From 6d6c39f27bad19db7ec60d822e73cdeac9f4d69f Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Thu, 20 Apr 2023 20:58:21 +0100 Subject: assume IFrame script/macro support isn't needed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit seems undocumented at least Change-Id: I316e4f4f25ddb7cf6b7bac4d856a721b987207a3 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150710 Tested-by: Jenkins Reviewed-by: Caolán McNamara --- sfx2/source/doc/iframe.cxx | 15 ++++----------- sfx2/source/inc/eventsupplier.hxx | 1 + 2 files changed, 5 insertions(+), 11 deletions(-) (limited to 'sfx2') diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index 812153990c32..1db259994b50 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -168,23 +168,16 @@ sal_Bool SAL_CALL IFrameObject::load( uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) ); xTrans->parseStrict( aTargetURL ); + INetURLObject aURLObject(aTargetURL.Complete); + if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script")) + return false; + uno::Reference xParentFrame = xFrame->getCreator(); SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); - if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro) - { - if (pDoc && !pDoc->AdjustMacroMode()) - return false; - } - - if (!SfxEvents_Impl::isScriptURLAllowed(aTargetURL.Complete)) - return false; - bool bUpdateAllowed(true); if (pDoc) { - // perhaps should only check for file targets, but lets default to making it strong - // unless there is a known need to distinguish comphelper::EmbeddedObjectContainer& rEmbeddedObjectContainer = pDoc->getEmbeddedObjectContainer(); bUpdateAllowed = rEmbeddedObjectContainer.getUserAllowsLinkUpdate(); } diff --git a/sfx2/source/inc/eventsupplier.hxx b/sfx2/source/inc/eventsupplier.hxx index 316b3b1836d7..56aa8f95e75f 100644 --- a/sfx2/source/inc/eventsupplier.hxx +++ b/sfx2/source/inc/eventsupplier.hxx @@ -81,6 +81,7 @@ public: SfxObjectShell* i_document ); static void Execute( css::uno::Sequence < css::beans::PropertyValue > const & aEventData, const css::document::DocumentEvent& aTrigger, SfxObjectShell* pDoc ); +private: /// Check if script URL whitelist exists, and if so, if current script url is part of it static bool isScriptURLAllowed(const OUString& aScriptURL); }; -- cgit