diff options
| -rw-r--r-- | embed/ephy-embed-utils.c | 22 | ||||
| -rw-r--r-- | embed/ephy-embed-utils.h | 2 | ||||
| -rw-r--r-- | lib/ephy-web-app-utils.c | 31 | ||||
| -rw-r--r-- | lib/ephy-web-app-utils.h | 2 | ||||
| -rw-r--r-- | src/ephy-window.c | 7 |
5 files changed, 33 insertions, 31 deletions
diff --git a/embed/ephy-embed-utils.c b/embed/ephy-embed-utils.c index be9389630..963569a96 100644 --- a/embed/ephy-embed-utils.c +++ b/embed/ephy-embed-utils.c @@ -387,28 +387,6 @@ ephy_embed_utils_get_title_from_address (const char *address) return ephy_string_get_host_name (address); } -gboolean -ephy_embed_utils_urls_have_same_origin (const char *a_url, - const char *b_url) -{ - SoupURI *a_uri, *b_uri; - gboolean retval = FALSE; - - a_uri = soup_uri_new (a_url); - if (!a_uri) - return retval; - - b_uri = soup_uri_new (b_url); - if (b_uri) { - retval = a_uri->host && b_uri->host && soup_uri_host_equal (a_uri, b_uri); - soup_uri_free (b_uri); - } - - soup_uri_free (a_uri); - - return retval; -} - void ephy_embed_utils_shutdown (void) { diff --git a/embed/ephy-embed-utils.h b/embed/ephy-embed-utils.h index 3f99b7d89..9f1a7324d 100644 --- a/embed/ephy-embed-utils.h +++ b/embed/ephy-embed-utils.h @@ -46,8 +46,6 @@ char * ephy_embed_utils_normalize_or_autosearch_address (const char *add gboolean ephy_embed_utils_url_is_empty (const char *location); gboolean ephy_embed_utils_is_no_show_address (const char *address); char *ephy_embed_utils_get_title_from_address (const char *address); -gboolean ephy_embed_utils_urls_have_same_origin (const char *a_url, - const char *b_url); void ephy_embed_utils_shutdown (void); G_END_DECLS diff --git a/lib/ephy-web-app-utils.c b/lib/ephy-web-app-utils.c index 97f3f2420..63596f0b9 100644 --- a/lib/ephy-web-app-utils.c +++ b/lib/ephy-web-app-utils.c @@ -759,14 +759,43 @@ ephy_web_application_initialize_settings (const char *profile_directory) g_free (name); } +static gboolean +urls_have_same_origin (const char *a_url, + const char *b_url) +{ + SoupURI *a_uri, *b_uri; + gboolean retval = FALSE; + + a_uri = soup_uri_new (a_url); + if (!a_uri) + return retval; + + b_uri = soup_uri_new (b_url); + if (b_uri) { + retval = a_uri->host && b_uri->host && soup_uri_host_equal (a_uri, b_uri); + soup_uri_free (b_uri); + } + + soup_uri_free (a_uri); + + return retval; +} + gboolean -ephy_web_application_is_uri_allowed (const char* uri) +ephy_web_application_is_uri_allowed (const char *uri, + const char *referrer) { SoupURI *request_uri; char **urls; guint i; gboolean matched = FALSE; + if (g_str_has_prefix (uri, "blob:") || g_str_has_prefix (uri, "data:")) + return TRUE; + + if (urls_have_same_origin (uri, referrer)) + return TRUE; + if (g_strcmp0 (uri, "about:blank") == 0) return TRUE; diff --git a/lib/ephy-web-app-utils.h b/lib/ephy-web-app-utils.h index 18cba3939..3080f9970 100644 --- a/lib/ephy-web-app-utils.h +++ b/lib/ephy-web-app-utils.h @@ -67,7 +67,7 @@ void ephy_web_application_free_application_list (GList *list); void ephy_web_application_initialize_settings (const char *profile_directory); -gboolean ephy_web_application_is_uri_allowed (const char* uri); +gboolean ephy_web_application_is_uri_allowed (const char *uri, const char *referrer); gboolean ephy_web_application_save (EphyWebApplication *app); diff --git a/src/ephy-window.c b/src/ephy-window.c index b0d6d3ff1..a8ee5a5c0 100644 --- a/src/ephy-window.c +++ b/src/ephy-window.c @@ -2079,8 +2079,7 @@ decide_navigation_policy (WebKitWebView *web_view, referrer = (char *)g_object_get_data (G_OBJECT (window), "referrer"); - if (ephy_embed_utils_urls_have_same_origin (uri, referrer) || - ephy_web_application_is_uri_allowed (uri)) { + if (ephy_web_application_is_uri_allowed (uri, referrer)) { gtk_widget_show (GTK_WIDGET (window)); } else { /* We can't get here under flatpak because this code only @@ -2099,10 +2098,8 @@ decide_navigation_policy (WebKitWebView *web_view, if (navigation_type == WEBKIT_NAVIGATION_TYPE_LINK_CLICKED || (navigation_type == WEBKIT_NAVIGATION_TYPE_OTHER && webkit_navigation_action_is_user_gesture (navigation_action))) { - if (ephy_embed_utils_urls_have_same_origin (uri, webkit_web_view_get_uri (web_view)) || - ephy_web_application_is_uri_allowed (uri)) { + if (ephy_web_application_is_uri_allowed (uri, webkit_web_view_get_uri (web_view))) return FALSE; - } /* We can't get here under flatpak because this code only * executes in web app mode. |