(this);
+};
+
+gadgets.CookieBasedUserPrefStore.inherits(gadgets.UserPrefStore);
+
+gadgets.CookieBasedUserPrefStore.prototype.USER_PREFS_PREFIX =
+    'gadgetUserPrefs-';
+
+gadgets.CookieBasedUserPrefStore.prototype.getPrefs = function(gadget) {
+  var userPrefs = {};
+  var cookieName = this.USER_PREFS_PREFIX + gadget.id;
+  var cookie = shindig.cookies.get(cookieName);
+  if (cookie) {
+    var pairs = cookie.split('&');
+    for (var i = 0; i < pairs.length; i++) {
+      var nameValue = pairs[i].split('=');
+      var name = decodeURIComponent(nameValue[0]);
+      var value = decodeURIComponent(nameValue[1]);
+      userPrefs[name] = value;
+    }
+  }
+
+  return userPrefs;
+};
+
+gadgets.CookieBasedUserPrefStore.prototype.savePrefs = function(gadget) {
+  var pairs = [];
+  for (var name in gadget.getUserPrefs()) {
+    var value = gadget.getUserPref(name);
+    var pair = encodeURIComponent(name) + '=' + encodeURIComponent(value);
+    pairs.push(pair);
+  }
+
+  var cookieName = this.USER_PREFS_PREFIX + gadget.id;
+  var cookieValue = pairs.join('&');
+  shindig.cookies.set(cookieName, cookieValue);
+};
+
+gadgets.Container.prototype.userPrefStore =
+    new gadgets.CookieBasedUserPrefStore();
Index: standard/src/main/webapp/resources/js/xwiki/opensocial/rpc.js
===================================================================
--- standard/src/main/webapp/resources/js/xwiki/opensocial/rpc.js	(revision 0)
+++ standard/src/main/webapp/resources/js/xwiki/opensocial/rpc.js	(revision 0)
@@ -0,0 +1,2518 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * @fileoverview
+ * Support for basic logging capability for gadgets, meant to replace
+ * alert(msg) and window.console.log(msg).
+ *
+ * Currently only works on browsers with a console (WebKit based browsers
+ * or Firefox with Firebug extension).
+ *
+ * API is designed to be equivalent to existing console.log | warn | error
+ * logging APIs supported by Firebug and WebKit based browsers. The only
+ * addition is the ability to call gadgets.setLogLevel().
+ */
+
+var gadgets = gadgets || {};
+
+/**
+ * Log an informational message
+ */
+gadgets.log = function(message) {
+  gadgets.log.logAtLevel(gadgets.log.INFO, message);
+};
+
+/**
+ * Log a warning
+ */
+gadgets.warn = function(message) {
+  gadgets.log.logAtLevel(gadgets.log.WARNING, message);
+}
+
+/**
+ * Log an error
+ */
+gadgets.error = function(message) {
+  gadgets.log.logAtLevel(gadgets.log.ERROR, message);
+};
+
+/**
+ * Sets the log level threshold.
+ * @param {Number} logLevel - New log level threshold.
+ * @static
+ */
+gadgets.setLogLevel = function(logLevel) {
+  gadgets.log.logLevelThreshold_ = logLevel;
+};
+
+/**
+ * Logs a log message if output console is available, and log threshold is met.
+ * @param {Number} level - the level to log with. Optional, defaults to
+ * @param {Object} message - The message to log
+ * gadgets.log.INFO.
+ * @static
+ */
+gadgets.log.logAtLevel = function(level, message) {
+  if (level < gadgets.log.logLevelThreshold_ || !window.console) {
+    return;
+  }
+
+  var logger = window.console.log;
+
+  if (level == gadgets.log.WARNING && window.console.warn) {
+    logger = window.console.warn;
+  } else if (level == gadgets.log.ERROR && window.console.error) {
+    logger = window.console.error;
+  }
+
+  logger(message);
+};
+
+/**
+ * Log level for informational logging.
+ * @static
+ */
+gadgets.log.INFO = 1;
+
+/**
+ * Log level for warning logging.
+ * @static
+ */
+gadgets.log.WARNING = 2;
+
+/**
+ * Log level for error logging.
+ * @static
+ */
+gadgets.log.ERROR = 3;
+
+/**
+ * Log level for no logging
+ * @static
+ */
+gadgets.log.NONE = 4;
+
+/**
+ * Current log level threshold.
+ * @type Number
+ * @private
+ * @static
+ */
+gadgets.log.logLevelThreshold_ = gadgets.log.INFO;
+;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+var gadgets = gadgets || {};
+
+/**
+ * @fileoverview General purpose utilities that gadgets can use.
+ */
+
+/**
+ * @static
+ * @class Provides general-purpose utility functions.
+ * @name gadgets.util
+ */
+
+gadgets.util = function() {
+  /**
+   * Parses URL parameters into an object.
+   * @return {Array.&lt;String&gt;} The parameters
+   */
+  function parseUrlParams() {
+    // Get settings from url, 'hash' takes precedence over 'search' component
+    // don't use document.location.hash due to browser differences.
+    var query;
+    var l = document.location.href;
+    var queryIdx = l.indexOf("?");
+    var hashIdx = l.indexOf("#");
+    if (hashIdx === -1) {
+      query = l.substr(queryIdx + 1);
+    } else {
+      // essentially replaces "#" with "&"
+      query = [l.substr(queryIdx + 1, hashIdx - queryIdx - 1), "&",
+               l.substr(hashIdx + 1)].join("");
+    }
+    return query.split("&");
+  }
+
+  var parameters = null;
+  var features = {};
+  var services = {};
+  var onLoadHandlers = [];
+
+  // Maps code points to the value to replace them with.
+  // If the value is "false", the character is removed entirely, otherwise
+  // it will be replaced with an html entity.
+  var escapeCodePoints = {
+   // nul; most browsers truncate because they use c strings under the covers.
+   0 : false,
+   // new line
+   10 : true,
+   // carriage return
+   13 : true,
+   // double quote
+   34 : true,
+   // single quote
+   39 : true,
+   // less than
+   60 : true,
+   // greater than
+   62 : true,
+   // Backslash
+   92 : true,
+   // line separator
+   8232 : true,
+   // paragraph separator
+   8233 : true
+  };
+
+  /**
+   * Regular expression callback that returns strings from unicode code points.
+   *
+   * @param {Array} match Ignored
+   * @param {String} value The codepoint value to convert
+   * @return {String} The character corresponding to value.
+   */
+  function unescapeEntity(match, value) {
+    return String.fromCharCode(value);
+  }
+
+  /**
+   * Initializes feature parameters.
+   */
+  function init(config) {
+    features = config["core.util"] || {};
+  }
+  if (gadgets.config) {
+    gadgets.config.register("core.util", null, init);
+  }
+
+  return /** @scope gadgets.util */ {
+
+    /**
+     * Gets the URL parameters.
+     *
+     * @return {Object} Parameters passed into the query string
+     * @member gadgets.util
+     * @private Implementation detail.
+     */
+    getUrlParameters : function () {
+      if (parameters !== null) {
+        return parameters;
+      }
+      parameters = {};
+      var pairs = parseUrlParams();
+      var unesc = window.decodeURIComponent ? decodeURIComponent : unescape;
+      for (var i = 0, j = pairs.length; i < j; ++i) {
+        var pos = pairs[i].indexOf('=');
+        if (pos === -1) {
+          continue;
+        }
+        var argName = pairs[i].substring(0, pos);
+        var value = pairs[i].substring(pos + 1);
+        // difference to IG_Prefs, is that args doesn't replace spaces in
+        // argname. Unclear on if it should do:
+        // argname = argname.replace(/\+/g, " ");
+        value = value.replace(/\+/g, " ");
+        parameters[argName] = unesc(value);
+      }
+      return parameters;
+    },
+
+    /**
+     * Creates a closure that is suitable for passing as a callback.
+     * Any number of arguments
+     * may be passed to the callback;
+     * they will be received in the order they are passed in.
+     *
+     * @param {Object} scope The execution scope; may be null if there is no
+     *     need to associate a specific instance of an object with this
+     *     callback
+     * @param {Function} callback The callback to invoke when this is run;
+     *     any arguments passed in will be passed after your initial arguments
+     * @param {Object} var_args Initial arguments to be passed to the callback
+     *
+     * @member gadgets.util
+     * @private Implementation detail.
+     */
+    makeClosure : function (scope, callback, var_args) {
+      // arguments isn't a real array, so we copy it into one.
+      var baseArgs = [];
+      for (var i = 2, j = arguments.length; i < j; ++i) {
+       baseArgs.push(arguments[i]);
+      }
+      return function() {
+        // append new arguments.
+        var tmpArgs = baseArgs.slice();
+        for (var i = 0, j = arguments.length; i < j; ++i) {
+          tmpArgs.push(arguments[i]);
+        }
+        return callback.apply(scope, tmpArgs);
+      };
+    },
+
+    /**
+     * Utility function for generating an "enum" from an array.
+     *
+     * @param {Array.<String>} values The values to generate.
+     * @return {Map&lt;String,String&gt;} An object with member fields to handle
+     *   the enum.
+     *
+     * @private Implementation detail.
+     */
+    makeEnum : function (values) {
+      var obj = {};
+      for (var i = 0, v; (v = values[i]); ++i) {
+        obj[v] = v;
+      }
+      return obj;
+    },
+
+    /**
+     * Gets the feature parameters.
+     *
+     * @param {String} feature The feature to get parameters for
+     * @return {Object} The parameters for the given feature, or null
+     *
+     * @member gadgets.util
+     */
+    getFeatureParameters : function (feature) {
+      return typeof features[feature] === "undefined" ? null : features[feature];
+    },
+
+    /**
+     * Returns whether the current feature is supported.
+     *
+     * @param {String} feature The feature to test for
+     * @return {Boolean} True if the feature is supported
+     *
+     * @member gadgets.util
+     */
+    hasFeature : function (feature) {
+      return typeof features[feature] !== "undefined";
+    },
+    
+    /**
+     * Returns the list of services supported by the server
+     * serving this gadget.
+     *
+     * @return {Object} List of Services that enumerate their methods
+     *
+     * @member gadgets.util
+     */
+    getServices : function () {
+      return services;
+    },
+
+    /**
+     * Registers an onload handler.
+     * @param {Function} callback The handler to run
+     *
+     * @member gadgets.util
+     */
+    registerOnLoadHandler : function (callback) {
+      onLoadHandlers.push(callback);
+    },
+
+    /**
+     * Runs all functions registered via registerOnLoadHandler.
+     * @private Only to be used by the container, not gadgets.
