aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2025-01-03 14:57:44 -05:00
Code

[ecmascript] Allow ecmascript scripts only for given urls prefixes.

Browse Source 
In ~/.elinks/allowed_ecmascript_url_prefixes.txt you must enter list
of urls. For example:
file://
https://buildlogs.pld-linux.org/
http://example

If url of document starts with one of given prefixes, then given url is
allowed to execute ecmascript. Start from most often used first.
This commit is contained in:
Witold Filipczyk 2020-12-07 22:36:24 +01:00
parent 672c5fce52
commit f617256ecc
3 changed files with 85 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
src/ecmascript/ecmascript.c
View File

@ -9,6 +9,7 @@
#include "elinks.h" #include "elinks.h"
#include "config/home.h"
#include "config/options.h" #include "config/options.h"
#include "document/document.h" #include "document/document.h"
#include "document/view.h" #include "document/view.h"
@ -68,6 +69,82 @@ static union option_info ecmascript_options[] = {
static int interpreter_count; static int interpreter_count;
static INIT_LIST_OF(struct string_list_item, allowed_urls);
static int
is_prefix(unsigned char *prefix, unsigned char *url, int dl)
{
return memcmp(prefix, url, dl);
}
static void
read_url_list(void)
{
char line[4096];
unsigned char *filename;
FILE *f;
if (!elinks_home) {
return;
}
filename = straconcat(elinks_home, STRING_DIR_SEP, ALLOWED_ECMASCRIPT_URL_PREFIXES, NULL);
if (!filename) {
return;
}
f = fopen(filename, "r");
if (f) {
while (fgets(line, 4096, f)) {
add_to_string_list(&allowed_urls, line, strlen(line) - 1);
}
fclose(f);
}
mem_free(filename);
}
int
get_ecmascript_enable(struct ecmascript_interpreter *interpreter)
{
static int list_init = 0;
struct string_list_item *item;
unsigned char *url;
if (!get_opt_bool("ecmascript.enable", NULL)
|| !interpreter || !interpreter->vs || !interpreter->vs->doc_view
|| !interpreter->vs->doc_view->document || !interpreter->vs->doc_view->document->uri) {
return 0;
}
if (!list_init) {
read_url_list();
list_init = 1;
}
url = get_uri_string(interpreter->vs->doc_view->document->uri, URI_PUBLIC);
if (!url) {
return 0;
}
foreach(item, allowed_urls) {
struct string *string = &item->string;
if (string->length <= 0) {
continue;
}
if (!is_prefix(string->source, url, string->length)) {
mem_free(url);
return 1;
}
}
mem_free(url);
return 0;
}
struct ecmascript_interpreter * struct ecmascript_interpreter *
ecmascript_get_interpreter(struct view_state *vs) ecmascript_get_interpreter(struct view_state *vs)
{ {
@ -130,7 +207,7 @@ void
ecmascript_eval(struct ecmascript_interpreter *interpreter, ecmascript_eval(struct ecmascript_interpreter *interpreter,
struct string *code, struct string *ret) struct string *code, struct string *ret)
{ {
if (!get_ecmascript_enable()) if (!get_ecmascript_enable(interpreter))
return; return;
assert(interpreter); assert(interpreter);
interpreter->backend_nesting++; interpreter->backend_nesting++;
@ -142,7 +219,7 @@ static void
ecmascript_call_function(struct ecmascript_interpreter *interpreter, ecmascript_call_function(struct ecmascript_interpreter *interpreter,
JS::HandleValue fun, struct string *ret) JS::HandleValue fun, struct string *ret)
{ {
if (!get_ecmascript_enable()) if (!get_ecmascript_enable(interpreter))
return; return;
assert(interpreter); assert(interpreter);
interpreter->backend_nesting++; interpreter->backend_nesting++;
@ -157,7 +234,7 @@ ecmascript_eval_stringback(struct ecmascript_interpreter *interpreter,
{ {
unsigned char *result; unsigned char *result;
if (!get_ecmascript_enable()) if (!get_ecmascript_enable(interpreter))
return NULL; return NULL;
assert(interpreter); assert(interpreter);
interpreter->backend_nesting++; interpreter->backend_nesting++;
@ -172,7 +249,7 @@ ecmascript_eval_boolback(struct ecmascript_interpreter *interpreter,
{ {
int result; int result;
if (!get_ecmascript_enable()) if (!get_ecmascript_enable(interpreter))
return -1; return -1;
assert(interpreter); assert(interpreter);
interpreter->backend_nesting++; interpreter->backend_nesting++;

3
src/ecmascript/ecmascript.h
View File

@ -23,7 +23,6 @@ struct terminal;
struct uri; struct uri;
struct view_state; struct view_state;
#define get_ecmascript_enable() get_opt_bool("ecmascript.enable", NULL)
struct ecmascript_interpreter { struct ecmascript_interpreter {
struct view_state *vs; struct view_state *vs;
@ -108,6 +107,8 @@ void ecmascript_set_timeout(struct ecmascript_interpreter *interpreter, unsigned
void ecmascript_set_timeout2(struct ecmascript_interpreter *interpreter, JS::HandleValue f, int timeout); void ecmascript_set_timeout2(struct ecmascript_interpreter *interpreter, JS::HandleValue f, int timeout);
int get_ecmascript_enable(struct ecmascript_interpreter *interpreter);
extern struct module ecmascript_module; extern struct module ecmascript_module;
#endif #endif

2
src/setup.h
View File

@ -24,6 +24,8 @@
#define ELINKS_PORT 23456 #define ELINKS_PORT 23456
#define ELINKS_TEMPNAME_PREFIX "elinks" #define ELINKS_TEMPNAME_PREFIX "elinks"
#define ALLOWED_ECMASCRIPT_URL_PREFIXES "allowed_ecmascript_url_prefixes.txt"
#define DNS_CACHE_TIMEOUT 3600 /* in seconds */ #define DNS_CACHE_TIMEOUT 3600 /* in seconds */
#define HTTP_KEEPALIVE_TIMEOUT 60000 #define HTTP_KEEPALIVE_TIMEOUT 60000