loleaflet/Makefile.am | 3 - loleaflet/js/toolbar.js | 2 loleaflet/node_shrinkwrap/sanitize-url-3.0.0.tar |binary loleaflet/npm-shrinkwrap.json.in | 6 ++ loleaflet/package.json | 4 + loleaflet/src/control/Control.AlertDialog.js | 49 ++++++++++++++++++++++- loleaflet/src/errormessages.js | 2 7 files changed, 63 insertions(+), 3 deletions(-)
New commits: commit e29d2568b4b8467e7a7ad2e64be4d7956875c14e Author: Alexandru Vlăduţu <[email protected]> AuthorDate: Tue Apr 2 09:24:18 2019 +0300 Commit: Jan Holesovsky <[email protected]> CommitDate: Fri May 3 16:34:15 2019 +0200 loleaflet: check document hyperlink before open Change-Id: Ie2b1ba8baf49136fa805ab5b3a52f7b7fb5827df Reviewed-on: https://gerrit.libreoffice.org/70113 Reviewed-by: Samuel Mehrbrodt <[email protected]> Reviewed-by: Szymon Kłos <[email protected]> Tested-by: Szymon Kłos <[email protected]> diff --git a/loleaflet/Makefile.am b/loleaflet/Makefile.am index 079666bae..8b93f4a8e 100644 --- a/loleaflet/Makefile.am +++ b/loleaflet/Makefile.am @@ -110,7 +110,8 @@ NODE_MODULES_JS =\ node_modules/json-js/json2.js \ node_modules/select2/dist/js/select2.js \ node_modules/vex-js/js/vex.js \ - node_modules/vex-js/js/vex.dialog.js + node_modules/vex-js/js/vex.dialog.js \ + node_modules/@braintree/sanitize-url/dist.js if !ENABLE_IOSAPP if !ENABLE_GTKAPP diff --git a/loleaflet/node_shrinkwrap/sanitize-url-3.0.0.tar b/loleaflet/node_shrinkwrap/sanitize-url-3.0.0.tar new file mode 100644 index 000000000..0c85c0423 Binary files /dev/null and b/loleaflet/node_shrinkwrap/sanitize-url-3.0.0.tar differ diff --git a/loleaflet/npm-shrinkwrap.json.in b/loleaflet/npm-shrinkwrap.json.in index 407d50b43..18c5dc802 100644 --- a/loleaflet/npm-shrinkwrap.json.in +++ b/loleaflet/npm-shrinkwrap.json.in @@ -211,6 +211,12 @@ "integrity": "sha1-trvgsGdLnXGXCMo43owjfLUmw9E=", "dev": true }, + "sanitize-url": { + "version": "3.0.0", + "resolved": "file:node_shrinkwrap/sanitize-url-3.0.0.tar", + "integrity": "", + "dev": true + }, "autolinker": { "version": "1.4.3", "resolved": "file:node_shrinkwrap/autolinker-1.4.3.tgz", diff --git a/loleaflet/package.json b/loleaflet/package.json index 0c45f4b72..b0b4cefab 100644 --- a/loleaflet/package.json +++ b/loleaflet/package.json @@ -3,6 +3,7 @@ "version": "0.8.0-dev", "description": "LibreOffice online front-end", "devDependencies": { + "@braintree/sanitize-url": "3.0.0", "autolinker": "1.4.3", "bootstrap": "3.3.6", "browserify": "13.1.0", @@ -37,5 +38,8 @@ "libreoffice", "lool" ], + "scripts": { + "postinstall": "browserify node_modules/@braintree/sanitize-url/index.js --standalone sanitizeUrl > node_modules/@braintree/sanitize-url/dist.js" + }, "license": "BSD-2-Clause" } diff --git a/loleaflet/src/control/Control.AlertDialog.js b/loleaflet/src/control/Control.AlertDialog.js index bb4c61685..336c14dd7 100644 --- a/loleaflet/src/control/Control.AlertDialog.js +++ b/loleaflet/src/control/Control.AlertDialog.js @@ -3,7 +3,7 @@ * L.Control.Dialog used for displaying alerts */ -/* global _ vex */ +/* global _ vex sanitizeUrl */ L.Control.AlertDialog = L.Control.extend({ onAdd: function (map) { // TODO: Better distinction between warnings and errors @@ -28,9 +28,9 @@ L.Control.AlertDialog = L.Control.extend({ var url = e.url; var messageText = window.errorMessages.leaving; - var isLinkValid = true; - if (url.trim().toLowerCase().startsWith('javascript:')) { - isLinkValid = false; + var isLinkValid = sanitizeUrl.sanitizeUrl(url) !