diff options
Diffstat (limited to 'sfx2/source/doc/iframe.cxx')
| -rw-r--r-- | sfx2/source/doc/iframe.cxx | 108 |
1 files changed, 86 insertions, 22 deletions
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index 8b1271545dfb..bddd187a418c 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -38,12 +38,20 @@ #include <svtools/miscopt.hxx> #include <svl/ownlist.hxx> #include <svl/itemprop.hxx> +#include <sfx2/docfile.hxx> #include <sfx2/frmdescr.hxx> +#include <sfx2/objsh.hxx> #include <sfx2/sfxdlg.hxx> #include <sfx2/sfxsids.hrc> #include <toolkit/helper/vclunohelper.hxx> #include <vcl/window.hxx> #include <tools/debug.hxx> +#include <macroloader.hxx> +#include <officecfg/Office/Common.hxx> + +#include <unicode/errorcode.h> +#include <unicode/regex.h> +#include <unicode/unistr.h> using namespace ::com::sun::star; @@ -153,44 +161,100 @@ IFrameObject::IFrameObject(const uno::Reference < uno::XComponentContext >& rxCo aArguments[0] >>= mxObj; } +#if 0 +bool lcl_isScriptURLAllowed(const OUString& aScriptURL) +{ + boost::optional<css::uno::Sequence<OUString>> allowedEvents( + officecfg::Office::Common::Security::Scripting::AllowedDocumentEventURLs::get()); + // When AllowedDocumentEventURLs is empty, all event URLs are allowed + if (!allowedEvents) + return true; + + icu::ErrorCode status; + const uint32_t rMatcherFlags = UREGEX_CASE_INSENSITIVE; + icu::UnicodeString usInput(aScriptURL.getStr()); + const css::uno::Sequence<OUString>& rAllowedEvents = *allowedEvents; + for (auto const& allowedEvent : rAllowedEvents) + { + icu::UnicodeString usRegex(allowedEvent.getStr()); + icu::RegexMatcher rmatch1(usRegex, usInput, rMatcherFlags, status); + if (aScriptURL.startsWith(allowedEvent) || rmatch1.matches(status)) + { + return true; + } + } + + return false; +} +#endif + sal_Bool SAL_CALL IFrameObject::load( const uno::Sequence < css::beans::PropertyValue >& /*lDescriptor*/, const uno::Reference < frame::XFrame >& xFrame ) { if ( SvtMiscOptions().IsPluginsEnabled() ) { - DBG_ASSERT( !mxFrame.is(), "Frame already existing!" ); - VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() ); - VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() ); - pWin->SetSizePixel( pParent->GetOutputSizePixel() ); - pWin->SetBackground(); - pWin->Show(); + util::URL aTargetURL; + aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ); + uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) ); + xTrans->parseStrict( aTargetURL ); - uno::Reference < awt::XWindow > xWindow( pWin->GetComponentInterface(), uno::UNO_QUERY ); - xFrame->setComponent( xWindow, uno::Reference < frame::XController >() ); + INetURLObject aURLObject(aTargetURL.Complete); + if (aURLObject.IsExoticProtocol()) + { + SAL_WARN("sfx", "IFrameObject::load ignoring: " << aTargetURL.Complete); + return false; + } - // we must destroy the IFrame before the parent is destroyed - xWindow->addEventListener( this ); + uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); + SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); - mxFrame = frame::Frame::create( mxContext ); - uno::Reference < awt::XWindow > xWin( pWin->GetComponentInterface(), uno::UNO_QUERY ); - mxFrame->initialize( xWin ); - mxFrame->setName( maFrmDescr.GetName() ); + bool bUpdateAllowed(true); + if (pDoc) + { + comphelper::EmbeddedObjectContainer& rEmbeddedObjectContainer = pDoc->getEmbeddedObjectContainer(); + bUpdateAllowed = rEmbeddedObjectContainer.getUserAllowsLinkUpdate(); + } + if (!bUpdateAllowed) + return false; - uno::Reference < frame::XFramesSupplier > xFramesSupplier( xFrame, uno::UNO_QUERY ); - if ( xFramesSupplier.is() ) - mxFrame->setCreator( xFramesSupplier ); + OUString sReferer; + if (pDoc && pDoc->HasName()) + sReferer = pDoc->GetMedium()->GetName(); - util::URL aTargetURL; - aTargetURL.Complete = maFrmDescr.GetURL().GetMainURL( INetURLObject::DecodeMechanism::NONE ); - uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) ); - xTrans->parseStrict( aTargetURL ); + uno::Reference<css::awt::XWindow> xParentWindow(xFrame->getContainerWindow()); + + if (!mxFrame.is()) + { + VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow(xParentWindow); + VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() ); + pWin->SetSizePixel( pParent->GetOutputSizePixel() ); + pWin->SetBackground(); + pWin->Show(); + + uno::Reference < awt::XWindow > xWindow( pWin->GetComponentInterface(), uno::UNO_QUERY ); + xFrame->setComponent( xWindow, uno::Reference < frame::XController >() ); + + // we must destroy the IFrame before the parent is destroyed + xWindow->addEventListener( this ); + + mxFrame = frame::Frame::create( mxContext ); + uno::Reference < awt::XWindow > xWin( pWin->GetComponentInterface(), uno::UNO_QUERY ); + mxFrame->initialize( xWin ); + mxFrame->setName( maFrmDescr.GetName() ); + + uno::Reference < frame::XFramesSupplier > xFramesSupplier( xFrame, uno::UNO_QUERY ); + if ( xFramesSupplier.is() ) + mxFrame->setCreator( xFramesSupplier ); + } - uno::Sequence < beans::PropertyValue > aProps(2); + uno::Sequence < beans::PropertyValue > aProps(3); aProps[0].Name = "PluginMode"; aProps[0].Value <<= sal_Int16(2); aProps[1].Name = "ReadOnly"; aProps[1].Value <<= true; + aProps[2].Name = "Referer"; + aProps[2].Value <<= sReferer; uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( aTargetURL, "_self", 0 ); if ( xDisp.is() ) xDisp->dispatch( aTargetURL, aProps ); |