[Libreoffice-commits] online.git: Branch 'distro/collabora/collabora-online-4' - 2 commits - loleaflet/js loleaflet/Makefile.am loleaflet/node_shrinkwrap loleaflet/npm-shrinkwrap.json.in loleaflet/package.json loleaflet/src

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Fri May 3 14:34:53 UTC 2019 

 loleaflet/Makefile.am                            |    3 -
 loleaflet/js/toolbar.js                          |    2 
 loleaflet/node_shrinkwrap/sanitize-url-3.0.0.tar |binary
 loleaflet/npm-shrinkwrap.json.in                 |    6 ++
 loleaflet/package.json                           |    4 +
 loleaflet/src/control/Control.AlertDialog.js     |   49 ++++++++++++++++++++++-
 loleaflet/src/errormessages.js                   |    2 
 7 files changed, 63 insertions(+), 3 deletions(-)

New commits:
commit e29d2568b4b8467e7a7ad2e64be4d7956875c14e
Author:     Alexandru Vlăduţu <alexandru.vladutu at 1and1.ro>
AuthorDate: Tue Apr 2 09:24:18 2019 +0300
Commit:     Jan Holesovsky <kendy at collabora.com>
CommitDate: Fri May 3 16:34:15 2019 +0200

    loleaflet: check document hyperlink before open
    
    Change-Id: Ie2b1ba8baf49136fa805ab5b3a52f7b7fb5827df
    Reviewed-on: https://gerrit.libreoffice.org/70113
    Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
    Reviewed-by: Szymon Kłos <szymon.klos at collabora.com>
    Tested-by: Szymon Kłos <szymon.klos at collabora.com>

diff --git a/loleaflet/Makefile.am b/loleaflet/Makefile.am
index 079666bae..8b93f4a8e 100644
--- a/loleaflet/Makefile.am
+++ b/loleaflet/Makefile.am
@@ -110,7 +110,8 @@ NODE_MODULES_JS =\
 	node_modules/json-js/json2.js \
 	node_modules/select2/dist/js/select2.js \
 	node_modules/vex-js/js/vex.js \
-	node_modules/vex-js/js/vex.dialog.js
+	node_modules/vex-js/js/vex.dialog.js \
+	node_modules/@braintree/sanitize-url/dist.js
 
 if !ENABLE_IOSAPP
 if !ENABLE_GTKAPP
diff --git a/loleaflet/node_shrinkwrap/sanitize-url-3.0.0.tar b/loleaflet/node_shrinkwrap/sanitize-url-3.0.0.tar
new file mode 100644
index 000000000..0c85c0423
Binary files /dev/null and b/loleaflet/node_shrinkwrap/sanitize-url-3.0.0.tar differ
diff --git a/loleaflet/npm-shrinkwrap.json.in b/loleaflet/npm-shrinkwrap.json.in
index 407d50b43..18c5dc802 100644
--- a/loleaflet/npm-shrinkwrap.json.in
+++ b/loleaflet/npm-shrinkwrap.json.in
@@ -211,6 +211,12 @@
       "integrity": "sha1-trvgsGdLnXGXCMo43owjfLUmw9E=",
       "dev": true
     },
+    "sanitize-url": {
+      "version": "3.0.0",
+      "resolved": "file:node_shrinkwrap/sanitize-url-3.0.0.tar",
+      "integrity": "",
+      "dev": true
+    },
     "autolinker": {
       "version": "1.4.3",
       "resolved": "file:node_shrinkwrap/autolinker-1.4.3.tgz",
diff --git a/loleaflet/package.json b/loleaflet/package.json
index 0c45f4b72..b0b4cefab 100644
--- a/loleaflet/package.json
+++ b/loleaflet/package.json
@@ -3,6 +3,7 @@
   "version": "0.8.0-dev",
   "description": "LibreOffice online front-end",
   "devDependencies": {
+    "@braintree/sanitize-url": "3.0.0",
     "autolinker": "1.4.3",
     "bootstrap": "3.3.6",
     "browserify": "13.1.0",
@@ -37,5 +38,8 @@
     "libreoffice",
     "lool"
   ],
+  "scripts": {
+    "postinstall": "browserify node_modules/@braintree/sanitize-url/index.js --standalone sanitizeUrl > node_modules/@braintree/sanitize-url/dist.js"
+  },
   "license": "BSD-2-Clause"
 }
diff --git a/loleaflet/src/control/Control.AlertDialog.js b/loleaflet/src/control/Control.AlertDialog.js
index bb4c61685..336c14dd7 100644
--- a/loleaflet/src/control/Control.AlertDialog.js
+++ b/loleaflet/src/control/Control.AlertDialog.js
@@ -3,7 +3,7 @@
  * L.Control.Dialog used for displaying alerts
  */
 
-/* global _ vex */
+/* global _ vex sanitizeUrl */
 L.Control.AlertDialog = L.Control.extend({
 	onAdd: function (map) {
 		// TODO: Better distinction between warnings and errors
@@ -28,9 +28,9 @@ L.Control.AlertDialog = L.Control.extend({
 			var url = e.url;
 			var messageText = window.errorMessages.leaving;
 
-			var isLinkValid = true;
-			if (url.trim().toLowerCase().startsWith('javascript:')) {
-				isLinkValid = false;
+			var isLinkValid = sanitizeUrl.sanitizeUrl(url) !== 'about:blank';
+
+			if (!isLinkValid) {
 				messageText = window.errorMessages.invalidLink;
 				messageText = messageText.replace('%url', url);
 			}
commit 1811a5280397f9614d1eddfe5f9390d5f23fe519
Author:     Szymon Kłos <szymon.klos at collabora.com>
AuthorDate: Thu Mar 28 11:49:56 2019 +0100
Commit:     Jan Holesovsky <kendy at collabora.com>
CommitDate: Fri May 3 16:34:15 2019 +0200

    Introduce warning when leaving the editor
    
    Change-Id: Id9fe06015b45f37ae415f8e3607434d984a6074f

diff --git a/loleaflet/js/toolbar.js b/loleaflet/js/toolbar.js
index 959e6e8c1..68cddbd22 100644
--- a/loleaflet/js/toolbar.js
+++ b/loleaflet/js/toolbar.js
@@ -2476,7 +2476,7 @@ function setupToolbar(e) {
 	});
 
 	map.on('hyperlinkclicked', function (e) {
-		window.open(e.url, '_blank');
+		map.fire('warn', {url: e.url, map: map, cmd: 'openlink'});
 	});
 
 	map.on('cellformula', function (e) {
diff --git a/loleaflet/src/control/Control.AlertDialog.js b/loleaflet/src/control/Control.AlertDialog.js
index d63c80432..bb4c61685 100644
--- a/loleaflet/src/control/Control.AlertDialog.js
+++ b/loleaflet/src/control/Control.AlertDialog.js
@@ -24,6 +24,53 @@ L.Control.AlertDialog = L.Control.extend({
 		else if (e.cmd == 'load' && e.kind == 'docunloading') {
 			// Handled by transparently retrying.
 			return;
+		} else if (e.cmd == 'openlink') {
+			var url = e.url;
+			var messageText = window.errorMessages.leaving;
+
+			var isLinkValid = true;
+			if (url.trim().toLowerCase().startsWith('javascript:')) {
+				isLinkValid = false;
+				messageText = window.errorMessages.invalidLink;
+				messageText = messageText.replace('%url', url);
+			}
+
+			var buttonsList = [];
+
+			if (isLinkValid) {
+				buttonsList.push({
+					text: _('Open link'),
+					type: 'button',
+					className: 'vex-dialog-button-primary',
+					click: function openClick () {
+						window.open(url, '_blank');
+						vex.close(vex.dialogID);
+						vex.dialogID = 0;
+					}
+				});
+			}
+
+			buttonsList.push({
+				text: _('Edit'),
+				type: 'button',
+				className: 'vex-dialog-button-secondary',
+				click: function editClick () {
+					e.map.toggleCommandState('HyperlinkDialog');
+					vex.close(vex.dialogID);
+					vex.dialogID = 0;
+				}
+			});
+
+			vex.dialog.open({
+				message: messageText,
+				showCloseButton: true,
+				buttons: buttonsList,
+				callback: function() {},
+				beforeClose: function () {
+					e.map.focus();
+					e.map.enable(true);
+				}
+			});
 		} else if (e.cmd && e.kind) {
 			var msg = _('The server encountered a %0 error while parsing the %1 command.');
 			msg = msg.replace('%0', e.kind);
diff --git a/loleaflet/src/errormessages.js b/loleaflet/src/errormessages.js
index 3381b9126..0baa1e626 100644
--- a/loleaflet/src/errormessages.js
+++ b/loleaflet/src/errormessages.js
@@ -21,6 +21,8 @@ errorMessages.wrongwopisrc = _('Wrong or missing WOPISrc parameter, please conta
 errorMessages.sessionexpiry = _('Your session will expire in %time. Please save your work and refresh the session (or webpage) to continue.');
 errorMessages.sessionexpired = _('Your session has been expired. Further changes to document might not be saved. Please refresh the session (or webpage) to continue.');
 errorMessages.faileddocloading = _('Failed to load the document. Please ensure the file type is supported and not corrupted, and try again.');
+errorMessages.invalidLink = _('Invalid link: \'%url\'');
+errorMessages.leaving = _('You are leaving the editor, are you sure you want to proceed?');
 
 errorMessages.storage = {
 	loadfailed: _('Failed to read document from storage. Please contact your storage server (%storageserver) administrator.'),

More information about the Libreoffice-commits mailing list