+2005-05-17 Chris Blumenberg <cblu@apple.com>
+
+ Fixed: <rdar://problem/4119282> clicking a link in an RTF file opens the link with NSWorkspace without the usual security checks or WebView delegate control
+
+ Reviewed by mjs.
+
+ * WebCoreSupport.subproj/WebBridge.m:
+ (-[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:]): pass the passed referrer to canLoadURL::: not [self referrer]
+ (-[WebBridge postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]): ditto
+ * WebView.subproj/WebTextView.m:
+ (-[WebTextView clickedOnLink:atIndex:]): call the loadURL bridge method so that security checks are made, command/option clicks work, policy delegate is consulted etc.
+
2005-05-17 Chris Blumenberg <cblu@apple.com>
Fixed: <rdar://problem/4120255> web archives on remote servers can be viewed directly (with major security issues); should download instead
- (void)loadURL:(NSURL *)URL referrer:(NSString *)referrer reload:(BOOL)reload userGesture:(BOOL)forUser target:(NSString *)target triggeringEvent:(NSEvent *)event form:(DOMElement *)form formValues:(NSDictionary *)values
{
BOOL hideReferrer;
- if (![self canLoadURL:URL fromReferrer:[self referrer] hideReferrer:&hideReferrer])
+ if (![self canLoadURL:URL fromReferrer:referrer hideReferrer:&hideReferrer])
return;
if ([target length] == 0) {
- (void)postWithURL:(NSURL *)URL referrer:(NSString *)referrer target:(NSString *)target data:(NSArray *)postData contentType:(NSString *)contentType triggeringEvent:(NSEvent *)event form:(DOMElement *)form formValues:(NSDictionary *)values
{
BOOL hideReferrer;
- if (![self canLoadURL:URL fromReferrer:[self referrer] hideReferrer:&hideReferrer])
+ if (![self canLoadURL:URL fromReferrer:referrer hideReferrer:&hideReferrer])
return;
if ([target length] == 0) {
#import <WebKit/WebTextView.h>
#import <WebKit/WebAssertions.h>
-#import <Foundation/NSURLResponse.h>
-
+#import <WebKit/WebBridge.h>
#import <WebKit/WebDataSourcePrivate.h>
#import <WebKit/WebDocumentInternal.h>
+#import <WebKit/WebFramePrivate.h>
#import <WebKit/WebFrameView.h>
#import <WebKit/WebNSObjectExtras.h>
+#import <WebKit/WebNSURLExtras.h>
#import <WebKit/WebNSViewExtras.h>
#import <WebKit/WebPreferences.h>
#import <WebKit/WebTextRendererFactory.h>
#import <WebKit/WebViewPrivate.h>
+#import <Foundation/NSURLResponse.h>
+
+@interface NSTextView (AppKitSecret)
++ (NSURL *)_URLForString:(NSString *)string;
+@end
+
@interface WebTextView (ForwardDeclarations)
- (void)_updateTextSizeMultiplier;
@end
return resign;
}
+- (void)clickedOnLink:(id)link atIndex:(unsigned)charIndex
+{
+ NSURL *URL = nil;
+ if ([link isKindOfClass:[NSURL class]]) {
+ URL = (NSURL *)link;
+ } else if ([link isKindOfClass:[NSString class]]) {
+ URL = [[self class] _URLForString:(NSString *)link];
+ }
+ if (URL != nil) {
+ // Call the bridge because this is where our security checks are made.
+ WebFrame *frame = [[self _web_parentWebFrameView] webFrame];
+ [[frame _bridge] loadURL:URL
+ referrer:[[[[frame dataSource] request] URL] _web_originalDataAsString]
+ reload:NO
+ userGesture:YES
+ target:nil
+ triggeringEvent:[[self window] currentEvent]
+ form:nil
+ formValues:nil];
+ }
+}
+
#pragma mark PRINTING
- (void)drawPageBorderWithSize:(NSSize)borderSize
git://git.webkit.org / WebKit-https.git / commitdiff