+     */
+    runOnLoadHandlers : function () {
+      for (var i = 0, j = onLoadHandlers.length; i < j; ++i) {
+        onLoadHandlers[i]();
+      }
+    },
+
+    /**
+     * Escapes the input using html entities to make it safer.
+     *
+     * If the input is a string, uses gadgets.util.escapeString.
+     * If it is an array, calls escape on each of the array elements
+     * if it is an object, will only escape all the mapped keys and values if
+     * the opt_escapeObjects flag is set. This operation involves creating an
+     * entirely new object so only set the flag when the input is a simple
+     * string to string map.
+     * Otherwise, does not attempt to modify the input.
+     *
+     * @param {Object} input The object to escape
+     * @param {Boolean} opt_escapeObjects Whether to escape objects.
+     * @return {Object} The escaped object
+     * @private Only to be used by the container, not gadgets.
+     */
+    escape : function(input, opt_escapeObjects) {
+      if (!input) {
+        return input;
+      } else if (typeof input === "string") {
+        return gadgets.util.escapeString(input);
+      } else if (typeof input === "array") {
+        for (var i = 0, j = input.length; i < j; ++i) {
+          input[i] = gadgets.util.escape(input[i]);
+        }
+      } else if (typeof input === "object" && opt_escapeObjects) {
+        var newObject = {};
+        for (var field in input) {
+          if (input.hasOwnProperty(field)) {
+            newObject[gadgets.util.escapeString(field)] = gadgets.util.escape(input[field], true);
+          }
+        }
+        return newObject;
+      }
+      return input;
+    },
+
+    /**
+     * Escapes the input using html entities to make it safer.
+     *
+     * Currently not in the spec -- future proposals may change
+     * how this is handled.
+     *
+     * TODO: Parsing the string would probably be more accurate and faster than
+     * a bunch of regular expressions.
+     *
+     * @param {String} str The string to escape
+     * @return {String} The escaped string
+     */
+    escapeString : function(str) {
+      var out = [], ch, shouldEscape;
+      for (var i = 0, j = str.length; i < j; ++i) {
+        ch = str.charCodeAt(i);
+        shouldEscape = escapeCodePoints[ch];
+        if (shouldEscape === true) {
+          out.push("&#", ch, ";");
+        } else if (shouldEscape !== false) {
+          // undefined or null are OK.
+          out.push(str.charAt(i));
+        }
+      }
+      return out.join("");
+    },
+
+    /**
+     * Reverses escapeString
+     *
+     * @param {String} str The string to unescape.
+     */
+    unescapeString : function(str) {
+      return str.replace(/&#([0-9]+);/g, unescapeEntity);
+    }
+  };
+}();
+// Initialize url parameters so that hash data is pulled in before it can be
+// altered by a click.
+gadgets.util.getUrlParameters();
+
+;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * @fileoverview
+ * The global object gadgets.json contains two methods.
+ *
+ * gadgets.json.stringify(value) takes a JavaScript value and produces a JSON
+ * text. The value must not be cyclical.
+ *
+ * gadgets.json.parse(text) takes a JSON text and produces a JavaScript value.
+ * It will return false if there is an error.
+*/
+
+var gadgets = gadgets || {};
+
+/**
+ * @static
+ * @class Provides operations for translating objects to and from JSON.
+ * @name gadgets.json
+ */
+
+/**
+ * Port of the public domain JSON library by Douglas Crockford.
+ * See: http://www.json.org/json2.js
+ */
+if (window.JSON) {
+  // HTML5 implementation, or already defined.
+  // Not a direct alias as the opensocial specification disagrees with the HTML5 JSON spec.
+  // JSON says to throw on parse errors and to support filtering functions. OS does not.
+  gadgets.json = {
+    parse: function(str) {
+      try {
+        return window.JSON.parse(str);
+      } catch (e) {
+        return false;
+      }
+    },
+    stringify: function(obj) {
+      try {
+        return window.JSON.stringify(obj);
+      } catch (e) {
+        return null;
+      }
+    }
+  };
+} else {
+  gadgets.json = function () {
+  
+    /**
+     * Formats integers to 2 digits.
+     * @param {Number} n
+     */
+    function f(n) {
+      return n < 10 ? '0' + n : n;
+    }
+  
+    Date.prototype.toJSON = function () {
+      return [this.getUTCFullYear(), '-',
+             f(this.getUTCMonth() + 1), '-',
+             f(this.getUTCDate()), 'T',
+             f(this.getUTCHours()), ':',
+             f(this.getUTCMinutes()), ':',
+             f(this.getUTCSeconds()), 'Z'].join("");
+    };
+  
+    // table of character substitutions
+    var m = {
+      '\b': '\\b',
+      '\t': '\\t',
+      '\n': '\\n',
+      '\f': '\\f',
+      '\r': '\\r',
+      '"' : '\\"',
+      '\\': '\\\\'
+    };
+  
+    /**
+     * Converts a json object into a string.
+     */
+    function stringify(value) {
+      var a,          // The array holding the partial texts.
+          i,          // The loop counter.
+          k,          // The member key.
+          l,          // Length.
+          r = /["\\\x00-\x1f\x7f-\x9f]/g,
+          v;          // The member value.
+  
+      switch (typeof value) {
+      case 'string':
+      // If the string contains no control characters, no quote characters, and no
+      // backslash characters, then we can safely slap some quotes around it.
+      // Otherwise we must also replace the offending characters with safe ones.
+        return r.test(value) ?
+            '"' + value.replace(r, function (a) {
+              var c = m[a];
+              if (c) {
+                return c;
+              }
+              c = a.charCodeAt();
+              return '\\u00' + Math.floor(c / 16).toString(16) +
+                  (c % 16).toString(16);
+              }) + '"' : '"' + value + '"';
+      case 'number':
+      // JSON numbers must be finite. Encode non-finite numbers as null.
+        return isFinite(value) ? String(value) : 'null';
+      case 'boolean':
+      case 'null':
+        return String(value);
+      case 'object':
+      // Due to a specification blunder in ECMAScript,
+      // typeof null is 'object', so watch out for that case.
+        if (!value) {
+          return 'null';
+        }
+        // toJSON check removed; re-implement when it doesn't break other libs.
+        a = [];
+        if (typeof value.length === 'number' &&
+            !value.propertyIsEnumerable('length')) {
+          // The object is an array. Stringify every element. Use null as a
+          // placeholder for non-JSON values.
+          l = value.length;
+          for (i = 0; i < l; i += 1) {
+            a.push(stringify(value[i]) || 'null');
+          }
+          // Join all of the elements together and wrap them in brackets.
+          return '[' + a.join(',') + ']';
+        }
+        // Otherwise, iterate through all of the keys in the object.
+        for (k in value) {
+          if (value.hasOwnProperty(k)) {
+            if (typeof k === 'string') {
+              v = stringify(value[k]);
+              if (v) {
+                a.push(stringify(k) + ':' + v);
+              }
+            }
+          }
+        }
+        // Join all of the member texts together and wrap them in braces.
+        return '{' + a.join(',') + '}';
+      }
+    }
+  
+    return {
+      stringify: stringify,
+      parse: function (text) {
+      // Parsing happens in three stages. In the first stage, we run the text against
+      // regular expressions that look for non-JSON patterns. We are especially
+      // concerned with '()' and 'new' because they can cause invocation, and '='
+      // because it can cause mutation. But just to be safe, we want to reject all
+      // unexpected forms.
+      
+      // We split the first stage into 4 regexp operations in order to work around
+      // crippling inefficiencies in IE's and Safari's regexp engines. First we
+      // replace all backslash pairs with '@' (a non-JSON character). Second, we
+      // replace all simple value tokens with ']' characters. Third, we delete all
+      // open brackets that follow a colon or comma or that begin the text. Finally,
+      // we look to see that the remaining characters are only whitespace or ']' or
+      // ',' or ':' or '{' or '}'. If that is so, then the text is safe for eval.
+  
+        if (/^[\],:{}\s]*$/.test(text.replace(/\\["\\\/b-u]/g, '@').
+            replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, ']').
+            replace(/(?:^|:|,)(?:\s*\[)+/g, ''))) {
+          return eval('(' + text + ')');
+        }
+        // If the text is not JSON parseable, then return false.
+  
+        return false;
+      }
+    };
+  }();
+}
+
+;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+var gadgets = gadgets || {};
+gadgets.rpctx = gadgets.rpctx || {};
+
+/**
+ * Transport for browsers that support native messaging (various implementations
+ * of the HTML5 postMessage method). Officially defined at
+ * http://www.whatwg.org/specs/web-apps/current-work/multipage/comms.html.
+ *
+ * postMessage is a native implementation of XDC. A page registers that
+ * it would like to receive messages by listening the the "message" event
+ * on the window (document in DPM) object. In turn, another page can
+ * raise that event by calling window.postMessage (document.postMessage
+ * in DPM) with a string representing the message and a string
+ * indicating on which domain the receiving page must be to receive
+ * the message. The target page will then have its "message" event raised
+ * if the domain matches and can, in turn, check the origin of the message
+ * and process the data contained within.
+ *
+ *   wpm: postMessage on the window object.
+ *      - Internet Explorer 8+
+ *      - Safari (latest nightlies as of 26/6/2008)
+ *      - Firefox 3+
+ *      - Opera 9+
+ */
+gadgets.rpctx.Wpm = function() {
+  var ready;
+
+  return {
+    getCode: function() {
+      return 'wpm';
+    },
+
+    isParentVerifiable: function() {
+      return true;
+    },
+
+    init: function(processFn, readyFn) {
+      ready = readyFn;
+      // Set up native postMessage handler.
+      window.addEventListener('message', function(packet) {
+        // TODO validate packet.domain for security reasons
+        processFn(gadgets.json.parse(packet.data));
+      }, false);
+      ready('..', true);  // Immediately ready to send to parent.
+      return true;
+    },
+
+    setup: function(receiverId, token) {
+      // If we're a gadget, send an ACK message to indicate to container
+      // that we're ready to receive messages.
+      if (receiverId === '..') {
+        gadgets.rpc.call(receiverId, gadgets.rpc.ACK);
+      }
+      return true;
+    },
+
+    call: function(targetId, from, rpc) {
+      var targetWin = targetId === '..' ? parent : frames[targetId];
+      var relay = gadgets.rpc.getRelayUrl(targetId);
+      if (relay) {
+        targetWin.postMessage(gadgets.json.stringify(rpc), relay);
+      }
+      return true;
+    }
+  };
+}();
+;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+var gadgets = gadgets || {};
+gadgets.rpctx = gadgets.rpctx || {};
+
+/**
+ * Similar transport to WPM, but uses document element instead.
+ * This was implemented by Opera 8 before the WPM standard was complete.
+ *
+ *     dpm: postMessage on the document object.
