diff options
author | Caolán McNamara <caolanm@redhat.com> | 2023-04-11 10:13:37 +0100 |
---|---|---|
committer | Stephan Bergmann <sbergman@redhat.com> | 2023-04-11 16:56:27 +0200 |
commit | 683e4de0de8dde7c5570c67cbd2bae17b6d7f0e0 (patch) | |
tree | ea28b88892c6656a2afb6000317a16a388a8c00b | |
parent | Related: tdf#154218 Use proper locale in SwUserFieldType::PutValue() (diff) | |
download | core-683e4de0de8dde7c5570c67cbd2bae17b6d7f0e0.tar.gz core-683e4de0de8dde7c5570c67cbd2bae17b6d7f0e0.zip |
set Referer on loading IFrames
so tools, options, security, options,
"block any links from document not..."
applies to their contents.
Change-Id: I04839aea6b07a4a76ac147a85045939ccd9c3c79
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150225
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
-rw-r--r-- | sfx2/source/doc/iframe.cxx | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index 5672f3edbcf5..559e35de8bdf 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -38,6 +38,7 @@ #include <cppuhelper/supportsservice.hxx> #include <officecfg/Office/Common.hxx> #include <svl/itemprop.hxx> +#include <sfx2/docfile.hxx> #include <sfx2/frmdescr.hxx> #include <sfx2/objsh.hxx> #include <sfx2/sfxdlg.hxx> @@ -166,10 +167,11 @@ sal_Bool SAL_CALL IFrameObject::load( uno::Reference < util::XURLTransformer > xTrans( util::URLTransformer::create( mxContext ) ); xTrans->parseStrict( aTargetURL ); + uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); + SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); + if (INetURLObject(aTargetURL.Complete).GetProtocol() == INetProtocol::Macro) { - uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); - SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); if (pDoc && !pDoc->AdjustMacroMode()) return false; } @@ -177,6 +179,10 @@ sal_Bool SAL_CALL IFrameObject::load( if (!SfxEvents_Impl::isScriptURLAllowed(aTargetURL.Complete)) return false; + OUString sReferer; + if (pDoc && pDoc->HasName()) + sReferer = pDoc->GetMedium()->GetName(); + DBG_ASSERT( !mxFrame.is(), "Frame already existing!" ); VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( xFrame->getContainerWindow() ); VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( pParent, maFrmDescr.IsFrameBorderOn() ); @@ -201,7 +207,8 @@ sal_Bool SAL_CALL IFrameObject::load( uno::Sequence < beans::PropertyValue > aProps{ comphelper::makePropertyValue("PluginMode", sal_Int16(2)), - comphelper::makePropertyValue("ReadOnly", true) + comphelper::makePropertyValue("ReadOnly", true), + comphelper::makePropertyValue("Referer", sReferer) }; uno::Reference < frame::XDispatch > xDisp = mxFrame->queryDispatch( aTargetURL, "_self", 0 ); if ( xDisp.is() ) |