mirrors/zotero
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Disable JS in hidden browser when indexing HTML files without a charset

Browse source 
This could cause imports that linked to HTML files to hang, possibly
from network requests that failed.
This commit is contained in:
Dan Stillman 2018-06-18 20:17:37 -04:00
parent 9b9fe098d9
commit 2a7f31813e
4 changed files with 40 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
chrome/content/zotero/xpcom/attachments.js
View file

@ -1536,7 +1536,12 @@ Zotero.Attachments = new function(){
// Otherwise, load in a hidden browser to get the charset, and then index the document // Otherwise, load in a hidden browser to get the charset, and then index the document
var deferred = Zotero.Promise.defer(); var deferred = Zotero.Promise.defer();
var browser = Zotero.Browser.createHiddenBrowser(); var browser = Zotero.Browser.createHiddenBrowser(
null,
// Disable JavaScript, since it can cause imports that include HTML files to hang
// (from network requests that fail?)
{ allowJavaScript: false }
);
if (item.attachmentCharset) { if (item.attachmentCharset) {
var onpageshow = function(){ var onpageshow = function(){

4
chrome/content/zotero/xpcom/zotero.js
View file

@ -2768,7 +2768,7 @@ Zotero.DragDrop = {
Zotero.Browser = new function() { Zotero.Browser = new function() {
var nBrowsers = 0; var nBrowsers = 0;
this.createHiddenBrowser = function (win) { this.createHiddenBrowser = function (win, options = {}) {
if (!win) { if (!win) {
win = Services.wm.getMostRecentWindow("navigator:browser"); win = Services.wm.getMostRecentWindow("navigator:browser");
if (!win) { if (!win) {
@ -2794,7 +2794,7 @@ Zotero.Browser = new function() {
hiddenBrowser.docShell.allowAuth = false; hiddenBrowser.docShell.allowAuth = false;
hiddenBrowser.docShell.allowDNSPrefetch = false; hiddenBrowser.docShell.allowDNSPrefetch = false;
hiddenBrowser.docShell.allowImages = false; hiddenBrowser.docShell.allowImages = false;
hiddenBrowser.docShell.allowJavascript = true; hiddenBrowser.docShell.allowJavascript = options.allowJavaScript !== false
hiddenBrowser.docShell.allowMetaRedirects = false; hiddenBrowser.docShell.allowMetaRedirects = false;
hiddenBrowser.docShell.allowPlugins = false; hiddenBrowser.docShell.allowPlugins = false;
Zotero.debug("Created hidden browser (" + (nBrowsers++) + ")"); Zotero.debug("Created hidden browser (" + (nBrowsers++) + ")");

19
test/tests/attachmentsTest.js
View file

@ -149,6 +149,25 @@ describe("Zotero.Attachments", function() {
assert.lengthOf(matches, 1); assert.lengthOf(matches, 1);
assert.propertyVal(matches[0], 'id', attachment.id); assert.propertyVal(matches[0], 'id', attachment.id);
}); });
// This isn't particularly the behavior we want, but it documents the expected behavior
it("shouldn't index JavaScript-created text in an HTML file when the charset isn't known in advance", async function () {
var item = await createDataObject('item');
var file = getTestDataDirectory();
file.append('test-js.html');
var attachment = await Zotero.Attachments.importSnapshotFromFile({
title: 'Snapshot',
url: 'http://example.com',
file,
parentItemID: item.id,
contentType: 'text/html'
});
assert.equal(attachment.attachmentCharset, 'utf-8');
var matches = await Zotero.Fulltext.findTextInItems([attachment.id], 'test');
assert.lengthOf(matches, 0);
});
}); });
describe("#linkFromDocument", function () { describe("#linkFromDocument", function () {

13
test/tests/data/test-js.html Normal file
View file

@ -0,0 +1,13 @@
<html>
<head>
<meta charset="utf-8"/>
</head>
<script>
window.onload = function () {
document.getElementById('target').textContent = 'This is a test.';
};
</script>
<body>
<p id="target"/>
</body>
</html>