+ *        - Opera 8+
+ */
+gadgets.rpctx.Dpm = function() {
+  var ready;
+  return {
+    getCode: function() {
+      return 'dpm';
+    },
+
+    isParentVerifiable: function() {
+      return false;
+    },
+
+    init: function(processFn, readyFn) {
+      ready = readyFn;
+      // Set up native postMessage handler.
+      window.addEventListener('message', function(packet) {
+        // TODO validate packet.domain for security reasons
+        processFn(gadgets.json.parse(packet.data));
+      }, false);
+      ready('..', true);  // Ready immediately.
+      return true;
+    },
+
+    setup: function(receiverId, token) {
+      // See WPM setup comment.
+      if (receiverId === '..') {
+        gadgets.rpc.call(receiverId, gadgets.rpc.ACK);
+      }
+      return true;
+    },
+
+    call: function(targetId, from, rpc) {
+      var targetDoc = targetId === '..' ? parent.document :
+                                          frames[targetId].document;
+      targetDoc.postMessage(gadgets.json.stringify(rpc));
+      return true;
+    }
+  };
+}();
+;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+var gadgets = gadgets || {};
+gadgets.rpctx = gadgets.rpctx || {};
+
+/*
+ * For Gecko-based browsers, the security model allows a child to call a
+ * function on the frameElement of the iframe, even if the child is in
+ * a different domain. This method is dubbed "frameElement" (fe).
+ *
+ * The ability to add and call such functions on the frameElement allows
+ * a bidirectional channel to be setup via the adding of simple function
+ * references on the frameElement object itself. In this implementation,
+ * when the container sets up the authentication information for that gadget
+ * (by calling setAuth(...)) it as well adds a special function on the
+ * gadget's iframe. This function can then be used by the gadget to send
+ * messages to the container. In turn, when the gadget tries to send a
+ * message, it checks to see if this function has its own function stored
+ * that can be used by the container to call the gadget. If not, the
+ * function is created and subsequently used by the container.
+ * Note that as a result, FE can only be used by a container to call a
+ * particular gadget *after* that gadget has called the container at
+ * least once via FE.
+ *
+ *   fe: Gecko-specific frameElement trick.
+ *      - Firefox 1+
+ */
+gadgets.rpctx.FrameElement = function() {
+  // Consts for FrameElement.
+  var FE_G2C_CHANNEL = '__g2c_rpc';
+  var FE_C2G_CHANNEL = '__c2g_rpc';
+  var process;
+  var ready;
+
+  function callFrameElement(targetId, from, rpc) {
+    try {
+      if (from !== '..') {
+        // Call from gadget to the container.
+        var fe = window.frameElement;
+
+        if (typeof fe[FE_G2C_CHANNEL] === 'function') {
+          // Complete the setup of the FE channel if need be.
+          if (typeof fe[FE_G2C_CHANNEL][FE_C2G_CHANNEL] !== 'function') {
+            fe[FE_G2C_CHANNEL][FE_C2G_CHANNEL] = function(args) {
+              process(gadgets.json.parse(args));
+            };
+          }
+
+          // Conduct the RPC call.
+          fe[FE_G2C_CHANNEL](gadgets.json.stringify(rpc));
+          return;
+        }
+      } else {
+        // Call from container to gadget[targetId].
+        var frame = document.getElementById(targetId);
+
+        if (typeof frame[FE_G2C_CHANNEL] === 'function' &&
+            typeof frame[FE_G2C_CHANNEL][FE_C2G_CHANNEL] === 'function') {
+
+          // Conduct the RPC call.
+          frame[FE_G2C_CHANNEL][FE_C2G_CHANNEL](gadgets.json.stringify(rpc));
+          return;
+        }
+      }
+    } catch (e) {
+    }
+    return true;
+  }
+
+  return {
+    getCode: function() {
+      return 'fe';
+    },
+
+    isParentVerifiable: function() {
+      return false;
+    },
+  
+    init: function(processFn, readyFn) {
+      // No global setup.
+      process = processFn;
+      ready = readyFn;
+      return true;
+    },
+
+    setup: function(receiverId, token) {
+      // Indicate OK to call to container. This will be true
+      // by the end of this method.
+      if (receiverId !== '..') {
+        try {
+          var frame = document.getElementById(receiverId);
+          frame[FE_G2C_CHANNEL] = function(args) {
+            process(gadgets.json.parse(args));
+          };
+        } catch (e) {
+          return false;
+        }
+      }
+      if (receiverId === '..') {
+        ready('..', true);
+        var ackFn = function() {
+          window.setTimeout(function() {
+            gadgets.rpc.call(receiverId, gadgets.rpc.ACK)
+          }, 500);
+        }
+        // Setup to container always happens before onload.
+        // If it didn't, the correct fix would be in gadgets.util.
+        gadgets.util.registerOnLoadHandler(ackFn);
+      }
+      return true;
+    },
+
+    call: function(targetId, from, rpc) {
+      callFrameElement(targetId, from, rpc);
+    } 
+
+  };
+}();
+;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+var gadgets = gadgets || {};
+gadgets.rpctx = gadgets.rpctx || {};
+
+/**
+ * For Internet Explorer before version 8, the security model allows anyone
+ * parent to set the value of the "opener" property on another window,
+ * with only the receiving window able to read it.
+ * This method is dubbed "Native IE XDC" (NIX).
+ *
+ * This method works by placing a handler object in the "opener" property
+ * of a gadget when the container sets up the authentication information
+ * for that gadget (by calling setAuthToken(...)). At that point, a NIX
+ * wrapper is created and placed into the gadget by calling
+ * theframe.contentWindow.opener = wrapper. Note that as a result, NIX can
+ * only be used by a container to call a particular gadget *after* that
+ * gadget has called the container at least once via NIX.
+ *
+ * The NIX wrappers in this RPC implementation are instances of a VBScript
+ * class that is created when this implementation loads. The reason for
+ * using a VBScript class stems from the fact that any object can be passed
+ * into the opener property.
+ * While this is a good thing, as it lets us pass functions and setup a true
+ * bidirectional channel via callbacks, it opens a potential security hole
+ * by which the other page can get ahold of the "window" or "document"
+ * objects in the parent page and in turn wreak havok. This is due to the
+ * fact that any JS object useful for establishing such a bidirectional
+ * channel (such as a function) can be used to access a function
+ * (eg. obj.toString, or a function itself) created in a specific context,
+ * in particular the global context of the sender. Suppose container
+ * domain C passes object obj to gadget on domain G. Then the gadget can
+ * access C's global context using:
+ * var parentWindow = (new obj.toString.constructor("return window;"))();
+ * Nulling out all of obj's properties doesn't fix this, since IE helpfully
+ * restores them to their original values if you do something like:
+ * delete obj.toString; delete obj.toString;
+ * Thus, we wrap the necessary functions and information inside a VBScript
+ * object. VBScript objects in IE, like DOM objects, are in fact COM
+ * wrappers when used in JavaScript, so we can safely pass them around
+ * without worrying about a breach of context while at the same time
+ * allowing them to act as a pass-through mechanism for information
+ * and function calls. The implementation details of this VBScript wrapper
+ * can be found in the setupChannel() method below.
+ *
+ *   nix: Internet Explorer-specific window.opener trick.
+ *     - Internet Explorer 6
+ *     - Internet Explorer 7
+ */
+gadgets.rpctx.Nix = function() {
+  // Consts for NIX. VBScript doesn't
+  // allow items to start with _ for some reason,
+  // so we need to make these names quite unique, as
+  // they will go into the global namespace.
+  var NIX_WRAPPER = 'GRPC____NIXVBS_wrapper';
+  var NIX_GET_WRAPPER = 'GRPC____NIXVBS_get_wrapper';
+  var NIX_HANDLE_MESSAGE = 'GRPC____NIXVBS_handle_message';
+  var NIX_CREATE_CHANNEL = 'GRPC____NIXVBS_create_channel';
+  var MAX_NIX_SEARCHES = 10;
+  var NIX_SEARCH_PERIOD = 500;
+
+  // JavaScript reference to the NIX VBScript wrappers.
+  // Gadgets will have but a single channel under
+  // nix_channels['..'] while containers will have a channel
+  // per gadget stored under the gadget's ID.
+  var nix_channels = {};
+
+  // Store the ready signal method for use on handshake complete.
+  var ready;
+  var numHandlerSearches = 0;
+
+  // Search for NIX handler to parent. Tries MAX_NIX_SEARCHES times every
+  // NIX_SEARCH_PERIOD milliseconds.
+  function conductHandlerSearch() {
+    // Call from gadget to the container.
+    var handler = nix_channels['..'];
+    if (handler) {
+      return;
+    }
+
+    if (++numHandlerSearches > MAX_NIX_SEARCHES) {
+      // Handshake failed. Will fall back.
+      gadgets.warn('Nix transport setup failed, falling back...');
+      ready('..', false);
+      return;
+    }
+
+    // If the gadget has yet to retrieve a reference to
+    // the NIX handler, try to do so now. We don't do a
+    // typeof(window.opener.GetAuthToken) check here
+    // because it means accessing that field on the COM object, which,
+    // being an internal function reference, is not allowed.
+    // "in" works because it merely checks for the prescence of
+    // the key, rather than actually accessing the object's property.
+    // This is just a sanity check, not a validity check.
+    if (!handler && window.opener && "GetAuthToken" in window.opener) {
+      handler = window.opener;
+
+      // Create the channel to the parent/container.
+      // First verify that it knows our auth token to ensure it's not
+      // an impostor.
+      if (handler.GetAuthToken() == gadgets.rpc.getAuthToken('..')) {
+        // Auth match - pass it back along with our wrapper to finish.
+        // own wrapper and our authentication token for co-verification.
+        var token = gadgets.rpc.getAuthToken('..');
+        handler.CreateChannel(window[NIX_GET_WRAPPER]('..', token),
+                              token);
+        // Set channel handler
+        nix_channels['..'] = handler;
+        window.opener = null;
+
+        // Signal success and readiness to send to parent.
+        // Container-to-gadget bit flipped in CreateChannel.
+        ready('..', true);
+        return;
+      }
+    }
+
+    // Try again.
+    window.setTimeout(function() { conductHandlerSearch(); },
+                      NIX_SEARCH_PERIOD);
+  }
+
+  return {
+    getCode: function() {
+      return 'nix';
+    },
+
+    isParentVerifiable: function() {
+      return false;
+    },
+
+    init: function(processFn, readyFn) {
+      ready = readyFn;
+
+      // Ensure VBScript wrapper code is in the page and that the
+      // global Javascript handlers have been set.
+      // VBScript methods return a type of 'unknown' when
+      // checked via the typeof operator in IE. Fortunately
+      // for us, this only applies to COM objects, so we
+      // won't see this for a real Javascript object.
