diff options
Diffstat (limited to 'sfx2/source')
| -rw-r--r-- | sfx2/source/doc/objmisc.cxx | 6 | ||||
| -rw-r--r-- | sfx2/source/notify/eventsupplier.cxx | 18 |
2 files changed, 13 insertions, 11 deletions
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index 4462547bf349..3bbf59ccb91a 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -1344,16 +1344,12 @@ namespace } } -namespace { - // don't allow LibreLogo to be used with our mouseover/etc dom-alike events -bool UnTrustedScript(const OUString& rScriptURL) +bool SfxObjectShell::UnTrustedScript(const OUString& rScriptURL) { return rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo"); } -} - ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptContext, const OUString& _rScriptURL, const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError, const css::uno::Any* pCaller ) { diff --git a/sfx2/source/notify/eventsupplier.cxx b/sfx2/source/notify/eventsupplier.cxx index 2ea3e86fd89d..4e619d954c93 100644 --- a/sfx2/source/notify/eventsupplier.cxx +++ b/sfx2/source/notify/eventsupplier.cxx @@ -206,18 +206,24 @@ void SfxEvents_Impl::Execute( uno::Any const & aEventData, const document::Docum else if (aType == "Service" || aType == "Script") { - if ( !aScript.isEmpty() ) + bool bAllowed = false; + util::URL aURL; + if (!aScript.isEmpty()) { - SfxViewFrame* pView = pDoc ? - SfxViewFrame::GetFirst( pDoc ) : - SfxViewFrame::Current(); - uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( ::comphelper::getProcessComponentContext() ) ); - util::URL aURL; aURL.Complete = aScript; xTrans->parseStrict( aURL ); + bAllowed = !SfxObjectShell::UnTrustedScript(aURL.Complete); + } + + if (bAllowed) + { + SfxViewFrame* pView = pDoc ? + SfxViewFrame::GetFirst( pDoc ) : + SfxViewFrame::Current(); + uno::Reference < frame::XDispatchProvider > xProv; |