Allow disabling JavaScript in basic viewer (#3089)
And: - Prevent JavaScript inside notes from executing in reports - Update calls to openInViewer() to pass an options object
This commit is contained in:
Abe Jellinek
GitHub
parent
78a81f321a
commit
c7d30ebde4
7 changed files with 69 additions and 42 deletions
|
|
@ -140,7 +140,8 @@ Zotero_Preferences.Cite = {
|
||||||
|
|
||||||
|
|
||||||
openStylesPage: function () {
|
openStylesPage: function () {
|
||||||
Zotero.openInViewer("https://www.zotero.org/styles/", function (doc) {
|
Zotero.openInViewer("https://www.zotero.org/styles/", {
|
||||||
|
onLoad(doc) {
|
||||||
// Hide header, intro paragraph, Link, and Source
|
// Hide header, intro paragraph, Link, and Source
|
||||||
//
|
//
|
||||||
// (The first two aren't sent to the client normally, but hide anyway in case they are.)
|
// (The first two aren't sent to the client normally, but hide anyway in case they are.)
|
||||||
|
|
@ -152,6 +153,7 @@ Zotero_Preferences.Cite = {
|
||||||
+ 'a { color: rgb(0, 0, 238) !important; text-decoration: underline; }'
|
+ 'a { color: rgb(0, 0, 238) !important; text-decoration: underline; }'
|
||||||
+ 'a:active { color: rgb(238, 0, 0) !important; }';
|
+ 'a:active { color: rgb(238, 0, 0) !important; }';
|
||||||
doc.getElementsByTagName('head')[0].appendChild(style);
|
doc.getElementsByTagName('head')[0].appendChild(style);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -61,10 +61,10 @@
|
||||||
<hbox>
|
<hbox>
|
||||||
<button id="openCSLEdit"
|
<button id="openCSLEdit"
|
||||||
label="&zotero.preferences.styleEditor;"
|
label="&zotero.preferences.styleEditor;"
|
||||||
oncommand="Zotero.openInViewer('chrome://zotero/content/tools/csledit.xhtml', true)"/>
|
oncommand="Zotero.openInViewer('chrome://zotero/content/tools/csledit.xhtml')"/>
|
||||||
<button id="openCSLPreview"
|
<button id="openCSLPreview"
|
||||||
label="&zotero.preferences.stylePreview;"
|
label="&zotero.preferences.stylePreview;"
|
||||||
oncommand="Zotero.openInViewer('chrome://zotero/content/tools/cslpreview.xhtml', true)"/>
|
oncommand="Zotero.openInViewer('chrome://zotero/content/tools/cslpreview.xhtml')"/>
|
||||||
</hbox>
|
</hbox>
|
||||||
</groupbox>
|
</groupbox>
|
||||||
</vbox>
|
</vbox>
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,7 @@ var Zotero_Report_Interface = new function() {
|
||||||
|
|
||||||
url += '/items' + queryString;
|
url += '/items' + queryString;
|
||||||
|
|
||||||
Zotero.openInViewer(url);
|
Zotero.openInViewer(url, { allowJavaScript: false });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -71,6 +71,6 @@ var Zotero_Report_Interface = new function() {
|
||||||
|
|
||||||
var url = 'zotero://report/' + Zotero.API.getLibraryPrefix(libraryID) + '/items'
|
var url = 'zotero://report/' + Zotero.API.getLibraryPrefix(libraryID) + '/items'
|
||||||
+ '?itemKey=' + items.map(item => item.key).join(',');
|
+ '?itemKey=' + items.map(item => item.key).join(',');
|
||||||
Zotero.openInViewer(url);
|
Zotero.openInViewer(url, { allowJavaScript: false });
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,8 @@
|
||||||
"resource://gre/modules/E10SUtils.jsm"
|
"resource://gre/modules/E10SUtils.jsm"
|
||||||
);*/
|
);*/
|
||||||
|
|
||||||
|
const SANDBOXED_SCRIPTS = 0x80;
|
||||||
|
|
||||||
var browser;
|
var browser;
|
||||||
|
|
||||||
window.addEventListener("load", /*async */function () {
|
window.addEventListener("load", /*async */function () {
|
||||||
|
|
@ -51,9 +53,10 @@ window.addEventListener("load", /*async */function () {
|
||||||
);*/
|
);*/
|
||||||
//browser.docShellIsActive = false;
|
//browser.docShellIsActive = false;
|
||||||
|
|
||||||
// Load URI passed in as nsISupports .data via openWindow()
|
// Get URI and options passed in via openWindow()
|
||||||
window.viewerOriginalURI = window.arguments[0];
|
let { uri, options } = window.arguments[0].wrappedJSObject;
|
||||||
loadURI(window.arguments[0]);
|
window.viewerOriginalURI = uri;
|
||||||
|
loadURI(uri, options);
|
||||||
}, false);
|
}, false);
|
||||||
|
|
||||||
window.addEventListener("keypress", function (event) {
|
window.addEventListener("keypress", function (event) {
|
||||||
|
|
@ -73,7 +76,15 @@ window.addEventListener("click", function (event) {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
function loadURI(uri) {
|
function loadURI(uri, options = {}) {
|
||||||
|
// browser.browsingContext.allowJavascript (sic) would seem to do what we want here,
|
||||||
|
// but it has no effect. So we use sandboxFlags instead:
|
||||||
|
if (options.allowJavaScript !== false) {
|
||||||
|
browser.browsingContext.sandboxFlags &= ~SANDBOXED_SCRIPTS;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
browser.browsingContext.sandboxFlags |= SANDBOXED_SCRIPTS;
|
||||||
|
}
|
||||||
browser.loadURI(
|
browser.loadURI(
|
||||||
uri,
|
uri,