+      if (typeof window[NIX_GET_WRAPPER] !== 'unknown') {
+        window[NIX_HANDLE_MESSAGE] = function(data) {
+          window.setTimeout(
+              function() { processFn(gadgets.json.parse(data)) }, 0);
+        };
+
+        window[NIX_CREATE_CHANNEL] = function(name, channel, token) {
+          // Verify the authentication token of the gadget trying
+          // to create a channel for us.
+          if (gadgets.rpc.getAuthToken(name) === token) {
+            nix_channels[name] = channel;
+            ready(name, true);
+          }
+        };
+
+        // Inject the VBScript code needed.
+        var vbscript =
+          // We create a class to act as a wrapper for
+          // a Javascript call, to prevent a break in of
+          // the context.
+          'Class ' + NIX_WRAPPER + '\n '
+
+          // An internal member for keeping track of the
+          // name of the document (container or gadget)
+          // for which this wrapper is intended. For
+          // those wrappers created by gadgets, this is not
+          // used (although it is set to "..")
+          + 'Private m_Intended\n'
+
+          // Stores the auth token used to communicate with
+          // the gadget. The GetChannelCreator method returns
+          // an object that returns this auth token. Upon matching
+          // that with its own, the gadget uses the object
+          // to actually establish the communication channel.
+          + 'Private m_Auth\n'
+
+          // Method for internally setting the value
+          // of the m_Intended property.
+          + 'Public Sub SetIntendedName(name)\n '
+          + 'If isEmpty(m_Intended) Then\n'
+          + 'm_Intended = name\n'
+          + 'End If\n'
+          + 'End Sub\n'
+
+          // Method for internally setting the value of the m_Auth property.
+          + 'Public Sub SetAuth(auth)\n '
+          + 'If isEmpty(m_Auth) Then\n'
+          + 'm_Auth = auth\n'
+          + 'End If\n'
+          + 'End Sub\n'
+
+          // A wrapper method which actually causes a
+          // message to be sent to the other context.
+          + 'Public Sub SendMessage(data)\n '
+          + NIX_HANDLE_MESSAGE + '(data)\n'
+          + 'End Sub\n'
+
+          // Returns the auth token to the gadget, so it can
+          // confirm a match before initiating the connection
+          + 'Public Function GetAuthToken()\n '
+          + 'GetAuthToken = m_Auth\n'
+          + 'End Function\n'
+
+          // Method for setting up the container->gadget
+          // channel. Not strictly needed in the gadget's
+          // wrapper, but no reason to get rid of it. Note here
+          // that we pass the intended name to the NIX_CREATE_CHANNEL
+          // method so that it can save the channel in the proper place
+          // *and* verify the channel via the authentication token passed
+          // here.
+          + 'Public Sub CreateChannel(channel, auth)\n '
+          + 'Call ' + NIX_CREATE_CHANNEL + '(m_Intended, channel, auth)\n'
+          + 'End Sub\n'
+          + 'End Class\n'
+
+          // Function to get a reference to the wrapper.
+          + 'Function ' + NIX_GET_WRAPPER + '(name, auth)\n'
+          + 'Dim wrap\n'
+          + 'Set wrap = New ' + NIX_WRAPPER + '\n'
+          + 'wrap.SetIntendedName name\n'
+          + 'wrap.SetAuth auth\n'
+          + 'Set ' + NIX_GET_WRAPPER + ' = wrap\n'
+          + 'End Function';
+
+        try {
+          window.execScript(vbscript, 'vbscript');
+        } catch (e) {
+          return false;
+        }
+      }
+      return true;
+    },
+
+    setup: function(receiverId, token) {
+      if (receiverId === '..') {
+        conductHandlerSearch();
+        return true;
+      }
+      try {
+        var frame = document.getElementById(receiverId);
+        var wrapper = window[NIX_GET_WRAPPER](receiverId, token);
+        frame.contentWindow.opener = wrapper;
+      } catch (e) {
+        return false;
+      }
+      return true;
+    },
+
+    call: function(targetId, from, rpc) {
+      try {
+        // If we have a handler, call it.
+        if (nix_channels[targetId]) {
+          nix_channels[targetId].SendMessage(gadgets.json.stringify(rpc));
+        }
+      } catch (e) {
+        return false;
+      }
+      return true;
+    }
+  };
+}();
+;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+var gadgets = gadgets || {};
+gadgets.rpctx = gadgets.rpctx || {};
+
+/*
+ * For older WebKit-based browsers, the security model does not allow for any
+ * known "native" hacks for conducting cross browser communication. However,
+ * a variation of the IFPC (see below) can be used, entitled "RMR". RMR is
+ * a technique that uses the resize event of the iframe to indicate that a
+ * message was sent (instead of the much slower/performance heavy polling
+ * technique used when a defined relay page is not avaliable). Simply put,
+ * RMR uses the same "pass the message by the URL hash" trick that IFPC
+ * uses to send a message, but instead of having an active relay page that
+ * runs a piece of code when it is loaded, RMR merely changes the URL
+ * of the relay page (which does not even have to exist on the domain)
+ * and then notifies the other party by resizing the relay iframe. RMR
+ * exploits the fact that iframes in the dom of page A can be resized
+ * by page A while the onresize event will be fired in the DOM of page B,
+ * thus providing a single bit channel indicating "message sent to you".
+ * This method has the added benefit that the relay need not be active,
+ * nor even exist: a 404 suffices just as well.
+ *
+ *   rmr: WebKit-specific resizing trick.
+ *      - Safari 2+
+ *      - Chrome 1
+ */
+gadgets.rpctx.Rmr = function() {
+  // Consts for RMR, including time in ms RMR uses to poll for
+  // its relay frame to be created, and the max # of polls it does.
+  var RMR_SEARCH_TIMEOUT = 500;
+  var RMR_MAX_POLLS = 10;
+
+  // JavaScript references to the channel objects used by RMR.
+  // Gadgets will have but a single channel under
+  // rmr_channels['..'] while containers will have a channel
+  // per gadget stored under the gadget's ID.
+  var rmr_channels = {};
+  
+  var process;
+  var ready;
+
+  /**
+   * Append an RMR relay frame to the document. This allows the receiver
+   * to start receiving messages.
+   *
+   * @param {object} channelFrame Relay frame to add to the DOM body.
+   * @param {string} relayUri Base URI for the frame.
+   * @param {string} Data to pass along to the frame.
+   */
+  function appendRmrFrame(channelFrame, relayUri, data) {
+    var appendFn = function() {
+      // Append the iframe.
+      document.body.appendChild(channelFrame);
+
+      // Set the src of the iframe to 'about:blank' first and then set it
+      // to the relay URI. This prevents the iframe from maintaining a src
+      // to the 'old' relay URI if the page is returned to from another.
+      // In other words, this fixes the bfcache issue that causes the iframe's
+      // src property to not be updated despite us assigning it a new value here.
+      channelFrame.src = 'about:blank';
+      channelFrame.src = relayUri + '#' + data;
+    }
+
+    if (document.body) {
+      appendFn();
+    } else {
+      // Common gadget case: attaching header during in-gadget handshake,
+      // when we may still be in script in head. Attach onload.
+      gadgets.util.registerOnLoadHandler(function() { appendFn(); });
+    }
+  }
+
+  /**
+   * Sets up the RMR transport frame for the given frameId. For gadgets
+   * calling containers, the frameId should be '..'.
+   *
+   * @param {string} frameId The ID of the frame.
+   */
+  function setupRmr(frameId) {
+    if (typeof rmr_channels[frameId] === "object") {
+      // Sanity check. Already done.
+      return;
+    }
+
+    var channelFrame = document.createElement('iframe');
+    var frameStyle = channelFrame.style;
+    frameStyle.position = 'absolute';
+    frameStyle.top = '0px';
+    frameStyle.border = '0';
+    frameStyle.opacity = '0';
+
+    // The width here is important as RMR
+    // makes use of the resize handler for the frame.
+    // Do not modify unless you test thoroughly!
+    frameStyle.width = '10px'
+    frameStyle.height = '1px';
+    channelFrame.id = 'rmrtransport-' + frameId;
+    channelFrame.name = channelFrame.id;
+
+    // Determine the relay uri by taking the existing one,
+    // removing the path and appending robots.txt. It is
+    // not important if robots.txt actually exists, since RMR
+    // browsers treat 404s as legitimate for the purposes of
+    // this communication.
+    var relayUri =
+        gadgets.rpc.getDomainRoot(gadgets.rpc.getRelayUrl(frameId)) + '/robots.txt';
+
+    rmr_channels[frameId] = {
+      frame: channelFrame,
+      receiveWindow: null,
+      relayUri: relayUri,
+      searchCounter : 0,
+      width: 10,
+
+      // Waiting means "waiting for acknowledgement to be received."
+      // Acknowledgement always comes as a special ACK
+      // message having been received. This message is received
+      // during handshake in different ways by the container and
+      // gadget, and by normal RMR message passing once the handshake
+      // is complete.
+      waiting: true,
+      queue: [],
+
+      // Number of non-ACK messages that have been sent to the recipient
+      // and have been acknowledged.
+      sendId: 0,
+
+      // Number of messages received and processed from the sender.
+      // This is the number that accompanies every ACK to tell the
+      // sender to clear its queue.
+      recvId: 0
+    };
+
+    if (frameId !== '..') {
+      // Container always appends a relay to the gadget, before
+      // the gadget appends its own relay back to container. The
+      // gadget, in the meantime, refuses to attach the container
+      // relay until it finds this one. Thus, the container knows
+      // for certain that gadget to container communication is set
+      // up by the time it finds its own relay. In addition to
+      // establishing a reliable handshake protocol, this also
+      // makes it possible for the gadget to send an initial batch
+      // of messages to the container ASAP.
+      appendRmrFrame(channelFrame, relayUri, getRmrData(frameId));
+    }
+     
+    // Start searching for our own frame on the other page.
+    conductRmrSearch(frameId);
+  }
+
+  /**
+   * Searches for a relay frame, created by the sender referenced by
+   * frameId, with which this context receives messages. Once
+   * found with proper permissions, attaches a resize handler which
+   * signals messages to be sent.
+   *
+   * @param {string} frameId Frame ID of the prospective sender.
+   */
+  function conductRmrSearch(frameId) {
+    var channelWindow = null;
+
+    // Increment the search counter.
+    rmr_channels[frameId].searchCounter++;
+
+    if (frameId === '..') {
+      // We are a gadget.
+      channelWindow = window.parent.frames['rmrtransport-' + window.name];
+    } else {
+      // We are a container.
