From b86b6c04ea620a04784f4f0bfca478520761e56d Mon Sep 17 00:00:00 2001
From: cblu <cblu@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue, 17 May 2005 17:55:47 +0000
Subject: [PATCH] 	Fixed: <rdar://problem/4119282> clicking a link in an
 RTF file opens the link with NSWorkspace without the usual security checks or
 WebView delegate control

        Reviewed by mjs.

        * WebCoreSupport.subproj/WebBridge.m:
        (-[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:]): pass the passed referrer to canLoadURL::: not [self referrer]
        (-[WebBridge postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]): ditto
        * WebView.subproj/WebTextView.m:
        (-[WebTextView clickedOnLink:atIndex:]): call the loadURL bridge method so that security checks are made, command/option clicks work, policy delegate is consulted etc.


git-svn-id: https://svn.webkit.org/repository/webkit/trunk@9177 268f45cc-cd09-0410-ab3c-d52691b4dbfc
---
 WebKit/ChangeLog                          | 12 +++++++++
 WebKit/WebCoreSupport.subproj/WebBridge.m |  4 +--
 WebKit/WebView.subproj/WebTextView.m      | 33 +++++++++++++++++++++--
 3 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index d1861dcca77e..00c057b51c85 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,15 @@
+2005-05-17  Chris Blumenberg  <cblu@apple.com>
+	
+	Fixed: <rdar://problem/4119282> clicking a link in an RTF file opens the link with NSWorkspace without the usual security checks or WebView delegate control
+
+        Reviewed by mjs.
+
+        * WebCoreSupport.subproj/WebBridge.m:
+        (-[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:]): pass the passed referrer to canLoadURL::: not [self referrer]
+        (-[WebBridge postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]): ditto
+        * WebView.subproj/WebTextView.m:
+        (-[WebTextView clickedOnLink:atIndex:]): call the loadURL bridge method so that security checks are made, command/option clicks work, policy delegate is consulted etc.
+
 2005-05-17  Chris Blumenberg  <cblu@apple.com>
 
 	Fixed: <rdar://problem/4120255> web archives on remote servers can be viewed directly (with major security issues); should download instead
diff --git a/WebKit/WebCoreSupport.subproj/WebBridge.m b/WebKit/WebCoreSupport.subproj/WebBridge.m
index 17a6886cf27f..4253e073c3fd 100644
--- a/WebKit/WebCoreSupport.subproj/WebBridge.m
+++ b/WebKit/WebCoreSupport.subproj/WebBridge.m
@@ -627,7 +627,7 @@ NSString *WebPluginContainerKey =   @"WebPluginContainer";
 - (void)loadURL:(NSURL *)URL referrer:(NSString *)referrer reload:(BOOL)reload userGesture:(BOOL)forUser target:(NSString *)target triggeringEvent:(NSEvent *)event form:(DOMElement *)form formValues:(NSDictionary *)values
 {
     BOOL hideReferrer;
-    if (![self canLoadURL:URL fromReferrer:[self referrer] hideReferrer:&hideReferrer])
+    if (![self canLoadURL:URL fromReferrer:referrer hideReferrer:&hideReferrer])
         return;
 
     if ([target length] == 0) {
@@ -657,7 +657,7 @@ NSString *WebPluginContainerKey =   @"WebPluginContainer";
 - (void)postWithURL:(NSURL *)URL referrer:(NSString *)referrer target:(NSString *)target data:(NSArray *)postData contentType:(NSString *)contentType triggeringEvent:(NSEvent *)event form:(DOMElement *)form formValues:(NSDictionary *)values
 {
     BOOL hideReferrer;
-    if (![self canLoadURL:URL fromReferrer:[self referrer] hideReferrer:&hideReferrer])
+    if (![self canLoadURL:URL fromReferrer:referrer hideReferrer:&hideReferrer])
         return;
 
     if ([target length] == 0) {
diff --git a/WebKit/WebView.subproj/WebTextView.m b/WebKit/WebView.subproj/WebTextView.m
index 5d126fee8bdc..6ccf58348c82 100644
--- a/WebKit/WebView.subproj/WebTextView.m
+++ b/WebKit/WebView.subproj/WebTextView.m
@@ -6,17 +6,24 @@
 #import <WebKit/WebTextView.h>
 
 #import <WebKit/WebAssertions.h>
-#import <Foundation/NSURLResponse.h>
-
+#import <WebKit/WebBridge.h>
 #import <WebKit/WebDataSourcePrivate.h>
 #import <WebKit/WebDocumentInternal.h>
+#import <WebKit/WebFramePrivate.h>
 #import <WebKit/WebFrameView.h>
 #import <WebKit/WebNSObjectExtras.h>
+#import <WebKit/WebNSURLExtras.h>
 #import <WebKit/WebNSViewExtras.h>
 #import <WebKit/WebPreferences.h>
 #import <WebKit/WebTextRendererFactory.h>
 #import <WebKit/WebViewPrivate.h>
 
+#import <Foundation/NSURLResponse.h>
+
+@interface NSTextView (AppKitSecret)
++ (NSURL *)_URLForString:(NSString *)string;
+@end
+
 @interface WebTextView (ForwardDeclarations)
 - (void)_updateTextSizeMultiplier;
 @end
@@ -327,6 +334,28 @@
     return resign;
 }
 
+- (void)clickedOnLink:(id)link atIndex:(unsigned)charIndex
+{
+    NSURL *URL = nil;
+    if ([link isKindOfClass:[NSURL class]]) {
+        URL = (NSURL *)link;
+    } else if ([link isKindOfClass:[NSString class]]) {
+        URL = [[self class] _URLForString:(NSString *)link];
+    }
+    if (URL != nil) {    
+        // Call the bridge because this is where our security checks are made.
+        WebFrame *frame = [[self _web_parentWebFrameView] webFrame];
+        [[frame _bridge] loadURL:URL 
+                        referrer:[[[[frame dataSource] request] URL] _web_originalDataAsString]
+                          reload:NO
+                     userGesture:YES       
+                          target:nil
+                 triggeringEvent:[[self window] currentEvent]
+                            form:nil 
+                      formValues:nil];
+    }
+}
+
 #pragma mark PRINTING
 
 - (void)drawPageBorderWithSize:(NSSize)borderSize
-- 
2.36.0