[Pkg-javascript-commits] [pdf.js] 190/414: Allow local PDF files to be viewed in local frames
David Prévot
taffit at moszumanska.debian.org
Tue Jun 28 17:12:20 UTC 2016
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository pdf.js.
commit 0ec82d4a50e6b0c0af9c18ca4f070b30d5c3e90e
Author: Rob Wu <rob at robwu.nl>
Date: Sat Jan 30 14:21:54 2016 +0100
Allow local PDF files to be viewed in local frames
The Chrome extension enforces that local files cannot be embedded in
non-local web pages. The previous check was too strict (because the
origin of a file:-URL is "null"), and prevented local PDF from being
viewed in local files).
This patch fixes that problem, by querying the actual tab URL via the
background page.
Steps to verify:
1. Create a HTML file: `<iframe src=test.pdf width=100% height=100%>`
2. Build and load the extension.
3. Allow file access to the extension at `chrome://extensions`
4. Open the HTML file from a file:// URL.
5. VERIFY: The extension should attempt to load the PDF file.
6. Now open the following (replace ID with the extension ID, which you
can find at `chrome://extensions`):
`data:text/html,<iframe src="chrome-extension://ID/file:///test.pdf">`
7. VERIFY: The next error should be displayed:
"Refused to load a local file in a non-local page for security reasons."
---
extensions/chromium/pdfHandler.js | 26 +++++++++++++++++++++++
web/chromecom.js | 43 +++++++++++++++++++++++++++++----------
2 files changed, 58 insertions(+), 11 deletions(-)
diff --git a/extensions/chromium/pdfHandler.js b/extensions/chromium/pdfHandler.js
index 38e3b09..95f5573 100644
--- a/extensions/chromium/pdfHandler.js
+++ b/extensions/chromium/pdfHandler.js
@@ -252,6 +252,32 @@ chrome.extension.isAllowedFileSchemeAccess(function(isAllowedAccess) {
});
chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
+ if (message && message.action === 'getParentOrigin') {
+ // getParentOrigin is used to determine whether it is safe to embed a
+ // sensitive (local) file in a frame.
+ if (!sender.tab) {
+ sendResponse('');
+ return;
+ }
+ // TODO: This should be the URL of the parent frame, not the tab. But
+ // chrome-extension:-URLs are not visible in the webNavigation API
+ // (https://crbug.com/326768), so the next best thing is using the tab's URL
+ // for making security decisions.
+ var parentUrl = sender.tab.url;
+ if (!parentUrl) {
+ sendResponse('');
+ return;
+ }
+ if (parentUrl.lastIndexOf('file:', 0) === 0) {
+ sendResponse('file://');
+ return;
+ }
+ // The regexp should always match for valid URLs, but in case it doesn't,
+ // just give the full URL (e.g. data URLs).
+ var origin = /^[^:]+:\/\/[^/]+/.exec(parentUrl);
+ sendResponse(origin ? origin[1] : parentUrl);
+ return true;
+ }
if (message && message.action === 'isAllowedFileSchemeAccess') {
chrome.extension.isAllowedFileSchemeAccess(sendResponse);
return true;
diff --git a/web/chromecom.js b/web/chromecom.js
index 2b136fc..8d40140 100644
--- a/web/chromecom.js
+++ b/web/chromecom.js
@@ -113,18 +113,25 @@ var ChromeCom = (function ChromeComClosure() {
return;
}
if (/^file?:/.test(file)) {
- if (top !== window && !/^file:/i.test(location.ancestorOrigins[0])) {
- PDFViewerApplication.error('Blocked ' + location.ancestorOrigins[0] +
- ' from loading ' + file + '. Refused to load a local file in a ' +
- ' non-local page for security reasons.');
- return;
- }
- isAllowedFileSchemeAccess(function(isAllowedAccess) {
- if (isAllowedAccess) {
- PDFViewerApplication.open(file);
- } else {
- requestAccessToLocalFile(file);
+ getEmbedderOrigin(function(origin) {
+ // If the origin cannot be determined, let Chrome decide whether to
+ // allow embedding files. Otherwise, only allow local files to be
+ // embedded from local files or Chrome extensions.
+ // Even without this check, the file load in frames is still blocked,
+ // but this may change in the future (https://crbug.com/550151).
+ if (origin && !/^file:|^chrome-extension:/.test(origin)) {
+ PDFViewerApplication.error('Blocked ' + origin + ' from loading ' +
+ file + '. Refused to load a local file in a non-local page ' +
+ 'for security reasons.');
+ return;
}
+ isAllowedFileSchemeAccess(function(isAllowedAccess) {
+ if (isAllowedAccess) {
+ PDFViewerApplication.open(file);
+ } else {
+ requestAccessToLocalFile(file);
+ }
+ });
});
return;
}
@@ -132,6 +139,20 @@ var ChromeCom = (function ChromeComClosure() {
});
};
+ function getEmbedderOrigin(callback) {
+ var origin = window === top ? location.origin : location.ancestorOrigins[0];
+ if (origin === 'null') {
+ // file:-URLs, data-URLs, sandboxed frames, etc.
+ getParentOrigin(callback);
+ } else {
+ callback(origin);
+ }
+ }
+
+ function getParentOrigin(callback) {
+ ChromeCom.request('getParentOrigin', null, callback);
+ }
+
function isAllowedFileSchemeAccess(callback) {
ChromeCom.request('isAllowedFileSchemeAccess', null, callback);
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/pdf.js.git
More information about the Pkg-javascript-commits
mailing list