Reviewed by cblu
authorkdecker <kdecker@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Jul 2005 23:06:10 +0000 (23:06 +0000)
committerkdecker <kdecker@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Jul 2005 23:06:10 +0000 (23:06 +0000)
Fixed: <rdar://problem/4122282> clicking a link in an PDF file opens the link with NSWorkspace without the usual security checks or WebView delegate control

        * WebView.subproj/WebFrame.m:
        (-[WebFrame _safeLoadURL:]): added
        * WebView.subproj/WebFrameInternal.h:
        * WebView.subproj/WebPDFView.m:
        (-[WebPDFView initWithFrame:]):
        (-[WebPDFView PDFViewWillClickOnLink:withURL:]): prevents evilness with a call to _safeLoadURL
        * WebView.subproj/WebTextView.m:
        (-[WebTextView clickedOnLink:atIndex:]): factored calling out to the bridge, and instead call _safeLoadURL

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@9782 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebKit/ChangeLog
WebKit/WebView.subproj/WebFrame.m
WebKit/WebView.subproj/WebFrameInternal.h
WebKit/WebView.subproj/WebPDFView.m
WebKit/WebView.subproj/WebTextView.m

index ec8ecdafcc7903ba4ccce4285b280c90923a63c8..401e898527f71cb53af6d51b40a60db1834aca52 100644 (file)
@@ -1,3 +1,18 @@
+2005-07-14  Kevin Decker  <kdecker@apple.com>
+
+        Reviewed by cblu
+
+       Fixed: <rdar://problem/4122282> clicking a link in an PDF file opens the link with NSWorkspace without the usual security checks or WebView delegate control
+
+        * WebView.subproj/WebFrame.m:
+        (-[WebFrame _safeLoadURL:]): added
+        * WebView.subproj/WebFrameInternal.h:
+        * WebView.subproj/WebPDFView.m:
+        (-[WebPDFView initWithFrame:]):
+        (-[WebPDFView PDFViewWillClickOnLink:withURL:]): prevents evilness with a call to _safeLoadURL
+        * WebView.subproj/WebTextView.m:
+        (-[WebTextView clickedOnLink:atIndex:]): factored calling out to the bridge, and instead call _safeLoadURL
+
 2005-07-14  Vicki Murley  <vicki@apple.com>
 
         Reviewed by Kocienda.
index 6f7ae850b7d6597864df6319d672826fb6e30b1f..3139377b21144dbb41c2203a2911b8bc5a0adfbb 100644 (file)
@@ -2647,6 +2647,19 @@ static CFAbsoluteTime _timeOfLastCompletedLoad;
     }
 }
 
+- (void)_safeLoadURL:(NSURL *)URL
+{
+   // Call the bridge because this is where our security checks are made.
+    [[self _bridge] loadURL:URL 
+                    referrer:[[[[self dataSource] request] URL] _web_originalDataAsString]
+                      reload:NO
+                 userGesture:YES       
+                      target:nil
+             triggeringEvent:[NSApp currentEvent]
+                        form:nil 
+                  formValues:nil];
+}
+
 - (void)_saveResourceAndSendRemainingDelegateMessagesWithRequest:(NSURLRequest *)request
                                                       identifier:(id)identifier 
                                                         response:(NSURLResponse *)response 
index 7863daddf5c4683867b1e652d241fa880c203566..c7e774fc2a5dd691cf7669eac5a538d226c69d3f 100644 (file)
@@ -39,6 +39,7 @@
 
 - (NSURLRequest *)_requestFromDelegateForRequest:(NSURLRequest *)request identifier:(id *)identifier error:(NSError **)error;
 - (void)_sendRemainingDelegateMessagesWithIdentifier:(id)identifier response:(NSURLResponse *)response length:(unsigned)length error:(NSError *)error;
+- (void)_safeLoadURL:(NSURL *)URL;
 - (void)_saveResourceAndSendRemainingDelegateMessagesWithRequest:(NSURLRequest *)request
                                                       identifier:(id)identifier 
                                                         response:(NSURLResponse *)response 
index 76ff0bedd699a09d7b8ab0ef3f4178f154943e02..1e5c28753f9eede990251700c33fe5d3211f5f02 100644 (file)
 #import <WebKit/WebDataSource.h>
 #import <WebKit/WebDocumentInternal.h>
 #import <WebKit/WebFrame.h>
+#import <WebKit/WebFrameInternal.h>
 #import <WebKit/WebLocalizableStrings.h>
 #import <WebKit/WebNSPasteboardExtras.h>
+#import <WebKit/WebNSViewExtras.h>
 #import <WebKit/WebPDFView.h>
 #import <WebKit/WebUIDelegate.h>
 #import <WebKit/WebView.h>
@@ -90,6 +92,7 @@ NSString *_NSPathForSystemFramework(NSString *framework);
         PDFSubview = [[[[self class] PDFViewClass] alloc] initWithFrame:frame];
         [PDFSubview setAutoresizingMask:NSViewWidthSizable|NSViewHeightSizable];
         [self addSubview:PDFSubview];
+        [PDFSubview setDelegate:self];
         written = NO;
     }
     return self;
@@ -438,6 +441,16 @@ static void applicationInfoForMIMEType(NSString *type, NSString **name, NSImage
     return [[PDFSubview document] getPrintOperationForPrintInfo:printInfo autoRotate:YES];
 }
 
+// Delegates implementing the following method will be called to handle clicks on URL
+// links within the PDFView.  
+- (void)PDFViewWillClickOnLink:(PDFView *)sender withURL:(NSURL *)URL
+{
+    if (URL != nil) {    
+        WebFrame *frame = [[self _web_parentWebFrameView] webFrame];
+        [frame _safeLoadURL:URL];
+    }
+}
+
 @end
 
 #endif // OMIT_TIGER_FEATURES
index fd7d735017f73d9ae6d8ca0f3a2deda6d82ed40f..b46acc30a6739dd8ada00393816503f62a81b895 100644 (file)
@@ -33,6 +33,8 @@
 #import <WebKit/WebDataSourcePrivate.h>
 #import <WebKit/WebDocumentInternal.h>
 #import <WebKit/WebFramePrivate.h>
+#import <WebKit/WebFrameInternal.h>
+
 #import <WebKit/WebFrameView.h>
 #import <WebKit/WebNSObjectExtras.h>
 #import <WebKit/WebNSURLExtras.h>
         URL = [[self class] _URLForString:(NSString *)link];
     }
     if (URL != nil) {    
-        // Call the bridge because this is where our security checks are made.
         WebFrame *frame = [[self _web_parentWebFrameView] webFrame];
-        [[frame _bridge] loadURL:URL 
-                        referrer:[[[[frame dataSource] request] URL] _web_originalDataAsString]
-                          reload:NO
-                     userGesture:YES       
-                          target:nil
-                 triggeringEvent:[[self window] currentEvent]
-                            form:nil 
-                      formValues:nil];
+        [frame _safeLoadURL:URL];
     }
 }