diff options
| author | Sebastian Geerken <devnull@localhost> | 2014-04-09 15:11:58 +0200 |
|---|---|---|
| committer | Sebastian Geerken <devnull@localhost> | 2014-04-09 15:11:58 +0200 |
| commit | 78f994b717711a902944ef804c7df54567584711 (patch) | |
| tree | f4fb300a2cf46ad5c6f3059af92a15b9a37d9ade /src | |
| parent | 9de46071dab2c8b8b9cbf033f472c8d7073caca6 (diff) | |
| parent | d7b2163db989b8d9d3eab0c1ea35b08b392bb305 (diff) | |
Merge with main repo.
Diffstat (limited to 'src')
| -rw-r--r-- | src/IO/about.c | 50 | ||||
| -rw-r--r-- | src/domain.c | 16 | ||||
| -rw-r--r-- | src/html.cc | 12 | ||||
| -rw-r--r-- | src/plain.cc | 2 | ||||
| -rw-r--r-- | src/prefs.c | 2 | ||||
| -rw-r--r-- | src/styleengine.cc | 64 | ||||
| -rw-r--r-- | src/styleengine.hh | 5 | ||||
| -rw-r--r-- | src/web.cc | 2 |
8 files changed, 88 insertions, 65 deletions
diff --git a/src/IO/about.c b/src/IO/about.c index ef0457db..22999b79 100644 --- a/src/IO/about.c +++ b/src/IO/about.c @@ -230,33 +230,26 @@ const char *const AboutSplash= "<tr>\n" " <td bgcolor='#CCCCCC'>\n" " <h4>Release overview</h4>\n" -" April 17, 2013\n" +" April ??, 2014\n" "<tr>\n" " <td bgcolor='#FFFFFF'>\n" " <table border='0' cellspacing='0' cellpadding='5'>\n" " <tr>\n" " <td>\n" "<p>\n" -"dillo-3.0.3 adds some nice new features, as listed below.\n" +"dillo-3.0.4 adds some nice new features, as listed below.\n" "<p>\n" -"This release comes with <b>configurable UI colors</b> in\n" -"<a href='http://www.dillo.org/dillorc'>dillorc</a>.\n" -"Packagers should set the theme that better fits the distro, and\n" -"end users may tweak freely if they like!\n" +"This release comes with better <b>text rendering</b> in the form of\n" +"some linebreaking fixes, and optimization for non-justified text,\n" +"including a new preference stretchability_factor.\n" "<p>\n" -"In order to use the <b>hyphenation</b> feature, pattern files from CTAN\n" -"need to be installed. Most probably your packager did it for you. If not\n" -"enabled, just follow directions from the README file.\n" +"It also comes with support for a few <b>HTML5</b> elements and better CSS\n" +"including background <b>images.</b>\n" "<p>\n" -"A new <a href='http://www.dillo.org/domainrc'>domainrc</a> mechanism has\n" -"been introduced to provide finer-grained control over automatic requests\n" -"for third-party resources, and the old filter_auto_requests dillorc option\n" -"has been removed. This makes it easier to block ads and trackers but permit\n" -"legitimate use such as wikipedia pulling images from wikimedia.org.\n" +"It has enhanced <b>security</b> by fixing a set of potentially exploitable\n" +"code patterns reported by the Oulu University Secure Programming Group.\n" "<p>\n" -"Dillo3 uses the FLTK GUI toolkit's 1.3.x series, whose release\n" -"cleared the way for Dillo to return to those distributions\n" -"which had excluded Dillo2 due to FLTK2 never being officially released.\n" +"Finally it also fixes compiling on HURD and IRIX\n" "<p>\n" "The core team welcomes developers willing to join our workforce.\n" "<p>\n" @@ -280,10 +273,25 @@ const char *const AboutSplash= " <tr>\n" " <td>\n" "<ul>\n" -"<li>Automatic hyphenation (includes penalty_* preferences that control line-breaking).\n" -"<li>Added the domainrc mechanism.\n" -"<li>Added user interface color preferences (ui_*).\n" -"<li>Support for CSS display property.\n" +"<li> OPTGROUP and INS elements.\n" +"<li> Added some HTML5 elements.\n" +"<li> Added show_ui_tooltip preference (BUG#1140).\n" +"<li> Make embedding into other applications more reliable (BUG#1127).\n" +"<li> Add search from address bar.\n" +"<li> Better scaling (down) of images, even with consideration of gamma \n" +" correction.\n" +"<li> Some linebreaking fixes, and optimization for non-justified text,\n" +" including new preference stretchability_factor.\n" +"<li> Added white_bg_replacement preference.\n" +"<li> Implemented background images (except 'background-attachment'), added\n" +" load_background_images preference, as well as a new entry in the tools\n" +" menu.