+      channelWindow = window.frames[frameId].frames['rmrtransport-..'];
+    }
+
+    var status = false;
+
+    if (channelWindow) {
+      // We have a valid reference to "our" RMR transport frame.
+      // Register the proper event handlers.
+      status = registerRmrChannel(frameId, channelWindow);
+    }
+
+    if (!status) {
+      // Not found yet. Continue searching, but only if the counter
+      // has not reached the threshold.
+      if (rmr_channels[frameId].searchCounter > RMR_MAX_POLLS) {
+        // If we reach this point, then RMR has failed and we
+        // fall back to IFPC.
+        return;
+      }
+
+      setTimeout(function() {
+        conductRmrSearch(frameId);
+      }, RMR_SEARCH_TIMEOUT);
+    }
+  }
+
+  /**
+   * Attempts to conduct an RPC call to the specified
+   * target with the specified data via the RMR
+   * method. If this method fails, the system attempts again
+   * using the known default of IFPC.
+   *
+   * @param {String} targetId Module Id of the RPC service provider.
+   * @param {String} serviceName Name of the service to call.
+   * @param {String} from Module Id of the calling provider.
+   * @param {Object} rpc The RPC data for this call.
+   */
+  function callRmr(targetId, serviceName, from, rpc) {
+    var handler = null;
+
+    if (from !== '..') {
+      // Call from gadget to the container.
+      handler = rmr_channels['..'];
+    } else {
+      // Call from container to the gadget.
+      handler = rmr_channels[targetId];
+    }
+
+    if (handler) {
+      // Queue the current message if not ACK.
+      // ACK is always sent through getRmrData(...).
+      if (serviceName !== gadgets.rpc.ACK) {
+        handler.queue.push(rpc);
+      }
+
+      if (handler.waiting ||
+          (handler.queue.length === 0 &&
+           !(serviceName === gadgets.rpc.ACK && rpc && rpc.ackAlone === true))) {
+        // If we are awaiting a response from any previously-sent messages,
+        // or if we don't have anything new to send, just return.
+        // Note that we don't short-return if we're ACKing just-received
+        // messages.
+        return true;
+      }
+
+      if (handler.queue.length > 0) {
+        handler.waiting = true;
+      }
+
+      var url = handler.relayUri + "#" + getRmrData(targetId);
+
+      try {
+        // Update the URL with the message.
+        handler.frame.contentWindow.location = url;
+
+        // Resize the frame.
+        var newWidth = handler.width == 10 ? 20 : 10;
+        handler.frame.style.width = newWidth + 'px';
+        handler.width = newWidth;
+
+        // Done!
+      } catch (e) {
+        // Something about location-setting or resizing failed.
+        // This should never happen, but if it does, fall back to
+        // the default transport.
+        return false;
+      }
+    }
+
+    return true;
+  }
+
+  /**
+   * Returns as a string the data to be appended to an RMR relay frame,
+   * constructed from the current request queue plus an ACK message indicating
+   * the currently latest-processed message ID.
+   *
+   * @param {string} toFrameId Frame whose sendable queued data to retrieve.
+   */
+  function getRmrData(toFrameId) {
+    var channel = rmr_channels[toFrameId];
+    var rmrData = {id: channel.sendId};
+    if (channel) {
+      rmrData.d = Array.prototype.slice.call(channel.queue, 0);
+      rmrData.d.push({s:gadgets.rpc.ACK, id:channel.recvId});
+    }
+    return gadgets.json.stringify(rmrData);
+  }
+
+  /**
+   * Retrieve data from the channel keyed by the given frameId,
+   * processing it as a batch. All processed data is assumed to have been
+   * generated by getRmrData(...), pairing that method with this.
+   *
+   * @param {string} fromFrameId Frame from which data is being retrieved.
+   */
+  function processRmrData(fromFrameId) {
+    var channel = rmr_channels[fromFrameId];
+    var data = channel.receiveWindow.location.hash.substring(1);
+
+    // Decode the RPC object array.
+    var rpcObj = gadgets.json.parse(decodeURIComponent(data)) || {};
+    var rpcArray = rpcObj.d || [];
+
+    var nonAckReceived = false;
+    var noLongerWaiting = false;
+
+    var numBypassed = 0;
+    var numToBypass = (channel.recvId - rpcObj.id);
+    for (var i = 0; i < rpcArray.length; ++i) {
+      var rpc = rpcArray[i];
+
+      // If we receive an ACK message, then mark the current
+      // handler as no longer waiting and send out the next
+      // queued message.
+      if (rpc.s === gadgets.rpc.ACK) {
+        // ACK received - whether this came from a handshake or
+        // an active call, in either case it indicates readiness to
+        // send messages to the from frame.
+        ready(fromFrameId, true);
+
+        if (channel.waiting) {
+          noLongerWaiting = true;
+        }
+
+        channel.waiting = false;
+        var newlyAcked = Math.max(0, rpc.id - channel.sendId);
+        channel.queue.splice(0, newlyAcked);
+        channel.sendId = Math.max(channel.sendId, rpc.id || 0);
+        continue;
+      }
+
+      // If we get here, we've received > 0 non-ACK messages to
+      // process. Indicate this bit for later.
+      nonAckReceived = true;
+
+      // Bypass any messages already received.
+      if (++numBypassed <= numToBypass) {
+        continue;
+      }
+
+      ++channel.recvId;
+      process(rpc);  // actually dispatch the message
+    }
+
+    // Send an ACK indicating that we got/processed the message(s).
+    // Do so if we've received a message to process or if we were waiting
+    // before but a received ACK has cleared our waiting bit, and we have
+    // more messages to send. Performing this operation causes additional
+    // messages to be sent.
+    if (nonAckReceived ||
+        (noLongerWaiting && channel.queue.length > 0)) {
+      var from = (fromFrameId === '..') ? window.name : '..';
+      callRmr(fromFrameId, gadgets.rpc.ACK, from, {ackAlone: nonAckReceived});
+    }
+  }
+
+  /**
+   * Registers the RMR channel handler for the given frameId and associated
+   * channel window.
+   *
+   * @param {string} frameId The ID of the frame for which this channel is being
+   *   registered.
+   * @param {Object} channelWindow The window of the receive frame for this
+   *   channel, if any.
+   *
+   * @return {boolean} True if the frame was setup successfully, false
+   *   otherwise.
+   */
+  function registerRmrChannel(frameId, channelWindow) {
+    var channel = rmr_channels[frameId];
+
+    // Verify that the channel is ready for receiving.
+    try {
+      var canAccess = false;
+
+      // Check to see if the document is in the window. For Chrome, this
+      // will return 'false' if the channelWindow is inaccessible by this
+      // piece of JavaScript code, meaning that the URL of the channelWindow's
+      // parent iframe has not yet changed from 'about:blank'. We do this
+      // check this way because any true *access* on the channelWindow object
+      // will raise a security exception, which, despite the try-catch, still
+      // gets reported to the debugger (it does not break execution, the try
+      // handles that problem, but it is still reported, which is bad form).
+      // This check always succeeds in Safari 3.1 regardless of the state of
+      // the window.
+      canAccess = 'document' in channelWindow;
+
+      if (!canAccess) {
+        return false;
+      }
+
+      // Check to see if the document is an object. For Safari 3.1, this will
+      // return undefined if the page is still inaccessible. Unfortunately, this
+      // *will* raise a security issue in the debugger.
+      // TODO Find a way around this problem.
+      canAccess = typeof channelWindow['document'] == 'object';
+
+      if (!canAccess) {
+        return false;
+      }
+
+      // Once we get here, we know we can access the document (and anything else)
+      // on the window object. Therefore, we check to see if the location is
+      // still about:blank (this takes care of the Safari 3.2 case).
+      var loc = channelWindow.location.href;
+
+      // Check if this is about:blank for Safari.
+      if (loc === 'about:blank') {
+        return false;
+      }
+    } catch (ex) {
+      // For some reason, the iframe still points to about:blank. We try
+      // again in a bit.
+      return false;
+    }
+
+    // Save a reference to the receive window.
+    channel.receiveWindow = channelWindow;
+
+    // Register the onresize handler.
+    channelWindow.onresize = function() {
+      processRmrData(frameId);
+    };
+
+    if (frameId === '..') {
+      // Gadget to container. Signal to the container that the gadget
+      // is ready to receive messages by attaching the g -> c relay.
+      // As a nice optimization, pass along any gadget to container
+      // queued messages that have backed up since then. ACK is enqueued in
+      // getRmrData to ensure that the container's waiting flag is set to false
+      // (this happens in the below code run on the container side).
+      appendRmrFrame(channel.frame, channel.relayUri, getRmrData(frameId));
+    }
+
+    // Attempt to process the messages that the other party may have set in
+    // the resize frame's hash. For gadget to container, this is the gadget
+    // finding the container-set IFRAME, which has an ACK attached to it.
+    // For gadget to container, the gadget may have enqueued messages already,
+    // and sent them in the above code. This too will have an ACK message.
+    // The net effect is that both sides of the connection will have their
+    // "waiting" bit set to false, so they're ready to send messages.
+    processRmrData(frameId);
+
+    return true;
+  }
+
+  return {
+    getCode: function() {
+      return 'rmr';
+    },
+
+    isParentVerifiable: function() {
+      return true;
+    },
+
+    init: function(processFn, readyFn) {
+      // No global setup.
+      process = processFn;
+      ready = readyFn;
+      return true;
+    },
+
+    setup: function(receiverId, token) {
+      try {
+        setupRmr(receiverId);
+      } catch (e) {
+        gadgets.warn('Caught exception setting up RMR: ' + e);
+        return false;
+      }
+      return true;
+    },
+
+    call: function(targetId, from, rpc) {
+      return callRmr(targetId, rpc.s, from, rpc);
+    }
+  };
+}();
+;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+var gadgets = gadgets || {};
+gadgets.rpctx = gadgets.rpctx || {};
+
+/*
+ * For all others, we have a fallback mechanism known as "ifpc". IFPC
+ * exploits the fact that while same-origin policy prohibits a frame from
+ * accessing members on a window not in the same domain, that frame can,
+ * however, navigate the window heirarchy (via parent). This is exploited by
+ * having a page on domain A that wants to talk to domain B create an iframe
+ * on domain B pointing to a special relay file and with a message encoded
+ * after the hash (#). This relay, in turn, finds the page on domain B, and
+ * can call a receipt function with the message given to it. The relay URL
+ * used by each caller is set via the gadgets.rpc.setRelayUrl(..) and
+ * *must* be called before the call method is used.
+ *
+ *   ifpc: Iframe-based method, utilizing a relay page, to send a message.
+ *      - No known major browsers still use this method, but it remains
+ *        useful as a catch-all fallback for the time being.
