aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Persch <chpe@cvs.gnome.org>2005-11-19 03:24:16 +0800
committerChristian Persch <chpe@src.gnome.org>2005-11-19 03:24:16 +0800
commit2fc8ea94dc040a9854718593571b48345d6b22f2 (patch)
tree03616c4e1d09b436113c871aa33ad043d04c6429
parent9c59c6bc168115ba34387b2777f6898289c37e3a (diff)
downloadgsoc2013-epiphany-2fc8ea94dc040a9854718593571b48345d6b22f2.tar
gsoc2013-epiphany-2fc8ea94dc040a9854718593571b48345d6b22f2.tar.gz
gsoc2013-epiphany-2fc8ea94dc040a9854718593571b48345d6b22f2.tar.bz2
gsoc2013-epiphany-2fc8ea94dc040a9854718593571b48345d6b22f2.tar.lz
gsoc2013-epiphany-2fc8ea94dc040a9854718593571b48345d6b22f2.tar.xz
gsoc2013-epiphany-2fc8ea94dc040a9854718593571b48345d6b22f2.tar.zst
gsoc2013-epiphany-2fc8ea94dc040a9854718593571b48345d6b22f2.zip
Add chrome: and resource: to the safe list; otherwise forms and scrollbars
2005-11-18 Christian Persch <chpe@cvs.gnome.org> * embed/mozilla/EphyContentPolicy.cpp: * embed/ephy-embed-single.c: * embed/ephy-embed-single.h: Add chrome: and resource: to the safe list; otherwise forms and scrollbars break. Fixes bug #316498.
-rw-r--r--ChangeLog9
-rw-r--r--embed/ephy-embed-single.c27
-rw-r--r--embed/ephy-embed-single.h17
-rw-r--r--embed/mozilla/EphyContentPolicy.cpp113
4 files changed, 45 insertions, 121 deletions
diff --git a/ChangeLog b/ChangeLog
index 9d6069c8e..9d9a60405 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
2005-11-18 Christian Persch <chpe@cvs.gnome.org>
+ * embed/mozilla/EphyContentPolicy.cpp:
+ * embed/ephy-embed-single.c:
+ * embed/ephy-embed-single.h:
+
+ Add chrome: and resource: to the safe list; otherwise
+ forms and scrollbars break. Fixes bug #316498.
+
+2005-11-18 Christian Persch <chpe@cvs.gnome.org>
+
* src/ephy-extensions-manager.c:
Don't warn when reading a .xml when we previously read the
diff --git a/embed/ephy-embed-single.c b/embed/ephy-embed-single.c
index 4f2c50000..fe32a0289 100644
--- a/embed/ephy-embed-single.c
+++ b/embed/ephy-embed-single.c
@@ -146,33 +146,6 @@ ephy_embed_single_iface_init (gpointer g_iface)
G_TYPE_STRING | G_SIGNAL_TYPE_STATIC_SCOPE);
/**
- * EphyEmbedSingle::check_content:
- * @single: the #EphyEmbedSingle
- * @type: the type of content (an #EphyContentCheckType)
- * @address: the address of the content
- * @requesting_address: the address of the requesting content (may be empty)
- * @mime_type_guess: a guess of the mime type of the content (may be empty)
- *
- * The ::check-content signal is emitted when Epiphany loads any content from
- * anywhere.
- *
- * If a connected callback returns %TRUE, the
- * signal emission will stop, and the load be aborted.
- **/
- g_signal_new ("check_content",
- EPHY_TYPE_EMBED_SINGLE,
- G_SIGNAL_RUN_FIRST | G_SIGNAL_RUN_LAST,
- G_STRUCT_OFFSET (EphyEmbedSingleIface, check_content),
- g_signal_accumulator_true_handled, NULL,
- ephy_marshal_BOOLEAN__ENUM_STRING_STRING_STRING,
- G_TYPE_BOOLEAN,
- 4,
- EPHY_TYPE_CONTENT_CHECK_TYPE,
- G_TYPE_STRING | G_SIGNAL_TYPE_STATIC_SCOPE,
- G_TYPE_STRING | G_SIGNAL_TYPE_STATIC_SCOPE,
- G_TYPE_STRING | G_SIGNAL_TYPE_STATIC_SCOPE);
-
-/**
* EphyEmbedSingle::network-status:
*
* Whether the network is on-line.