\n" +"<li> Fix a set of bugs reported by Oulu Univ. Secure Programming Group\n" +" (HTML parsing, URL resolution, GIF processing, etc.)\n" +"<li> Made show_url dillorc option work again (BUG#1128)\n" +"<li> Fix compiling on Hurd.\n" +"<li> Avoid Dpid children becoming zombies.\n" +"<li> Fix compiling on IRIX with MIPSpro compiler.\n" "</ul>\n" " </table>\n" "</table>\n" diff --git a/src/domain.c b/src/domain.c index 70cdaaa3..ea5c4948 100644 --- a/src/domain.c +++ b/src/domain.c @@ -125,9 +125,13 @@ bool_t a_Domain_permit(const DilloUrl *source, const DilloUrl *dest) source_host = URL_HOST(source); dest_host = URL_HOST(dest); - if (dest_host[0] == '\0') - return source_host[0] == '\0' || - !dStrAsciiCasecmp(URL_SCHEME(dest), "data"); + if (dest_host[0] == '\0') { + ret = source_host[0] == '\0' || + !dStrAsciiCasecmp(URL_SCHEME(dest), "data"); + if (ret == FALSE) + MSG("Domain: DENIED from %s to %s.\n", source_host, URL_STR(dest)); + return ret; + } if (a_Url_same_organization(source, dest)) return TRUE; @@ -144,8 +148,10 @@ bool_t a_Domain_permit(const DilloUrl *source, const DilloUrl *dest) } } - if (ret == FALSE) - MSG("Domain: DENIED from %s to %s.\n", source_host, dest_host); + if (ret == FALSE) { + const char *src = source_host[0] ? source_host : URL_STR(source); + MSG("Domain: DENIED from %s to %s.\n", src, dest_host); + } return ret; } diff --git a/src/html.cc b/src/html.cc index 3b49fae8..9224f43b 100644 --- a/src/html.cc +++ b/src/html.cc @@ -405,7 +405,7 @@ DilloHtml::DilloHtml(BrowserWindow *p_bw, const DilloUrl *url, DocType = DT_NONE; /* assume Tag Soup 0.0! :-) */ DocTypeVersion = 0.0f; - styleEngine = new StyleEngine (HT2LT (this), base_url); + styleEngine = new StyleEngine (HT2LT (this), page_url, base_url); cssUrls = new misc::SimpleVector <DilloUrl*> (1); @@ -644,10 +644,12 @@ void DilloHtml::loadImages (const DilloUrl *pattern) { dReturn_if (a_Bw_expecting(bw)); - /* If the user asked for a specific URL, the user (NULL) is the requester, - * but if the user just asked for all URLs, use the page URL as the - * requester. If the possible patterns become more complex, it might be - * good to have the caller supply the requester instead. + /* If the user asked for a specific image, the user (NULL) is the requester, + * and the domain mechanism will always permit the request. But if the user + * just asked for all images (clicking "Load images"), use the page URL as + * the requester so that the domain mechanism can act as a filter. + * If the possible patterns become more complex, it might be good to have + * the caller supply the requester instead. */ const DilloUrl *requester = pattern ? NULL : this->page_url; diff --git a/src/plain.cc b/src/plain.cc index 810efda1..ab080886 100644 --- a/src/plain.cc +++ b/src/plain.cc @@ -96,7 +96,7 @@ DilloPlain::DilloPlain(BrowserWindow *p_bw) Layout *layout = (Layout*) bw->render_layout; // TODO (1x) No URL? - StyleEngine styleEngine (layout, NULL); + StyleEngine styleEngine (layout, NULL, NULL); styleEngine.startElement ("body", bw); styleEngine.startElement ("pre", bw); diff --git a/src/prefs.c b/src/prefs.c index 257e4a05..cd13aac8 100644 --- a/src/prefs.c +++ b/src/prefs.c @@ -68,7 +68,7 @@ void a_Prefs_init(void) prefs.http_user_agent = dStrdup(PREFS_HTTP_USER_AGENT); prefs.limit_text_width = FALSE; prefs.load_images=TRUE; - prefs.load_background_images=TRUE; + prefs.load_background_images=FALSE; prefs.load_stylesheets=TRUE; prefs.middle_click_drags_page = TRUE; prefs.middle_click_opens_new_tab = TRUE; diff --git a/src/styleengine.cc b/src/styleengine.cc index 27412019..024ef56d 100644 --- a/src/styleengine.cc +++ b/src/styleengine.cc @@ -58,7 +58,8 @@ void StyleImageDeletionReceiver::deleted (lout::signal::ObservedObject *object) // ---------------------------------------------------------------------- -StyleEngine::StyleEngine (dw::core::Layout *layout, const DilloUrl *baseUrl) { +StyleEngine::StyleEngine (dw::core::Layout *layout, + const DilloUrl *pageUrl, const DilloUrl *baseUrl) { StyleAttrs style_attrs; FontAttrs font_attrs; @@ -67,7 +68,8 @@ StyleEngine::StyleEngine (dw::core::Layout *layout, const DilloUrl *baseUrl) { cssContext = new CssContext (); buildUserStyle (); this->layout = layout; - this->baseUrl = baseUrl; + this->pageUrl = pageUrl ? a_Url_dup(pageUrl) : NULL; + this->baseUrl = baseUrl ? a_Url_dup(baseUrl) : NULL; importDepth = 0; stackPush (); @@ -100,6 +102,9 @@ StyleEngine::~StyleEngine () { stackPop (); // dummy node on the bottom of the stack assert (stack->size () == 0); + a_Url_free(pageUrl); + a_Url_free(baseUrl); + delete stack; delete doctree; delete cssContext; @@ -356,6 +361,7 @@ void StyleEngine::apply (int i, StyleAttrs *attrs, CssPropertyList *props, Font *parentFont = stack->get (i - 1).style->font; char *c, *fontName; int lineHeight; + DilloUrl *imgUrl = NULL; /* Determine font first so it can be used to resolve relative lengths. */ for (int i = 0; i < props->size (); i++) { @@ -523,33 +529,8 @@ void StyleEngine::apply (int i, StyleAttrs *attrs, CssPropertyList *props, Color::create(layout, prefs.white_bg_replacement); break; case CSS_PROPERTY_BACKGROUND_IMAGE: - if (prefs.load_background_images) - { - // p->value.strVal should be absolute, so baseUrl is not needed - DilloUrl *imgUrl = a_Url_new (p->value.strVal, NULL); - - attrs->backgroundImage = StyleImage::create(); - DilloImage *image = - a_Image_new(layout, - (void*)attrs->backgroundImage - ->getMainImgRenderer(), - 0xffffff); - - DilloWeb *web = a_Web_new(bw, imgUrl, baseUrl); - web->Image = image; - a_Image_ref(image); - web->flags |= WEB_Image; - - int clientKey; - if ((clientKey = a_Capi_open_url(web, NULL, NULL)) != 0) { - a_Bw_add_client(bw, clientKey, 0); - a_Bw_add_url(bw, imgUrl); - attrs->backgroundImage->connectDeletion - (new StyleImageDeletionReceiver (clientKey)); - } - - a_Url_free (imgUrl); - } + // p->value.strVal should be absolute, so baseUrl is not needed + imgUrl = a_Url_new (p->value.strVal, NULL); break; case CSS_PROPERTY_BACKGROUND_POSITION: computeLength (&attrs->backgroundPositionX, p->value.posVal->posX, @@ -748,6 +729,31 @@ void StyleEngine::apply (int i, StyleAttrs *attrs, CssPropertyList *props, } } + if (imgUrl && prefs.load_background_images && attrs->display != DISPLAY_NONE) + { + attrs->backgroundImage = StyleImage::create(); + DilloImage *image = + a_Image_new(layout, + (void*)attrs->backgroundImage + ->getMainImgRenderer(), + 0xffffff); + + // we use the pageUrl as requester to prevent cross + // domain requests as specified in domainrc + DilloWeb *web = a_Web_new(bw, imgUrl, pageUrl); + web->Image = image; + a_Image_ref(image); + web->flags |= WEB_Image; + + int clientKey; + if ((clientKey = a_Capi_open_url(web, NULL, NULL)) != 0) { + a_Bw_add_client(bw, clientKey, 0); + a_Bw_add_url(bw, imgUrl); + attrs->backgroundImage->connectDeletion + (new StyleImageDeletionReceiver (clientKey)); + } + } + a_Url_free (imgUrl); } /** diff --git a/src/styleengine.hh b/src/styleengine.hh index 59c17a1a..41f892d7 100644 --- a/src/styleengine.hh +++ b/src/styleengine.hh @@ -35,7 +35,7 @@ class StyleEngine { CssContext *cssContext; Doctree *doctree; int importDepth; - const DilloUrl *baseUrl; + DilloUrl *pageUrl, *baseUrl; void stackPush (); void stackPop (); @@ -66,7 +66,8 @@ class StyleEngine { public: static void init (); - StyleEngine (dw::core::Layout *layout, const DilloUrl *baseUrl); + StyleEngine (dw::core::Layout *layout, + const DilloUrl *pageUrl, const DilloUrl *baseUrl); ~StyleEngine (); void parse (DilloHtml *html, DilloUrl *url, const char *buf, int buflen, @@ -73,7 +73,7 @@ int a_Web_dispatch_by_type (const char *Type, DilloWeb *Web, style::createPerLength (0)); /* Set a style for the widget */ - StyleEngine styleEngine (layout, Web->url); + StyleEngine styleEngine (layout, Web->url, Web->url); styleEngine.startElement ("body", Web->bw); dw = (Widget*) viewer(Type, Web, Call, Data); |