summaryrefslogtreecommitdiff
path: root/indra
diff options
context:
space:
mode:
authorMnikolenko ProductEngine <mnikolenko@productengine.com>2013-10-22 12:47:16 +0300
committerMnikolenko ProductEngine <mnikolenko@productengine.com>2013-10-22 12:47:16 +0300
commit28339afa157956d6ae4e68d0f8ce4eee6a254cfe (patch)
treed176514abec3322c339753dac231c617259a11a3 /indra
parent62a0ba3db4685e5572b05d4921e2fe9974af2ba7 (diff)
MAINT-535 'trust model' is added for secondlife:// URLs in wiki style links. Chat history is marked as untrusted source now.
Diffstat (limited to 'indra')
-rwxr-xr-xindra/llui/llscrolllistctrl.cpp2
-rwxr-xr-xindra/llui/lltextbase.cpp4
-rwxr-xr-xindra/llui/lltextbase.h5
-rwxr-xr-xindra/llui/llurlaction.cpp6
-rwxr-xr-xindra/llui/llurlaction.h4
-rwxr-xr-xindra/newview/llchathistory.cpp1
-rwxr-xr-xindra/newview/llurldispatcher.cpp6
-rwxr-xr-xindra/newview/llurldispatcher.h2
-rwxr-xr-xindra/newview/llurldispatcherlistener.cpp2
9 files changed, 19 insertions, 13 deletions
diff --git a/indra/llui/llscrolllistctrl.cpp b/indra/llui/llscrolllistctrl.cpp
index 6e03f604a2..594e1e150b 100755
--- a/indra/llui/llscrolllistctrl.cpp
+++ b/indra/llui/llscrolllistctrl.cpp
@@ -1855,7 +1855,7 @@ void LLScrollListCtrl::showNameDetails(std::string id, bool is_group)
// open the resident's details or the group details
std::string sltype = is_group ? "group" : "agent";
std::string slurl = "secondlife:///app/" + sltype + "/" + id + "/about";
- LLUrlAction::clickAction(slurl);
+ LLUrlAction::clickAction(slurl, true);
}
void LLScrollListCtrl::copyNameToClipboard(std::string id, bool is_group)
diff --git a/indra/llui/lltextbase.cpp b/indra/llui/lltextbase.cpp
index 5ec4cf4fe5..4144a42fd6 100755
--- a/indra/llui/lltextbase.cpp
+++ b/indra/llui/lltextbase.cpp
@@ -167,6 +167,7 @@ LLTextBase::Params::Params()
max_text_length("max_length", 255),
font_shadow("font_shadow"),
wrap("wrap"),
+ trusted_content("trusted_content", true),
use_ellipses("use_ellipses", false),
parse_urls("parse_urls", false),
parse_highlights("parse_highlights", false)
@@ -211,6 +212,7 @@ LLTextBase::LLTextBase(const LLTextBase::Params &p)
mLineSpacingPixels(p.line_spacing.pixels),
mClip(p.clip),
mClipPartial(p.clip_partial && !p.allow_scroll),
+ mTrustedContent(p.trusted_content),
mTrackEnd( p.track_end ),
mScrollIndex(-1),
mSelectionStart( 0 ),
@@ -3164,7 +3166,7 @@ BOOL LLNormalTextSegment::handleMouseUp(S32 x, S32 y, MASK mask)
// Only process the click if it's actually in this segment, not to the right of the end-of-line.
if(mEditor.getSegmentAtLocalPos(x, y, false) == this)
{
- LLUrlAction::clickAction(getStyle()->getLinkHREF());
+ LLUrlAction::clickAction(getStyle()->getLinkHREF(), mEditor.isContentTrusted());
return TRUE;
}
}
diff --git a/indra/llui/lltextbase.h b/indra/llui/lltextbase.h
index a74e97cac8..3603f55c3f 100755
--- a/indra/llui/lltextbase.h
+++ b/indra/llui/lltextbase.h
@@ -291,7 +291,8 @@ public:
parse_urls,
parse_highlights,
clip,
- clip_partial;
+ clip_partial,
+ trusted_content;
Optional<S32> v_pad,
h_pad;
@@ -361,6 +362,7 @@ public:
bool getWordWrap() { return mWordWrap; }
bool getUseEllipses() { return mUseEllipses; }
bool truncate(); // returns true of truncation occurred
+ bool isContentTrusted() {return mTrustedContent;}
// TODO: move into LLTextSegment?
void createUrlContextMenu(S32 x, S32 y, const std::string &url); // create a popup context menu for the given Url
@@ -634,6 +636,7 @@ protected:
bool mBGVisible; // render background?