diff --git a/embed/ephy-embed-single.h b/embed/ephy-embed-single.h
index a89399b2b..916773d7f 100644
--- a/embed/ephy-embed-single.h
+++ b/embed/ephy-embed-single.h
@@ -35,18 +35,6 @@ G_BEGIN_DECLS
typedef struct _EphyEmbedSingle EphyEmbedSingle;
typedef struct _EphyEmbedSingleIface EphyEmbedSingleIface;
-typedef enum
-{
- EPHY_CONTENT_CHECK_TYPE_OTHER = 1U,
- EPHY_CONTENT_CHECK_TYPE_SCRIPT = 2U, /* Indicates an executable script (such as JavaScript) */
- EPHY_CONTENT_CHECK_TYPE_IMAGE = 3U, /* Indicates an image (e.g., IMG elements) */
- EPHY_CONTENT_CHECK_TYPE_STYLESHEET = 4U, /* Indicates a stylesheet (e.g., STYLE elements) */
- EPHY_CONTENT_CHECK_TYPE_OBJECT = 5U, /* Indicates a generic object (plugin-handled content typically falls under this category) */
- EPHY_CONTENT_CHECK_TYPE_DOCUMENT = 6U, /* Indicates a document at the top-level (i.e., in a browser) */
- EPHY_CONTENT_CHECK_TYPE_SUBDOCUMENT = 7U, /* Indicates a document contained within another document (e.g., IFRAMEs, FRAMES, and OBJECTs) */
- EPHY_CONTENT_CHECK_TYPE_REFRESH = 8U /* Indicates a timed refresh */
-} EphyContentCheckType;
-
struct _EphyEmbedSingleIface
{
GTypeInterface base_iface;
@@ -70,11 +58,6 @@ struct _EphyEmbedSingleIface
const char *icon_url,
const char *title);
- gboolean (* check_content) (EphyEmbedSingle *single,
- EphyContentCheckType type,
- const char *address,
- const char *requesting_address,
- const char *mime_type_guess);
/* Methods */
GtkWidget * (* open_window) (EphyEmbedSingle *single,
diff --git a/embed/mozilla/EphyContentPolicy.cpp b/embed/mozilla/EphyContentPolicy.cpp
index bbfa59814..30b90bca3 100644
--- a/embed/mozilla/EphyContentPolicy.cpp
+++ b/embed/mozilla/EphyContentPolicy.cpp
@@ -48,8 +48,6 @@ EphyContentPolicy::EphyContentPolicy()
mLocked = eel_gconf_get_boolean (CONF_LOCKDOWN_DISABLE_UNSAFE_PROTOCOLS);
mSafeProtocols = eel_gconf_get_string_list (CONF_LOCKDOWN_ADDITIONAL_SAFE_PROTOCOLS);
- mSafeProtocols = g_slist_prepend (mSafeProtocols, g_strdup ("https"));
- mSafeProtocols = g_slist_prepend (mSafeProtocols, g_strdup ("http"));
mEmbedSingle = ephy_embed_shell_get_embed_single (embed_shell);
g_return_if_fail (mEmbedSingle);
@@ -74,43 +72,33 @@ EphyContentPolicy::ShouldLoad(PRUint32 aContentType,
PRInt16 *aDecision)
{
NS_ENSURE_ARG (aContentLocation);
+ NS_ENSURE_ARG_POINTER (aDecision);
- nsEmbedCString contentScheme;
- aContentLocation->GetScheme (contentScheme);
+ *aDecision = nsIContentPolicy::ACCEPT;
+
+ PRBool isHttp = PR_FALSE, isHttps = PR_FALSE;
+ aContentLocation->SchemeIs ("http", &isHttp);
+ aContentLocation->SchemeIs ("https", &isHttps);
+ if (isHttp || isHttps) return NS_OK;
+
+ /* We have to always allow these, else forms and scrollbars break */
+ PRBool isChrome = PR_FALSE, isResource = PR_FALSE;
+ aContentLocation->SchemeIs ("chrome", &isChrome);
+ aContentLocation->SchemeIs ("resource", &isResource);
+ if (isChrome || isResource) return NS_OK;
nsEmbedCString contentSpec;
aContentLocation->GetSpec (contentSpec);
+ if (strcmp (contentSpec.get(), "about:blank") == 0) return NS_OK;
+
+ nsEmbedCString contentScheme;
+ aContentLocation->GetScheme (contentScheme);
/* first general lockdown check */
if (mLocked &&
- !g_slist_find_custom (mSafeProtocols, contentScheme.get(), (GCompareFunc) strcmp) &&
- strcmp (contentSpec.get(), "about:blank") != 0)
+ !g_slist_find_custom (mSafeProtocols, contentScheme.get(), (GCompareFunc) strcmp))
{
*aDecision = nsIContentPolicy::REJECT_REQUEST;
- return NS_OK;
- }
-
- nsEmbedCString requestingSpec;
- if (aRequestingLocation)
- {
- aRequestingLocation->GetSpec (requestingSpec);
- }
-
- gboolean result = FALSE;
- g_signal_emit_by_name (mEmbedSingle, "check-content",
- (EphyContentCheckType) aContentType,
- contentSpec.get(),
- requestingSpec.get(),
- nsEmbedCString(aMimeTypeGuess).get(),
- &result);
-
- if (result)
- {
- *aDecision = nsIContentPolicy::REJECT_REQUEST;
- }
- else
- {
- *aDecision = nsIContentPolicy::ACCEPT;
}
return NS_OK;
@@ -139,64 +127,35 @@ NS_IMETHODIMP EphyContentPolicy::ShouldLoad(PRInt32 aContentType,
PRBool *_retval)
{
NS_ENSURE_ARG (aContentLocation);
+ NS_ENSURE_ARG_POINTER (aDecision);
- nsEmbedCString contentScheme;
- aContentLocation->GetScheme (contentScheme);
+ *_retval = PR_TRUE;
+
+ PRBool isHttp = PR_FALSE, isHttps = PR_FALSE;
+ aContentLocation->SchemeIs ("http", &isHttp);
+ aContentLocation->SchemeIs ("https", &isHttps);
+ if (isHttp || isHttps) return NS_OK;
+
+ /* We have to always allow these, else forms and scrollbars break */
+ PRBool isChrome = PR_FALSE, isResource = PR_FALSE;
+ aContentLocation->SchemeIs ("chrome", &isChrome);
+ aContentLocation->SchemeIs ("resource", &isResource);
+ if (isChrome || isResource) return NS_OK;
nsEmbedCString contentSpec;
aContentLocation->GetSpec (contentSpec);
+ if (strcmp (contentSpec.get(), "about:blank") == 0) return NS_OK;
+
+ nsEmbedCString contentScheme;
+ aContentLocation->GetScheme (contentScheme);
/* first general lockdown check */
if (mLocked &&
- !g_slist_find_custom (mSafeProtocols, contentScheme.get(), (GCompareFunc) strcmp) &&
- strcmp (contentSpec.get(), "about:blank") != 0)
+ !g_slist_find_custom (mSafeProtocols, contentScheme.get(), (GCompareFunc) strcmp))
{
*_retval = PR_FALSE;
- return NS_OK;
}
- /* translate to variant-2 types */
- EphyContentCheckType type;
- switch (aContentType)
- {
- case nsIContentPolicy::SCRIPT:
- type = EPHY_CONTENT_CHECK_TYPE_SCRIPT;
- break;
- case nsIContentPolicy::IMAGE:
- type = EPHY_CONTENT_CHECK_TYPE_IMAGE;
- break;
- case nsIContentPolicy::STYLESHEET:
- type = EPHY_CONTENT_CHECK_TYPE_STYLESHEET;
- break;
- case nsIContentPolicy::OBJECT:
- type = EPHY_CONTENT_CHECK_TYPE_OBJECT;
- break;
- case nsIContentPolicy::SUBDOCUMENT:
- type = EPHY_CONTENT_CHECK_TYPE_SUBDOCUMENT;
- break;
- case nsIContentPolicy::CONTROL_TAG:
- type = EPHY_CONTENT_CHECK_TYPE_REFRESH;
- break;
- case nsIContentPolicy::DOCUMENT:
- type = EPHY_CONTENT_CHECK_TYPE_DOCUMENT;
- break;
- case nsIContentPolicy::OTHER:
- case nsIContentPolicy::RAW_URL:
- default:
- type = EPHY_CONTENT_CHECK_TYPE_OTHER;
- break;
- }
-
- gboolean result = FALSE;
- g_signal_emit_by_name (mEmbedSingle, "check-content",
- type,
- contentSpec.get(),
- "",
- "",
- &result);
-
- *_retval = !result;
-
return NS_OK;
}