+ */
+gadgets.rpctx.Ifpc = function() {
+  var iframePool = [];
+  var callId = 0;
+  var ready;
+
+  /**
+   * Encodes arguments for the legacy IFPC wire format.
+   *
+   * @param {Object} args
+   * @return {String} the encoded args
+   */
+  function encodeLegacyData(args) {
+    var argsEscaped = [];
+    for(var i = 0, j = args.length; i < j; ++i) {
+      argsEscaped.push(encodeURIComponent(gadgets.json.stringify(args[i])));
+    }
+    return argsEscaped.join('&');
+  }
+
+  /**
+   * Helper function to emit an invisible IFrame.
+   * @param {String} src SRC attribute of the IFrame to emit.
+   * @private
+   */
+  function emitInvisibleIframe(src) {
+    var iframe;
+    // Recycle IFrames
+    for (var i = iframePool.length - 1; i >=0; --i) {
+      var ifr = iframePool[i];
+      try {
+        if (ifr && (ifr.recyclable || ifr.readyState === 'complete')) {
+          ifr.parentNode.removeChild(ifr);
+          if (window.ActiveXObject) {
+            // For MSIE, delete any iframes that are no longer being used. MSIE
+            // cannot reuse the IFRAME because a navigational click sound will
+            // be triggered when we set the SRC attribute.
+            // Other browsers scan the pool for a free iframe to reuse.
+            iframePool[i] = ifr = null;
+            iframePool.splice(i, 1);
+          } else {
+            ifr.recyclable = false;
+            iframe = ifr;
+            break;
+          }
+        }
+      } catch (e) {
+        // Ignore; IE7 throws an exception when trying to read readyState and
+        // readyState isn't set.
+      }
+    }
+    // Create IFrame if necessary
+    if (!iframe) {
+      iframe = document.createElement('iframe');
+      iframe.style.border = iframe.style.width = iframe.style.height = '0px';
+      iframe.style.visibility = 'hidden';
+      iframe.style.position = 'absolute';
+      iframe.onload = function() { this.recyclable = true; };
+      iframePool.push(iframe);
+    }
+    iframe.src = src;
+    setTimeout(function() { document.body.appendChild(iframe); }, 0);
+  }
+
+  return {
+    getCode: function() {
+      return 'ifpc';
+    },
+
+    isParentVerifiable: function() {
+      return true;
+    },
+
+    init: function(processFn, readyFn) {
+      // No global setup.
+      ready = readyFn;
+      ready('..', true);  // Ready immediately.
+      return true;
+    },
+
+    setup: function(receiverId, token) {
+      // Indicate readiness to send to receiver.
+      ready(receiverId, true);
+      return true;
+    },
+
+    call: function(targetId, from, rpc) {
+      // Retrieve the relay file used by IFPC. Note that
+      // this must be set before the call, and so we conduct
+      // an extra check to ensure it is not blank.
+      var relay = gadgets.rpc.getRelayUrl(targetId);
+      ++callId;
+
+      if (!relay) {
+        gadgets.warn('No relay file assigned for IFPC');
+        return;
+      }
+
+      // The RPC mechanism supports two formats for IFPC (legacy and current).
+      var src = null;
+      if (rpc.l) {
+        // Use legacy protocol.
+        // Format: #iframe_id&callId&num_packets&packet_num&block_of_data
+        var callArgs = rpc.a;
+        src = [relay, '#', encodeLegacyData([from, callId, 1, 0,
+               encodeLegacyData([from, rpc.s, '', '', from].concat(
+                 callArgs))])].join('');
+      } else {
+        // Format: #targetId & sourceId@callId & packetNum & packetId & packetData
+        src = [relay, '#', targetId, '&', from, '@', callId,
+               '&1&0&', encodeURIComponent(gadgets.json.stringify(rpc))].join('');
+      }
+
+      // Conduct the IFPC call by creating the Iframe with
+      // the relay URL and appended message.
+      emitInvisibleIframe(src);
+      return true;
+    }
+  };
+}();
+;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+/**
+ * @fileoverview Remote procedure call library for gadget-to-container,
+ * container-to-gadget, and gadget-to-gadget (thru container) communication.
+ */
+var gadgets = gadgets || {};
+
+/**
+ * gadgets.rpc Transports
+ *
+ * All transports are stored in object gadgets.rpctx, and are provided
+ * to the core gadgets.rpc library by various build rules.
+ * 
+ * Transports used by core gadgets.rpc code to actually pass messages.
+ * each transport implements the same "interface" exposing hooks that
+ * the core library calls at strategic points to set up and use
+ * the transport. This isn't really an interface, of course, since
+ * the code is JS and each transport is a singleton, but it's treated
+ * as such by core code.
+ *
+ * The methods each transport must implement are:
+ * + getCode(): returns a string identifying the transport. For debugging.
+ * + isParentVerifiable(): indicates (via boolean) whether the method
+ *     has the property that its relay URL verifies for certain the
+ *     receiver's protocol://host:port.
+ * + init(processFn, readyFn): Performs any global initialization needed. Called
+ *     before any other gadgets.rpc methods are invoked. processFn is
+ *     the function in gadgets.rpc used to process an rpc packet. readyFn is
+ *     a function that must be called when the transport is ready to send
+ *     and receive messages bidirectionally. Returns
+ *     true if successful, false otherwise.
+ * + setup(receiverId, token): Performs per-receiver initialization, if any.
+ *     receiverId will be '..' for gadget-to-container. Returns true if
+ *     successful, false otherwise.
+ * + call(targetId, from, rpc): Invoked to send an actual
+ *     message to the given targetId, with the given serviceName, from
+ *     the sender identified by 'from'. Payload is an rpc packet. Returns
+ *     true if successful, false otherwise.
+ */
+
+/**
+ * @static
+ * @class Provides operations for making rpc calls.
+ * @name gadgets.rpc
+ */
+gadgets.rpc = function() {
+  // General constants.
+  var CALLBACK_NAME = '__cb';
+  var DEFAULT_NAME = '';
+
+  // Special service name for acknowledgements.
+  var ACK = '__ack';
+
+  // Timeout and number of setup attempts between each
+  // for when setAuthToken is called before the target it specifies exists.
+  var SETUP_FRAME_TIMEOUT = 500;
+  var SETUP_FRAME_MAX_TRIES = 10;
+
+  var services = {};
+  var relayUrl = {};
+  var useLegacyProtocol = {};
+  var authToken = {};
+  var callId = 0;
+  var callbacks = {};
+  var setup = {};
+  var sameDomain = {};
+  var params = {};
+  var receiverTx = {};
+  var earlyRpcQueue = {};
+  var isGadget = false;
+  var fallbackTransport = gadgets.rpctx.Ifpc;
+
+  // Load the authentication token for speaking to the container
+  // from the gadget's parameters, or default to '0' if not found.
+  if (gadgets.util) {
+    params = gadgets.util.getUrlParameters();
+  }
+
+  authToken['..'] = params.rpctoken || params.ifpctok || 0;
+
+  /*
+   * Return a transport representing the best available cross-domain
+   * message-passing mechanism available to the browser.
+   *
+   * Transports are selected on a cascading basis determined by browser
+   * capability and other checks. The order of preference is:
+   * 1. wpm: Uses window.postMessage standard.
+   * 2. dpm: Uses document.postMessage, similar to wpm but pre-standard.
+   * 3. nix: Uses IE-specific browser hacks.
+   * 4. rmr: Signals message passing using relay file's onresize handler.
+   * 5. fe: Uses FF2-specific window.frameElement hack.
+   * 6. ifpc: Sends messages via active load of a relay file.
+   *
+   * See each transport's commentary/documentation for details.
+   */
+  function getTransport() {
+    return typeof window.postMessage === 'function' ? gadgets.rpctx.Wpm :
+           typeof document.postMessage === 'function' ? gadgets.rpctx.Dpm :
+           window.ActiveXObject ? gadgets.rpctx.Nix :
+           navigator.userAgent.indexOf('WebKit') > 0 ? gadgets.rpctx.Rmr :
+           navigator.product === 'Gecko' ? gadgets.rpctx.FrameElement :
+           gadgets.rpctx.Ifpc;
+  }
+
+  /**
+   * Function passed to, and called by, a transport indicating it's ready to
+   * send and receive messages.
+   */
+  function transportReady(receiverId, readySuccess) {
+    var tx = transport;
+    if (!readySuccess) {
+      tx = fallbackTransport;
+    }
+    receiverTx[receiverId] = tx;
+
+    // If there are any early-queued messages, send them now directly through
+    // the needed transport.
+    var earlyQueue = earlyRpcQueue[receiverId] || [];
+    for (var i = 0; i < earlyQueue.length; ++i) {
+      var rpc = earlyQueue[i];
+      // There was no auth/rpc token set before, so set it now.
+      rpc.t = gadgets.rpc.getAuthToken(receiverId);
+      tx.call(receiverId, rpc.f, rpc);
+    }
+
+    // Clear the queue so it won't be sent again.
+    earlyRpcQueue[receiverId] = [];
+  }
+
+  /**
+   * Helper function to process an RPC request
+   * @param {Object} rpc RPC request object
+   * @private
+   */
+  function process(rpc) {
+    //
+    // RPC object contents:
+    //   s: Service Name
+    //   f: From
+    //   c: The callback ID or 0 if none.
+    //   a: The arguments for this RPC call.
+    //   t: The authentication token.
+    //
+    if (rpc && typeof rpc.s === 'string' && typeof rpc.f === 'string' &&
+        rpc.a instanceof Array) {
+
+      // Validate auth token.
+      if (authToken[rpc.f]) {
+        // We don't do type coercion here because all entries in the authToken
+        // object are strings, as are all url params. See setAuthToken(...).
+        if (authToken[rpc.f] !== rpc.t) {
+          throw new Error("Invalid auth token. " +
+              authToken[rpc.f] + " vs " + rpc.t);
+        }
+      }
+
+      if (rpc.s === ACK) {
+        // Acknowledgement API, used to indicate a receiver is ready.
+        window.setTimeout(function() { transportReady(rpc.f, true); }, 0);
+        return;
+      }
+
+      // If there is a callback for this service, attach a callback function
+      // to the rpc context object for asynchronous rpc services.
+      //
+      // Synchronous rpc request handlers should simply ignore it and return a
+      // value as usual.
+      // Asynchronous rpc request handlers, on the other hand, should pass its
+      // result to this callback function and not return a value on exit.
+      //
+      // For example, the following rpc handler passes the first parameter back
+      // to its rpc client with a one-second delay.
