kiwix/libkiwix
1
0
Fork 0
mirror of https://github.com/kiwix/libkiwix.git synced 2025-08-03 02:06:05 -04:00
Code Issues Packages Projects Releases Wiki Activity

Handling of external app links in the viewer

Browse Source 
Links that should be handled/opened by external applications - such as email
addresses (mailto:), phone numbers (tel:), etc - are opened by the
viewer in a new tab/window, thus avoiding any issues with content
security policy.
This commit is contained in:
Veloman Yunkan 2024-09-05 18:20:15 +04:00
parent d5a44b913e
commit 16ebc6611b
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
static/skin/viewer.js
View File

@ -310,6 +310,12 @@ function blockLink(url) {
: url; : url;
} }
function urlMustBeHandledByAnExternalApp(url) {
const WHITELISTED_URL_SCHEMATA = ['http:', 'https:', 'about:', 'javascript:'];
return WHITELISTED_URL_SCHEMATA.indexOf(url.protocol) == -1;
}
function isExternalUrl(url) { function isExternalUrl(url) {
if ( url.startsWith(window.location.origin) ) if ( url.startsWith(window.location.origin) )
return false; return false;
@ -334,7 +340,13 @@ function onClickEvent(e) {
const target = matchingAncestorElement(e.target, iframeDocument, "a"); const target = matchingAncestorElement(e.target, iframeDocument, "a");
if (target !== null && "href" in target) { if (target !== null && "href" in target) {
const target_href = getRealHref(target); const target_href = getRealHref(target);
if (isExternalUrl(target_href)) { const target_url = new URL(target_href, iframeDocument.location);
const isExternalAppUrl = urlMustBeHandledByAnExternalApp(target_url);
if ( isExternalAppUrl && !viewerSettings.linkBlockingEnabled ) {
target.setAttribute("target", "_blank");
}
if (isExternalAppUrl || isExternalUrl(target_href)) {
const possiblyBlockedLink = blockLink(target_href); const possiblyBlockedLink = blockLink(target_href);
if ( e.ctrlKey || e.shiftKey ) { if ( e.ctrlKey || e.shiftKey ) {
// The link will be loaded in a new tab/window - update the link // The link will be loaded in a new tab/window - update the link
@ -343,6 +355,7 @@ function onClickEvent(e) {
} else { } else {
// Load the external URL in the viewer window (rather than iframe) // Load the external URL in the viewer window (rather than iframe)
contentIframe.contentWindow.parent.location = possiblyBlockedLink; contentIframe.contentWindow.parent.location = possiblyBlockedLink;
e.preventDefault();
} }
} }
} }

4
test/server.cpp
View File

@ -75,7 +75,7 @@ const ResourceCollection resources200Compressible{
{ DYNAMIC_CONTENT, "/ROOT%23%3F/skin/taskbar.css" }, { DYNAMIC_CONTENT, "/ROOT%23%3F/skin/taskbar.css" },
{ STATIC_CONTENT, "/ROOT%23%3F/skin/taskbar.css?cacheid=80d56607" }, { STATIC_CONTENT, "/ROOT%23%3F/skin/taskbar.css?cacheid=80d56607" },
{ DYNAMIC_CONTENT, "/ROOT%23%3F/skin/viewer.js" }, { DYNAMIC_CONTENT, "/ROOT%23%3F/skin/viewer.js" },
{ STATIC_CONTENT, "/ROOT%23%3F/skin/viewer.js?cacheid=5fc4badf" }, { STATIC_CONTENT, "/ROOT%23%3F/skin/viewer.js?cacheid=215635fd" },
{ DYNAMIC_CONTENT, "/ROOT%23%3F/skin/fonts/Poppins.ttf" }, { DYNAMIC_CONTENT, "/ROOT%23%3F/skin/fonts/Poppins.ttf" },
{ STATIC_CONTENT, "/ROOT%23%3F/skin/fonts/Poppins.ttf?cacheid=af705837" }, { STATIC_CONTENT, "/ROOT%23%3F/skin/fonts/Poppins.ttf?cacheid=af705837" },
{ DYNAMIC_CONTENT, "/ROOT%23%3F/skin/fonts/Roboto.ttf" }, { DYNAMIC_CONTENT, "/ROOT%23%3F/skin/fonts/Roboto.ttf" },
@ -324,7 +324,7 @@ R"EXPECTEDRESULT( <link type="text/css" href="./skin/kiwix.css?cacheid=2158fa
<script type="text/javascript" src="./skin/polyfills.js?cacheid=a0e0343d"></script> <script type="text/javascript" src="./skin/polyfills.js?cacheid=a0e0343d"></script>
<script type="module" src="./skin/i18n.js?cacheid=071abc9a" defer></script> <script type="module" src="./skin/i18n.js?cacheid=071abc9a" defer></script>
<script type="text/javascript" src="./skin/languages.js?cacheid=ee7d95b5" defer></script> <script type="text/javascript" src="./skin/languages.js?cacheid=ee7d95b5" defer></script>
<script type="text/javascript" src="./skin/viewer.js?cacheid=5fc4badf" defer></script> <script type="text/javascript" src="./skin/viewer.js?cacheid=215635fd" defer></script>
<script type="text/javascript" src="./skin/autoComplete/autoComplete.min.js?cacheid=1191aaaf"></script> <script type="text/javascript" src="./skin/autoComplete/autoComplete.min.js?cacheid=1191aaaf"></script>
const blankPageUrl = root + "/skin/blank.html?cacheid=6b1fa032"; const blankPageUrl = root + "/skin/blank.html?cacheid=6b1fa032";
<label for="kiwix_button_show_toggle"><img src="./skin/caret.png?cacheid=22b942b4" alt=""></label> <label for="kiwix_button_show_toggle"><img src="./skin/caret.png?cacheid=22b942b4" alt=""></label>