bool mClip; // clip text to widget rect
bool mClipPartial; // false if we show lines that are partially inside bounding rect
+ bool mTrustedContent; // if false, does not allow to execute SURL links from this editor
bool mPlainText; // didn't use Image or Icon segments
bool mAutoIndent;
S32 mMaxTextByteLength; // Maximum length mText is allowed to be in bytes
diff --git a/indra/llui/llurlaction.cpp b/indra/llui/llurlaction.cpp
index 23e574cb74..12537d9dd1 100755
--- a/indra/llui/llurlaction.cpp
+++ b/indra/llui/llurlaction.cpp
@@ -87,14 +87,14 @@ void LLUrlAction::executeSLURL(std::string url)
{
if (sExecuteSLURLCallback)
{
- sExecuteSLURLCallback(url);
+ sExecuteSLURLCallback(url ,true);
}
}
-void LLUrlAction::clickAction(std::string url)
+void LLUrlAction::clickAction(std::string url, bool trusted_content)
{
// Try to handle as SLURL first, then http Url
- if ( (sExecuteSLURLCallback) && !sExecuteSLURLCallback(url) )
+ if ( (sExecuteSLURLCallback) && !sExecuteSLURLCallback(url, trusted_content) )
{
if (sOpenURLCallback)
{
diff --git a/indra/llui/llurlaction.h b/indra/llui/llurlaction.h
index e731376b95..5f3626490c 100755
--- a/indra/llui/llurlaction.h
+++ b/indra/llui/llurlaction.h
@@ -66,7 +66,7 @@ public:
static void showLocationOnMap(std::string url);
/// perform the appropriate action for left-clicking on a Url
- static void clickAction(std::string url);
+ static void clickAction(std::string url, bool trusted_content);
/// copy the label for a Url to the clipboard
static void copyLabelToClipboard(std::string url);
@@ -86,7 +86,7 @@ public:
/// specify the callbacks to enable this class's functionality
typedef boost::function<void (const std::string&)> url_callback_t;
- typedef boost::function<bool(const std::string& url)> execute_url_callback_t;
+ typedef boost::function<bool(const std::string& url, bool trusted_content)> execute_url_callback_t;
static void setOpenURLCallback(url_callback_t cb);
static void setOpenURLInternalCallback(url_callback_t cb);
diff --git a/indra/newview/llchathistory.cpp b/indra/newview/llchathistory.cpp
index 6c881b5717..69aeec3975 100755
--- a/indra/newview/llchathistory.cpp
+++ b/indra/newview/llchathistory.cpp
@@ -725,6 +725,7 @@ LLChatHistory::LLChatHistory(const LLChatHistory::Params& p)
editor_params.follows.flags = FOLLOWS_ALL;
editor_params.enabled = false; // read only
editor_params.show_context_menu = "true";
+ editor_params.trusted_content = false;
mEditor = LLUICtrlFactory::create<LLTextEditor>(editor_params, this);
mEditor->setIsFriendCallback(LLAvatarActions::isFriend);
}
diff --git a/indra/newview/llurldispatcher.cpp b/indra/newview/llurldispatcher.cpp
index 00b15a5f26..0c34db39b5 100755
--- a/indra/newview/llurldispatcher.cpp
+++ b/indra/newview/llurldispatcher.cpp
@@ -307,7 +307,7 @@ bool LLURLDispatcher::dispatchRightClick(const std::string& slurl)
}
// static
-bool LLURLDispatcher::dispatchFromTextEditor(const std::string& slurl)
+bool LLURLDispatcher::dispatchFromTextEditor(const std::string& slurl, bool trusted_content)
{
// *NOTE: Text editors are considered sources of trusted URLs
// in order to make avatar profile links in chat history work.
@@ -315,9 +315,9 @@ bool LLURLDispatcher::dispatchFromTextEditor(const std::string& slurl)
// receiving resident will see it and must affirmatively
// click on it.
// *TODO: Make this trust model more refined. JC
- const bool trusted_browser = true;
+
LLMediaCtrl* web = NULL;
- return LLURLDispatcherImpl::dispatch(LLSLURL(slurl), "clicked", web, trusted_browser);
+ return LLURLDispatcherImpl::dispatch(LLSLURL(slurl), "clicked", web, trusted_content);
}
diff --git a/indra/newview/llurldispatcher.h b/indra/newview/llurldispatcher.h
index 6309a97af5..9b05260af1 100755
--- a/indra/newview/llurldispatcher.h
+++ b/indra/newview/llurldispatcher.h
@@ -53,7 +53,7 @@ public:
static bool dispatchRightClick(const std::string& slurl);
- static bool dispatchFromTextEditor(const std::string& slurl);
+ static bool dispatchFromTextEditor(const std::string& slurl, bool trusted_content);
};
#endif
diff --git a/indra/newview/llurldispatcherlistener.cpp b/indra/newview/llurldispatcherlistener.cpp
index c7b9afafef..7545f3a9b3 100755
--- a/indra/newview/llurldispatcherlistener.cpp
+++ b/indra/newview/llurldispatcherlistener.cpp
@@ -71,5 +71,5 @@ void LLURLDispatcherListener::dispatchRightClick(const LLSD& params) const
void LLURLDispatcherListener::dispatchFromTextEditor(const LLSD& params) const
{
- LLURLDispatcher::dispatchFromTextEditor(params["url"]);
+ LLURLDispatcher::dispatchFromTextEditor(params["url"], false);
}