+      //
+      // function asyncRpcHandler(param) {
+      //   var me = this;
+      //   setTimeout(function() {
+      //     me.callback(param);
+      //   }, 1000);
+      // }
+      if (rpc.c) {
+        rpc.callback = function(result) {
+          gadgets.rpc.call(rpc.f, CALLBACK_NAME, null, rpc.c, result);
+        };
+      }
+
+      // Call the requested RPC service.
+      var result = (services[rpc.s] ||
+                    services[DEFAULT_NAME]).apply(rpc, rpc.a);
+
+      // If the rpc request handler returns a value, immediately pass it back
+      // to the callback. Otherwise, do nothing, assuming that the rpc handler
+      // will make an asynchronous call later.
+      if (rpc.c && typeof result !== 'undefined') {
+        gadgets.rpc.call(rpc.f, CALLBACK_NAME, null, rpc.c, result);
+      }
+    }
+  }
+
+  /**
+   * Helper method returning a canonicalized schema://host[:port] for
+   * a given input URL, provided as a string. Used to compute convenient
+   * relay URLs and to determine whether a call is coming from the same
+   * domain as its receiver (bypassing the try/catch capability detection
+   * flow, thereby obviating Firebug and other tools reporting an exception).
+   *
+   * @param {string} url Base URL to canonicalize.
+   */
+  function getDomainRoot(url) {
+    if (!url) {
+      return "";
+    }
+    url = url.toLowerCase();
+    if (url.indexOf("//") == 0) {
+      url = window.location.protocol + ":" + url;
+    }
+    if (url.indexOf("http://") != 0 &&
+        url.indexOf("https://") != 0) {
+      // Assumed to be schemaless. Default to current protocol.
+      url = window.location.protocol + "://" + url;
+    }
+    // At this point we guarantee that "://" is in the URL and defines
+    // current protocol. Skip past this to search for host:port.
+    var host = url.substring(url.indexOf("://") + 3);
+
+    // Find the first slash char, delimiting the host:port.
+    var slashPos = host.indexOf("/");
+    if (slashPos != -1) {
+      host = host.substring(0, slashPos);
+    }
+
+    var protocol = url.substring(0, url.indexOf("://"));
+
+    // Use port only if it's not default for the protocol.
+    var portStr = "";
+    var portPos = host.indexOf(":");
+    if (portPos != -1) {
+      var port = host.substring(portPos + 1);
+      host = host.substring(0, portPos);
+      if ((protocol === "http" && port !== "80") ||
+          (protocol === "https" && port !== "443")) {
+        portStr = ":" + port;
+      }
+    }
+
+    // Return <protocol>://<host>[<port>]
+    return protocol + "://" + host + portStr;
+  }
+
+  // Pick the most efficient RPC relay mechanism.
+  var transport = getTransport();
+
+  // Create the Default RPC handler.
+  services[DEFAULT_NAME] = function() {
+    gadgets.warn('Unknown RPC service: ' + this.s);
+  };
+
+  // Create a Special RPC handler for callbacks.
+  services[CALLBACK_NAME] = function(callbackId, result) {
+    var callback = callbacks[callbackId];
+    if (callback) {
+      delete callbacks[callbackId];
+      callback(result);
+    }
+  };
+
+  /**
+   * Conducts any frame-specific work necessary to setup
+   * the channel type chosen. This method is called when
+   * the container page first registers the gadget in the
+   * RPC mechanism. Gadgets, in turn, will complete the setup
+   * of the channel once they send their first messages.
+   */
+  function setupFrame(frameId, token) {
+    if (setup[frameId] === true) {
+      return;
+    }
+
+    if (typeof setup[frameId] === 'undefined') {
+      setup[frameId] = 0;
+    }
+
+    var tgtFrame = document.getElementById(frameId);
+    if (frameId === '..' || tgtFrame != null) {
+      if (transport.setup(frameId, token) === true) {
+        setup[frameId] = true;
+        return;
+      }
+    }
+
+    if (setup[frameId] !== true && setup[frameId]++ < SETUP_FRAME_MAX_TRIES) {
+      // Try again in a bit, assuming that frame will soon exist.
+      window.setTimeout(function() { setupFrame(frameId, token) },
+                        SETUP_FRAME_TIMEOUT);
+    } else {
+      // Fail: fall back.
+      transport = fallbackTransport;
+      setup[frameId] = true;
+    }
+  }
+
+  /**
+   * Attempts to make an rpc by calling the target's receive method directly.
+   * This works when gadgets are rendered on the same domain as their container,
+   * a potentially useful optimization for trusted content which keeps
+   * RPC behind a consistent interface.
+   * @param {String} target Module id of the rpc service provider
+   * @param {String} from Module id of the caller (this)
+   * @param {String} callbackId Id of the call
+   * @param {String} rpcData JSON-encoded RPC payload
+   * @return
+   */
+  function callSameDomain(target, rpc) {
+    if (typeof sameDomain[target] === 'undefined') {
+      // Seed with a negative, typed value to avoid
+      // hitting this code path repeatedly.
+      sameDomain[target] = false;
+      var targetRelay = gadgets.rpc.getRelayUrl(target);
+      if (getDomainRoot(targetRelay) !== getDomainRoot(window.location.href)) {
+        // Not worth trying -- avoid the error and just return.
+        return false;
+      }
+
+      var targetEl = null;
+      if (target === '..') {
+        targetEl = parent;
+      } else {
+        targetEl = frames[target];
+      }
+      try {
+        // If this succeeds, then same-domain policy applied
+        sameDomain[target] = targetEl.gadgets.rpc.receiveSameDomain;
+      } catch (e) {
+        // Shouldn't happen due to domain root check. Caught just in case.
+        gadgets.warn("Unexpected: same domain call failed.");
+      }
+    }
+
+    if (typeof sameDomain[target] === 'function') {
+      // Call target's receive method
+      sameDomain[target](rpc);
+      return true;
+    }
+
+    return false;
+  }
+
+  // gadgets.config might not be available, such as when serving container js.
+  if (gadgets.config) {
+    /**
+     * Initializes RPC from the provided configuration.
+     */
+    function init(config) {
+      // Allow for wild card parent relay files as long as it's from a
+      // white listed domain. This is enforced by the rendering servlet.
+      if (config.rpc.parentRelayUrl.substring(0, 7) === 'http://' ||
+          config.rpc.parentRelayUrl.substring(0, 8) === 'https://' ||
+          config.rpc.parentRelayUrl.substring(0, 2) === '//') {
+        relayUrl['..'] = config.rpc.parentRelayUrl;
+      } else {
+        // It's a relative path, and we must append to the parent.
+        // We're relying on the server validating the parent parameter in this
+        // case. Because of this, parent may only be passed in the query, not
+        // the fragment.
+        var params = document.location.search.substring(1).split("&");
+        var parentParam = "";
+        for (var i = 0, param; (param = params[i]); ++i) {
+          // Only the first parent can be validated.
+          if (param.indexOf("parent=") === 0) {
+            parentParam = decodeURIComponent(param.substring(7));
+            break;
+          }
+        }
+        if (parentParam !== "") {
+          // Otherwise, relayUrl['..'] will be null, signaling transport
+          // code to ignore rpc calls since they cannot work without a
+          // relay URL with host qualification.
+          relayUrl['..'] = parentParam + config.rpc.parentRelayUrl;
+
+          // We assume that any rendering context where gadgets.config
+          // is defined and a parent param is provided (gets here) is a gadget.
+          isGadget = true;
+        }
+      }
+      var useLegacy = !!config.rpc.useLegacyProtocol;
+      useLegacyProtocol['..'] = useLegacy;
+      if (useLegacy) {
+        transport = gadgets.rpctx.Ifpc;
+      }
+    }
+
+    var requiredConfig = {
+      parentRelayUrl : gadgets.config.NonEmptyStringValidator
+    };
+    gadgets.config.register("rpc", requiredConfig, init);
+  }
+
+  return /** @scope gadgets.rpc */ {
+    /**
+     * Registers an RPC service.
+     * @param {String} serviceName Service name to register.
+     * @param {Function} handler Service handler.
+     *
+     * @member gadgets.rpc
+     */
+    register: function(serviceName, handler) {
+      if (serviceName === CALLBACK_NAME || serviceName === ACK) {
+        throw new Error("Cannot overwrite callback/ack service");
+      }
+
+      if (serviceName === DEFAULT_NAME) {
+        throw new Error("Cannot overwrite default service:"
+                        + " use registerDefault");
+      }
+
+      services[serviceName] = handler;
+    },
+
+    /**
+     * Unregisters an RPC service.
+     * @param {String} serviceName Service name to unregister.
+     *
+     * @member gadgets.rpc
+     */
+    unregister: function(serviceName) {
+      if (serviceName === CALLBACK_NAME || serviceName === ACK) {
+        throw new Error("Cannot delete callback/ack service");
+      }
+
+      if (serviceName === DEFAULT_NAME) {
+        throw new Error("Cannot delete default service:"
+                        + " use unregisterDefault");
+      }
+
+      delete services[serviceName];
+    },
+
+    /**
+     * Registers a default service handler to processes all unknown
+     * RPC calls which raise an exception by default.
+     * @param {Function} handler Service handler.
+     *
+     * @member gadgets.rpc
+     */
+    registerDefault: function(handler) {
+      services[DEFAULT_NAME] = handler;
+    },
+
+    /**
+     * Unregisters the default service handler. Future unknown RPC
+     * calls will fail silently.
+     *
+     * @member gadgets.rpc
+     */
+    unregisterDefault: function() {
+      delete services[DEFAULT_NAME];
+    },
+
+    /**
+     * Forces all subsequent calls to be made by a transport
+     * method that allows the caller to verify the message receiver
+     * (by way of the parent parameter, through getRelayUrl(...)).
+     * At present this means IFPC or WPM.
+     */
+    forceParentVerifiable: function() {
+      if (!transport.isParentVerifiable()) {
+        transport = gadgets.rpctx.Ifpc;
+      }
+    },
+
+    /**
+     * Calls an RPC service.
+     * @param {String} targetId Module Id of the RPC service provider.
+     *                          Empty if calling the parent container.
+     * @param {String} serviceName Service name to call.
+     * @param {Function|null} callback Callback function (if any) to process
+     *                                 the return value of the RPC request.
+     * @param {*} var_args Parameters for the RPC request.
+     *
+     * @member gadgets.rpc
+     */
+    call: function(targetId, serviceName, callback, var_args) {
+      targetId = targetId || '..';
+      // Default to the container calling.
+      var from = '..';
+
+      if (targetId === '..') {
+        from = window.name;
+      }
+
+      ++callId;
+      if (callback) {
+        callbacks[callId] = callback;
+      }
+
+      var rpc = {
+        s: serviceName,
+        f: from,
+        c: callback ? callId : 0,
+        a: Array.prototype.slice.call(arguments, 3),
+        t: authToken[targetId],
+        l: useLegacyProtocol[targetId]
+      };
+
+      // If target is on the same domain, call method directly
+      if (callSameDomain(targetId, rpc)) {
+        return;
+      }
+
+      // Attempt to make call via a cross-domain transport.