== 'about:blank'; + + if (!isLinkValid) { messageText = window.errorMessages.invalidLink; messageText = messageText.replace('%url', url); } commit 1811a5280397f9614d1eddfe5f9390d5f23fe519 Author: Szymon Kłos <[email protected]> AuthorDate: Thu Mar 28 11:49:56 2019 +0100 Commit: Jan Holesovsky <[email protected]> CommitDate: Fri May 3 16:34:15 2019 +0200 Introduce warning when leaving the editor Change-Id: Id9fe06015b45f37ae415f8e3607434d984a6074f diff --git a/loleaflet/js/toolbar.js b/loleaflet/js/toolbar.js index 959e6e8c1..68cddbd22 100644 --- a/loleaflet/js/toolbar.js +++ b/loleaflet/js/toolbar.js @@ -2476,7 +2476,7 @@ function setupToolbar(e) { }); map.on('hyperlinkclicked', function (e) { - window.open(e.url, '_blank'); + map.fire('warn', {url: e.url, map: map, cmd: 'openlink'}); }); map.on('cellformula', function (e) { diff --git a/loleaflet/src/control/Control.AlertDialog.js b/loleaflet/src/control/Control.AlertDialog.js index d63c80432..bb4c61685 100644 --- a/loleaflet/src/control/Control.AlertDialog.js +++ b/loleaflet/src/control/Control.AlertDialog.js @@ -24,6 +24,53 @@ L.Control.AlertDialog = L.Control.extend({ else if (e.cmd == 'load' && e.kind == 'docunloading') { // Handled by transparently retrying. return; + } else if (e.cmd == 'openlink') { + var url = e.url; + var messageText = window.errorMessages.leaving; + + var isLinkValid = true; + if (url.trim().toLowerCase().startsWith('javascript:')) { + isLinkValid = false; + messageText = window.errorMessages.invalidLink; + messageText = messageText.replace('%url', url); + } + + var buttonsList = []; + + if (isLinkValid) { + buttonsList.push({ + text: _('Open link'), + type: 'button', + className: 'vex-dialog-button-primary', + click: function openClick () { + window.open(url, '_blank'); + vex.close(vex.dialogID); + vex.dialogID = 0; + } + }); + } + + buttonsList.push({ + text: _('Edit'), + type: 'button', + className: 'vex-dialog-button-secondary', + click: function editClick () { + e.map.toggleCommandState('HyperlinkDialog'); + vex.close(vex.dialogID); + vex.dialogID = 0; + } + }); + + vex.dialog.open({ + message: messageText, + showCloseButton: true, + buttons: buttonsList, + callback: function() {}, + beforeClose: function () { + e.map.focus(); + e.map.enable(true); + } + }); } else if (e.cmd && e.kind) { var msg = _('The server encountered a %0 error while parsing the %1 command.'); msg = msg.replace('%0', e.kind); diff --git a/loleaflet/src/errormessages.js b/loleaflet/src/errormessages.js index 3381b9126..0baa1e626 100644 --- a/loleaflet/src/errormessages.js +++ b/loleaflet/src/errormessages.js @@ -21,6 +21,8 @@ errorMessages.wrongwopisrc = _('Wrong or missing WOPISrc parameter, please conta errorMessages.sessionexpiry = _('Your session will expire in %time. Please save your work and refresh the session (or webpage) to continue.'); errorMessages.sessionexpired = _('Your session has been expired. Further changes to document might not be saved. Please refresh the session (or webpage) to continue.'); errorMessages.faileddocloading = _('Failed to load the document. Please ensure the file type is supported and not corrupted, and try again.'); +errorMessages.invalidLink = _('Invalid link: \'%url\''); +errorMessages.leaving = _('You are leaving the editor, are you sure you want to proceed?'); errorMessages.storage = { loadfailed: _('Failed to read document from storage. Please contact your storage server (%storageserver) administrator.'), _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