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -850,7 +850,8 @@ ZoteroStandalone.DebugOutput = {
|
||||||
|
|
||||||
|
|
||||||
view: function () {
|
view: function () {
|
||||||
Zotero.openInViewer("chrome://zotero/content/debugViewer.html", function (doc) {
|
Zotero.openInViewer("chrome://zotero/content/debugViewer.html", {
|
||||||
|
onLoad(doc) {
|
||||||
var submitted = false;
|
var submitted = false;
|
||||||
doc.querySelector('#submit-button').addEventListener('click', function (event) {
|
doc.querySelector('#submit-button').addEventListener('click', function (event) {
|
||||||
submitted = true;
|
submitted = true;
|
||||||
|
|
@ -865,6 +866,7 @@ ZoteroStandalone.DebugOutput = {
|
||||||
Zotero.Debug.clear();
|
Zotero.Debug.clear();
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
}
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1087,9 +1087,16 @@ Services.scriptloader.loadSubScript("resource://zotero/polyfill.js");
|
||||||
* Opens a URL in the basic viewer, and optionally run a callback on load
|
* Opens a URL in the basic viewer, and optionally run a callback on load
|
||||||
*
|
*
|
||||||
* @param {String} uri
|
* @param {String} uri
|
||||||
* @param {Function} [onLoad] - Function to run once URI is loaded; passed the loaded document
|
* @param {Object} [options]
|
||||||
|
* @param {Function} [options.onLoad] - Function to run once URI is loaded; passed the loaded document
|
||||||
|
* @param {Boolean} [options.allowJavaScript] - Set to false to disable JavaScript
|
||||||
*/
|
*/
|
||||||
this.openInViewer = function (uri, onLoad) {
|
this.openInViewer = function (uri, options) {
|
||||||
|
if (options && !options.onLoad && typeof options === 'function') {
|
||||||
|
Zotero.debug("Zotero.openInViewer() now takes an 'options' object for its second parameter -- update your code");
|
||||||
|
options = { onLoad: options };
|
||||||
|
}
|
||||||
|
|
||||||
var viewerWins = Services.wm.getEnumerator("zotero:basicViewer");
|
var viewerWins = Services.wm.getEnumerator("zotero:basicViewer");
|
||||||
for (let existingWin of viewerWins) {
|
for (let existingWin of viewerWins) {
|
||||||
if (existingWin.viewerOriginalURI === uri) {
|
if (existingWin.viewerOriginalURI === uri) {
|
||||||
|
|
@ -1099,12 +1106,17 @@ Services.scriptloader.loadSubScript("resource://zotero/polyfill.js");
|
||||||
}
|
}
|
||||||
let ww = Components.classes['@mozilla.org/embedcomp/window-watcher;1']
|
let ww = Components.classes['@mozilla.org/embedcomp/window-watcher;1']
|
||||||
.getService(Components.interfaces.nsIWindowWatcher);
|
.getService(Components.interfaces.nsIWindowWatcher);
|
||||||
let arg = Components.classes["@mozilla.org/supports-string;1"]
|
let arg = {
|
||||||
.createInstance(Components.interfaces.nsISupportsString);
|
uri,
|
||||||
arg.data = uri;
|
options: {
|
||||||
|
...options,
|
||||||
|
onLoad: undefined
|
||||||
|
}
|
||||||
|
};
|
||||||
|
arg.wrappedJSObject = arg;
|
||||||
let win = ww.openWindow(null, "chrome://zotero/content/standalone/basicViewer.xhtml",
|
let win = ww.openWindow(null, "chrome://zotero/content/standalone/basicViewer.xhtml",
|
||||||
null, "chrome,dialog=yes,resizable,centerscreen,menubar,scrollbars", arg);
|
null, "chrome,dialog=yes,resizable,centerscreen,menubar,scrollbars", arg);
|
||||||
if (onLoad) {
|
if (options?.onLoad) {
|
||||||
let browser;
|
let browser;
|
||||||
let func = function () {
|
let func = function () {
|
||||||
win.removeEventListener("load", func);
|
win.removeEventListener("load", func);
|
||||||
|
|
@ -1117,7 +1129,7 @@ Services.scriptloader.loadSubScript("resource://zotero/polyfill.js");
|
||||||
};
|
};
|
||||||
let innerFunc = function () {
|
let innerFunc = function () {
|
||||||
browser.removeEventListener("pageshow", innerFunc);
|
browser.removeEventListener("pageshow", innerFunc);
|
||||||
onLoad(browser.contentDocument);
|
options.onLoad(browser.contentDocument);
|
||||||
};
|
};
|
||||||
win.addEventListener("load", func);
|
win.addEventListener("load", func);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -537,7 +537,7 @@
|
||||||
label="&installConnector.label;"
|
label="&installConnector.label;"
|
||||||
oncommand="ZoteroStandalone.openHelp('connectors');"/>
|
oncommand="ZoteroStandalone.openHelp('connectors');"/>
|
||||||
<menuitem id="menu_addons" label="&addons.label;"
|
<menuitem id="menu_addons" label="&addons.label;"
|
||||||
oncommand="Zotero.openInViewer('chrome://mozapps/content/extensions/aboutaddons.html', ZoteroStandalone.updateAddonsPane)"/>
|
oncommand="Zotero.openInViewer('chrome://mozapps/content/extensions/aboutaddons.html', { onLoad: ZoteroStandalone.updateAddonsPane })"/>
|
||||||
<menu id="developer-menu"
|
<menu id="developer-menu"
|
||||||
label="&developer.label;">
|
label="&developer.label;">
|
||||||
<menupopup>
|
<menupopup>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue