[webkit-changes] cvs commit: WebKit/WebView.subproj WebFrame.m WebFrameInternal.h WebPDFView.m WebTextView.m

Thu Jul 14 16:06:11 PDT 2005

kdecker     05/07/14 16:06:11

  Modified:    .        ChangeLog
               WebView.subproj WebFrame.m WebFrameInternal.h WebPDFView.m
                        WebTextView.m
  Log:
          Reviewed by cblu
  
  	Fixed: <rdar://problem/4122282> clicking a link in an PDF file opens the link with NSWorkspace without the usual security checks or WebView delegate control
  
          * WebView.subproj/WebFrame.m:
          (-[WebFrame _safeLoadURL:]): added
          * WebView.subproj/WebFrameInternal.h:
          * WebView.subproj/WebPDFView.m:
          (-[WebPDFView initWithFrame:]):
          (-[WebPDFView PDFViewWillClickOnLink:withURL:]): prevents evilness with a call to _safeLoadURL
          * WebView.subproj/WebTextView.m:
          (-[WebTextView clickedOnLink:atIndex:]): factored calling out to the bridge, and instead call _safeLoadURL
  
  Revision  Changes    Path
  1.3226    +15 -0     WebKit/ChangeLog
  
  Index: ChangeLog
  ===================================================================
  RCS file: /cvs/root/WebKit/ChangeLog,v
  retrieving revision 1.3225
  retrieving revision 1.3226
  diff -u -r1.3225 -r1.3226
  --- ChangeLog	14 Jul 2005 16:29:03 -0000	1.3225
  +++ ChangeLog	14 Jul 2005 23:06:08 -0000	1.3226
  @@ -1,3 +1,18 @@
  +2005-07-14  Kevin Decker  <kdecker at apple.com>
  +
  +        Reviewed by cblu
  +
  +	Fixed: <rdar://problem/4122282> clicking a link in an PDF file opens the link with NSWorkspace without the usual security checks or WebView delegate control
  +
  +        * WebView.subproj/WebFrame.m:
  +        (-[WebFrame _safeLoadURL:]): added
  +        * WebView.subproj/WebFrameInternal.h:
  +        * WebView.subproj/WebPDFView.m:
  +        (-[WebPDFView initWithFrame:]):
  +        (-[WebPDFView PDFViewWillClickOnLink:withURL:]): prevents evilness with a call to _safeLoadURL
  +        * WebView.subproj/WebTextView.m:
  +        (-[WebTextView clickedOnLink:atIndex:]): factored calling out to the bridge, and instead call _safeLoadURL
  +
   2005-07-14  Vicki Murley  <vicki at apple.com>
   
           Reviewed by Kocienda.
  
  
  
  1.241     +13 -0     WebKit/WebView.subproj/WebFrame.m
  
  Index: WebFrame.m
  ===================================================================
  RCS file: /cvs/root/WebKit/WebView.subproj/WebFrame.m,v
  retrieving revision 1.240
  retrieving revision 1.241
  diff -u -r1.240 -r1.241
  --- WebFrame.m	14 Jul 2005 16:29:05 -0000	1.240
  +++ WebFrame.m	14 Jul 2005 23:06:10 -0000	1.241
  @@ -2647,6 +2647,19 @@
       }
   }
   
  +- (void)_safeLoadURL:(NSURL *)URL
  +{
  +   // Call the bridge because this is where our security checks are made.
  +    [[self _bridge] loadURL:URL 
  +                    referrer:[[[[self dataSource] request] URL] _web_originalDataAsString]
  +                      reload:NO
  +                 userGesture:YES       
  +                      target:nil
  +             triggeringEvent:[NSApp currentEvent]
  +                        form:nil 
  +                  formValues:nil];
  +}
  +
   - (void)_saveResourceAndSendRemainingDelegateMessagesWithRequest:(NSURLRequest *)request
                                                         identifier:(id)identifier 
                                                           response:(NSURLResponse *)response 
  
  
  
  1.11      +1 -0      WebKit/WebView.subproj/WebFrameInternal.h
  
  Index: WebFrameInternal.h
  ===================================================================
  RCS file: /cvs/root/WebKit/WebView.subproj/WebFrameInternal.h,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- WebFrameInternal.h	5 Jun 2005 17:54:47 -0000	1.10
  +++ WebFrameInternal.h	14 Jul 2005 23:06:10 -0000	1.11
  @@ -39,6 +39,7 @@
   
