diff options
| author | Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de> | 2023-02-27 15:27:24 +0100 |
|---|---|---|
| committer | Thorsten Behrens <thorsten.behrens@allotropia.de> | 2023-02-28 02:38:44 +0000 |
| commit | a2f7593bcd1bc0feec608c1a9452af63b873a05b (patch) | |
| tree | 943e517376323a0dee6a2dc5aa3c2d619d0fcbb2 | |
| parent | adb76b15cabc546a486a06851204cb230c4d0247 (diff) | |
Check iframe target for allowed document URLs
Change-Id: I00e4192becbc160282a43ab89dcd269f3d1012d8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147921
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
| -rw-r--r-- | sfx2/source/doc/iframe.cxx | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index aea851894286..6dca7bcddb56 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -46,6 +46,11 @@ #include <vcl/window.hxx> #include <tools/debug.hxx> #include <macroloader.hxx> +#include <officecfg/Office/Common.hxx> + +#include <unicode/errorcode.h> +#include <unicode/regex.h> +#include <unicode/unistr.h> using namespace ::com::sun::star; @@ -155,6 +160,31 @@ IFrameObject::IFrameObject(const uno::Reference < uno::XComponentContext >& rxCo aArguments[0] >>= mxObj; } +bool lcl_isScriptURLAllowed(const OUString& aScriptURL) +{ + boost::optional<css::uno::Sequence<OUString>> allowedEvents( + officecfg::Office::Common::Security::Scripting::AllowedDocumentEventURLs::get()); + // When AllowedDocumentEventURLs is empty, all event URLs are allowed + if (!allowedEvents) + return true; + + icu::ErrorCode status; + const uint32_t rMatcherFlags = UREGEX_CASE_INSENSITIVE; + icu::UnicodeString usInput(aScriptURL.getStr()); + const css::uno::Sequence<OUString>& rAllowedEvents = *allowedEvents; + for (auto const& allowedEvent : rAllowedEvents) + { + icu::UnicodeString usRegex(allowedEvent.getStr()); + icu::RegexMatcher rmatch1(usRegex, usInput, rMatcherFlags, status); + if (aScriptURL.startsWith(allowedEvent) || rmatch1.matches(status)) + { + return true; + } + } + + return false; +} + sal_Bool SAL_CALL IFrameObject::load( const uno::Sequence < css::beans::PropertyValue >& /*lDescriptor*/, const uno::Reference < frame::XFrame >& xFrame ) @@ -174,6 +204,9 @@ sal_Bool SAL_CALL IFrameObject::load( return false; } + if (!lcl_isScriptURLAllowed(aTargetURL.Complete)) + return false; + DBG_ASSERT( !mxFrame.is(), "Frame already existing!" ); VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() ); VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() ); |