+      var channel = receiverTx[targetId];
+
+      if (!channel) {
+        // Not set up yet. Enqueue the rpc for such time as it is.
+        if (!earlyRpcQueue[targetId]) {
+          earlyRpcQueue[targetId] = [ rpc ];
+        } else {
+          earlyRpcQueue[targetId].push(rpc);
+        }
+        return;
+      }
+
+      // If we are told to use the legacy format, then we must
+      // default to IFPC.
+      if (useLegacyProtocol[targetId]) {
+        channel = gadgets.rpctx.Ifpc;
+      }
+
+      if (channel.call(targetId, from, rpc) === false) {
+        // Fall back to IFPC. This behavior may be removed as IFPC is as well.
+        transport = fallbackTransport;
+        transport.call(targetId, from, rpc);
+      }
+    },
+
+    /**
+     * Gets the relay URL of a target frame.
+     * @param {String} targetId Name of the target frame.
+     * @return {String|undefined} Relay URL of the target frame.
+     *
+     * @member gadgets.rpc
+     */
+    getRelayUrl: function(targetId) {
+      var url = relayUrl[targetId];
+      // Some RPC methods (wpm, for one) are unhappy with schemeless URLs.
+      if (url && url.indexOf('//') == 0) {
+        url = document.location.protocol + url;
+      }
+      
+      return url;
+    },
+
+    /**
+     * Sets the relay URL of a target frame.
+     * @param {String} targetId Name of the target frame.
+     * @param {String} url Full relay URL of the target frame.
+     * @param {Boolean} opt_useLegacy True if this relay needs the legacy IFPC
+     *     wire format.
+     *
+     * @member gadgets.rpc
+     */
+    setRelayUrl: function(targetId, url, opt_useLegacy) {
+      relayUrl[targetId] = url;
+      useLegacyProtocol[targetId] = !!opt_useLegacy;
+    },
+
+    /**
+     * Sets the auth token of a target frame.
+     * @param {String} targetId Name of the target frame.
+     * @param {String} token The authentication token to use for all
+     *     calls to or from this target id.
+     *
+     * @member gadgets.rpc
+     */
+    setAuthToken: function(targetId, token) {
+      token = token || "";
+
+      // Coerce token to a String, ensuring that all authToken values
+      // are strings. This ensures correct comparison with URL params
+      // in the process(rpc) method.
+      authToken[targetId] = String(token);
+
+      setupFrame(targetId, token);
+    },
+
+    /**
+     * Helper method to retrieve the authToken for a given gadget.
+     */
+    getAuthToken: function(targetId) {
+      return authToken[targetId];
+    },
+
+    /**
+     * Gets the RPC relay mechanism.
+     * @return {String} RPC relay mechanism. See above for
+     *   a list of supported types.
+     *
+     * @member gadgets.rpc
+     */
+    getRelayChannel: function() {
+      return transport.getCode();
+    },
+
+    /**
+     * Receives and processes an RPC request. (Not to be used directly.)
+     * Only used by IFPC.
+     * @param {Array.<String>} fragment An RPC request fragment encoded as
+     *        an array. The first 4 elements are target id, source id & call id,
+     *        total packet number, packet id. The last element stores the actual
+     *        JSON-encoded and URI escaped packet data.
+     *
+     * @member gadgets.rpc
+     */
+    receive: function(fragment) {
+      if (fragment.length > 4) {
+        // TODO parse fragment[1..3] to merge multi-fragment messages
+        process(gadgets.json.parse(
+            decodeURIComponent(fragment[fragment.length - 1])));
+      }
+    },
+
+    /**
+     * Receives and processes an RPC request sent via the same domain.
+     * (Not to be used directly). Converts the inbound rpc object's
+     * Array into a local Array to pass the process() Array test.
+     * @param {Object} rpc RPC object containing all request params
+     */
+    receiveSameDomain: function(rpc) {
+      // Pass through to local process method but converting to a local Array
+      rpc.a = Array.prototype.slice.call(rpc.a);
+      window.setTimeout(function() { process(rpc); }, 0);
+    },
+
+    /**
+     * Helper method to get the protocol://host:port of an input URL.
+     */
+    getDomainRoot: getDomainRoot,
+
+    /**
+     * Internal-only method used to initialize gadgets.rpc.
+     */
+    init: function() {
+      // Conduct any global setup necessary for the chosen transport.
+      // Do so after gadgets.rpc definition to allow transport to access
+      // gadgets.rpc methods.
+      if (transport.init(process, transportReady) === false) {
+        transport = fallbackTransport;
+      }
+      // Here, we add a hook for the transport to actively set up
+      // gadget -> container communication, if we're a gadget.
+      if (isGadget && transport.setup('..') === false) {
+        transport = fallbackTransport;
+      }
+    },
+
+    /** Exported constant, for use by transports only. */
+    ACK: ACK
+  };
+}();
+
+// Initialize library/transport.
+gadgets.rpc.init();
+;
Index: standard/src/main/webapp/WEB-INF/classes/containers/default/container.js
===================================================================
--- standard/src/main/webapp/WEB-INF/classes/containers/default/container.js	(revision 0)
+++ standard/src/main/webapp/WEB-INF/classes/containers/default/container.js	(revision 0)
@@ -0,0 +1,151 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// Default container configuration. To change the configuration, you have two options:
+//
+// A. If you run the Java server: Create your own "myContainer.js" file and
+// modify the value in web.xml. 
+//
+//  B. If you run the PHP server: Create a myContainer.js, copy the contents of container.js to it,
+//  change 
+//		{"gadgets.container" : ["default"],
+//  to
+//		{"gadgets.container" : ["myContainer"],
+// And make your changes that you need to myContainer.js.
+// Just make sure on the iframe URL you specify &container=myContainer 
+// for it to use that config. 
+//
+// All configurations will automatically inherit values from this
+// config, so you only need to provide configuration for items
+// that you require explicit special casing for.
+//
+// Please namespace your attributes using the same conventions
+// as you would for javascript objects, e.g. gadgets.features
+// rather than "features".
+
+// NOTE: Please _don't_ leave trailing commas because the php json parser
+// errors out on this.
+
+// Container must be an array; this allows multiple containers
+// to share configuration.
+{"gadgets.container" : ["default"],
+
+// Set of regular expressions to validate the parent parameter. This is
+// necessary to support situations where you want a single container to support
+// multiple possible host names (such as for localized domains, such as
+// <language>.example.org. If left as null, the parent parameter will be
+// ignored; otherwise, any requests that do not include a parent
+// value matching this set will return a 404 error.
+"gadgets.parent" : null,
+
+// Should all gadgets be forced on to a locked domain?
+"gadgets.lockedDomainRequired" : false,
+
+// DNS domain on which gadgets should render.
+"gadgets.lockedDomainSuffix" : "-a.example.com:8080",
+
+// Various urls generated throughout the code base.
+// iframeBaseUri will automatically have the host inserted
+// if locked domain is enabled and the implementation supports it.
+// query parameters will be added.
+"gadgets.iframeBaseUri" : "/xwiki/gadgets/ifr",
+
+// jsUriTemplate will have %host% and %js% substituted.
+// No locked domain special cases, but jsUriTemplate must
+// never conflict with a lockedDomainSuffix.
+"gadgets.jsUriTemplate" : "http://%host%/xwiki/gadgets/js/%js%",
+
+// Callback URL.  Scheme relative URL for easy switch between https/http.
+"gadgets.oauthGadgetCallbackTemplate" : "//%host%/xwiki/gadgets/oauthcallback",
+
+// Use an insecure security token by default
+"gadgets.securityTokenType" : "insecure",
+
+// Config param to load Opensocial data for social
+// preloads in data pipelining.  %host% will be
+// substituted with the current host.
+"gadgets.osDataUri" : "http://%host%/xwiki/social/rpc",
+
+// Uncomment these to switch to a secure version
+// 
+//"gadgets.securityTokenType" : "secure",
+//"gadgets.securityTokenKeyFile" : "/path/to/key/file.txt",
+
+// This config data will be passed down to javascript. Please
+// configure your object using the feature name rather than
+// the javascript name.
+
+// Only configuration for required features will be used.
+// See individual feature.xml files for configuration details.
+"gadgets.features" : {
+  "core.io" : {
+    // Note: /proxy is an open proxy. Be careful how you expose this!
+    "proxyUrl" : "http://%host%/xwiki/gadgets/proxy?refresh=%refresh%&url=%url%",
+    "jsonProxyUrl" : "http://%host%/xwiki/gadgets/makeRequest"
+  },
+  "views" : {
+    "profile" : {
+      "isOnlyVisible" : false,
+      "urlTemplate" : "http://localhost/xwiki/gadgets/profile?{var}",
+      "aliases": ["DASHBOARD", "default"]
+    },
+    "canvas" : {
+      "isOnlyVisible" : true,
+      "urlTemplate" : "http://localhost/xwiki/gadgets/canvas?{var}",
+      "aliases" : ["FULL_PAGE"]
+    }
+  },
+  "rpc" : {
+    // Path to the relay file. Automatically appended to the parent
+    /// parameter if it passes input validation and is not null.
+    // This should never be on the same host in a production environment!
+    // Only use this for TESTING!
+    "parentRelayUrl" : "/xwiki/gadgets/files/container/rpc_relay.html",
+
+    // If true, this will use the legacy ifpc wire format when making rpc
+    // requests.
+    "useLegacyProtocol" : false
+  },
+  // Skin defaults
+  "skins" : {
+    "properties" : {
+      "BG_COLOR": "",
+      "BG_IMAGE": "",
+      "BG_POSITION": "",
+      "BG_REPEAT": "",
+      "FONT_COLOR": "",
+      "ANCHOR_COLOR": ""
+    }
+  },
+  "opensocial-0.8" : {
+    // Path to fetch opensocial data from
+    // Must be on the same domain as the gadget rendering server
+    "path" : "http://%host%/xwiki/social",
+    "domain" : "shindig",
+    "enableCaja" : false,
+    "supportedFields" : {
+       "person" : ["id", {"name" : ["familyName", "givenName", "unstructured"]}, "thumbnailUrl", "profileUrl"],
+       "activity" : ["id", "title"]
+    }
+  },
+  "osapi" : {
+    // The endpoints to query for available JSONRPC/REST services
+    "endPoints" : [ "http://%host%/xwiki/social/rpc", "http://%host%/xwiki/gadgets/api/rpc" ]                   
+  }
+}}