   - (NSURLRequest *)_requestFromDelegateForRequest:(NSURLRequest *)request identifier:(id *)identifier error:(NSError **)error;
   - (void)_sendRemainingDelegateMessagesWithIdentifier:(id)identifier response:(NSURLResponse *)response length:(unsigned)length error:(NSError *)error;
  +- (void)_safeLoadURL:(NSURL *)URL;
   - (void)_saveResourceAndSendRemainingDelegateMessagesWithRequest:(NSURLRequest *)request
                                                         identifier:(id)identifier 
                                                           response:(NSURLResponse *)response 
  
  
  
  1.17      +13 -0     WebKit/WebView.subproj/WebPDFView.m
  
  Index: WebPDFView.m
  ===================================================================
  RCS file: /cvs/root/WebKit/WebView.subproj/WebPDFView.m,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- WebPDFView.m	5 Jul 2005 18:37:37 -0000	1.16
  +++ WebPDFView.m	14 Jul 2005 23:06:10 -0000	1.17
  @@ -32,8 +32,10 @@
   #import <WebKit/WebDataSource.h>
   #import <WebKit/WebDocumentInternal.h>
   #import <WebKit/WebFrame.h>
  +#import <WebKit/WebFrameInternal.h>
   #import <WebKit/WebLocalizableStrings.h>
   #import <WebKit/WebNSPasteboardExtras.h>
  +#import <WebKit/WebNSViewExtras.h>
   #import <WebKit/WebPDFView.h>
   #import <WebKit/WebUIDelegate.h>
   #import <WebKit/WebView.h>
  @@ -90,6 +92,7 @@
           PDFSubview = [[[[self class] PDFViewClass] alloc] initWithFrame:frame];
           [PDFSubview setAutoresizingMask:NSViewWidthSizable|NSViewHeightSizable];
           [self addSubview:PDFSubview];
  +        [PDFSubview setDelegate:self];
           written = NO;
       }
       return self;
  @@ -438,6 +441,16 @@
       return [[PDFSubview document] getPrintOperationForPrintInfo:printInfo autoRotate:YES];
   }
   
  +// Delegates implementing the following method will be called to handle clicks on URL
  +// links within the PDFView.  
  +- (void)PDFViewWillClickOnLink:(PDFView *)sender withURL:(NSURL *)URL
  +{
  +    if (URL != nil) {    
  +        WebFrame *frame = [[self _web_parentWebFrameView] webFrame];
  +        [frame _safeLoadURL:URL];
  +    }
  +}
  +
   @end
   
   #endif // OMIT_TIGER_FEATURES
  
  
  
  1.57      +3 -9      WebKit/WebView.subproj/WebTextView.m
  
  Index: WebTextView.m
  ===================================================================
  RCS file: /cvs/root/WebKit/WebView.subproj/WebTextView.m,v
  retrieving revision 1.56
  retrieving revision 1.57
  diff -u -r1.56 -r1.57
  --- WebTextView.m	22 Jun 2005 21:32:09 -0000	1.56
  +++ WebTextView.m	14 Jul 2005 23:06:10 -0000	1.57
  @@ -33,6 +33,8 @@
   #import <WebKit/WebDataSourcePrivate.h>
   #import <WebKit/WebDocumentInternal.h>
   #import <WebKit/WebFramePrivate.h>
  +#import <WebKit/WebFrameInternal.h>
  +
   #import <WebKit/WebFrameView.h>
   #import <WebKit/WebNSObjectExtras.h>
   #import <WebKit/WebNSURLExtras.h>
  @@ -366,16 +368,8 @@
           URL = [[self class] _URLForString:(NSString *)link];
       }
       if (URL != nil) {    
  -        // Call the bridge because this is where our security checks are made.
           WebFrame *frame = [[self _web_parentWebFrameView] webFrame];
  -        [[frame _bridge] loadURL:URL 
  -                        referrer:[[[[frame dataSource] request] URL] _web_originalDataAsString]
  -                          reload:NO
  -                     userGesture:YES       
  -                          target:nil
  -                 triggeringEvent:[[self window] currentEvent]
  -                            form:nil 
  -                      formValues:nil];
  +        [frame _safeLoadURL:URL];
       }
   }