diff options
author | Caolán McNamara <caolanm@redhat.com> | 2023-04-11 10:13:37 +0100 |
---|---|---|
committer | Michael Stahl <michael.stahl@allotropia.de> | 2023-05-02 15:14:59 +0200 |
commit | aa811e44db1ff88caab58a88a2602d00b6f157b4 (patch) | |
tree | b77c3cf6991c65cfc1e2945274b05a54150825b3 /sfx2/source/doc | |
parent | fa3bfeea90b729f797dafa06f5e5a73e6faf5a57 (diff) |
set Referer on loading IFrames
so tools, options, security, options,
"block any links from document not..."
applies to their contents.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150221
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150751
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit acff9ca0579333b45d10ae5f8cd48172f563dddd)
Change-Id: I04839aea6b07a4a76ac147a85045939ccd9c3c79
Diffstat (limited to 'sfx2/source/doc')
-rw-r--r-- | sfx2/source/doc/iframe.cxx | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index 6dca7bcddb56..6e14f5f254e1 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -38,6 +38,7 @@ #include <svtools/miscopt.hxx> #include <svl/ownlist.hxx> #include <svl/itemprop.hxx> +#include <sfx2/docfile.hxx> #include <sfx2/frmdescr.hxx> #include <sfx2/objsh.hxx> #include <sfx2/sfxdlg.hxx> @@ -196,10 +197,11 @@ sal_Bool SAL_CALL IFrameObject::load( uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) ); xTrans->parseStrict( aTargetURL ); + uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); + SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); + if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro) { - uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); - SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); if (pDoc && !pDoc->AdjustMacroMode()) return false; } @@ -207,6 +209,10 @@ sal_Bool SAL_CALL IFrameObject::load( if (!lcl_isScriptURLAllowed(aTargetURL.Complete)) return false; + OUString sReferer; + if (pDoc && pDoc->HasName()) + sReferer = pDoc->GetMedium()->GetName(); + DBG_ASSERT( !mxFrame.is(), "Frame already existing!" ); VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() ); VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() ); @@ -229,11 +235,13 @@ sal_Bool SAL_CALL IFrameObject::load( if ( xFramesSupplier.is() ) mxFrame->setCreator( xFramesSupplier ); - uno::Sequence < beans::PropertyValue > aProps(2); + uno::Sequence < beans::PropertyValue > aProps(3); aProps[0].Name = "PluginMode"; aProps[0].Value <<= sal_Int16(2); aProps[1].Name = "ReadOnly"; aProps[1].Value <<= true; + aProps[2].Name = "Referer"; + aProps[2].Value <<= sReferer; uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( aTargetURL, "_self", 0 ); if ( xDisp.is() ) xDisp->dispatch( aTargetURL, aProps ); |