Disable JS in hidden browser when indexing HTML files without a charset
This could cause imports that linked to HTML files to hang, possibly from network requests that failed.
This commit is contained in:
Dan Stillman
parent
9b9fe098d9
commit
2a7f31813e
4 changed files with 40 additions and 3 deletions
|
|
@ -1536,7 +1536,12 @@ Zotero.Attachments = new function(){
|
|||
|
||||
// Otherwise, load in a hidden browser to get the charset, and then index the document
|
||||
var deferred = Zotero.Promise.defer();
|
||||
var browser = Zotero.Browser.createHiddenBrowser();
|
||||
var browser = Zotero.Browser.createHiddenBrowser(
|
||||
null,
|
||||
// Disable JavaScript, since it can cause imports that include HTML files to hang
|
||||
// (from network requests that fail?)
|
||||
{ allowJavaScript: false }
|
||||
);
|
||||
|
||||
if (item.attachmentCharset) {
|
||||
var onpageshow = function(){
|
||||
|
|
|
|||
|
|
@ -2768,7 +2768,7 @@ Zotero.DragDrop = {
|
|||
Zotero.Browser = new function() {
|
||||
var nBrowsers = 0;
|
||||
|
||||
this.createHiddenBrowser = function (win) {
|
||||
this.createHiddenBrowser = function (win, options = {}) {
|
||||
if (!win) {
|
||||
win = Services.wm.getMostRecentWindow("navigator:browser");
|
||||
if (!win) {
|
||||
|
|
@ -2794,7 +2794,7 @@ Zotero.Browser = new function() {
|
|||
hiddenBrowser.docShell.allowAuth = false;
|
||||
hiddenBrowser.docShell.allowDNSPrefetch = false;
|
||||
hiddenBrowser.docShell.allowImages = false;
|
||||
hiddenBrowser.docShell.allowJavascript = true;
|
||||
hiddenBrowser.docShell.allowJavascript = options.allowJavaScript !== false
|
||||
hiddenBrowser.docShell.allowMetaRedirects = false;
|
||||
hiddenBrowser.docShell.allowPlugins = false;
|
||||
Zotero.debug("Created hidden browser (" + (nBrowsers++) + ")");
|
||||
|
|
|
|||
|
|
@ -149,6 +149,25 @@ describe("Zotero.Attachments", function() {
|
|||
assert.lengthOf(matches, 1);
|
||||
assert.propertyVal(matches[0], 'id', attachment.id);
|
||||
});
|
||||
|
||||
// This isn't particularly the behavior we want, but it documents the expected behavior
|
||||
it("shouldn't index JavaScript-created text in an HTML file when the charset isn't known in advance", async function () {
|
||||
var item = await createDataObject('item');
|
||||
var file = getTestDataDirectory();
|
||||
file.append('test-js.html');
|
||||
var attachment = await Zotero.Attachments.importSnapshotFromFile({
|
||||
title: 'Snapshot',
|
||||
url: 'http://example.com',
|
||||
file,
|
||||
parentItemID: item.id,
|
||||
contentType: 'text/html'
|
||||
});
|
||||
|
||||
assert.equal(attachment.attachmentCharset, 'utf-8');
|
||||
|
||||
var matches = await Zotero.Fulltext.findTextInItems([attachment.id], 'test');
|
||||
assert.lengthOf(matches, 0);
|
||||
});
|
||||
});
|
||||
|
||||
describe("#linkFromDocument", function () {
|
||||
|
|
|
|||
13
test/tests/data/test-js.html
Normal file
13
test/tests/data/test-js.html
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8"/>
|
||||
</head>
|
||||
<script>
|
||||
window.onload = function () {
|
||||
document.getElementById('target').textContent = 'This is a test.';
|
||||
};
|
||||
</script>
|
||||
<body>
|
||||
<p id="target"/>
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Reference in a new issue