[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-4+backports' - sfx2/source

Mon, 27 Feb 2023 18:39:13 -0800 

 sfx2/source/doc/iframe.cxx |   33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

New commits:
commit a2f7593bcd1bc0feec608c1a9452af63b873a05b
Author:     Samuel Mehrbrodt <samuel.mehrbr...@allotropia.de>
AuthorDate: Mon Feb 27 15:27:24 2023 +0100
Commit:     Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Tue Feb 28 02:38:44 2023 +0000

    Check iframe target for allowed document URLs
    
    Change-Id: I00e4192becbc160282a43ab89dcd269f3d1012d8
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147921
    Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
    Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>

diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index aea851894286..6dca7bcddb56 100644
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -46,6 +46,11 @@
 #include <vcl/window.hxx>
 #include <tools/debug.hxx>
 #include <macroloader.hxx>
+#include <officecfg/Office/Common.hxx>
+
+#include <unicode/errorcode.h>
+#include <unicode/regex.h>
+#include <unicode/unistr.h>
 
 using namespace ::com::sun::star;
 
@@ -155,6 +160,31 @@ IFrameObject::IFrameObject(const uno::Reference < 
uno::XComponentContext >& rxCo
         aArguments[0] >>= mxObj;
 }
 
+bool lcl_isScriptURLAllowed(const OUString& aScriptURL)
+{
+    boost::optional<css::uno::Sequence<OUString>> allowedEvents(
+        
officecfg::Office::Common::Security::Scripting::AllowedDocumentEventURLs::get());
+    // When AllowedDocumentEventURLs is empty, all event URLs are allowed
+    if (!allowedEvents)
+        return true;
+
+    icu::ErrorCode status;
+    const uint32_t rMatcherFlags = UREGEX_CASE_INSENSITIVE;
+    icu::UnicodeString usInput(aScriptURL.getStr());
+    const css::uno::Sequence<OUString>& rAllowedEvents = *allowedEvents;
+    for (auto const& allowedEvent : rAllowedEvents)
+    {
+        icu::UnicodeString usRegex(allowedEvent.getStr());
+        icu::RegexMatcher rmatch1(usRegex, usInput, rMatcherFlags, status);
+        if (aScriptURL.startsWith(allowedEvent) || rmatch1.matches(status))
+        {
+            return true;
+        }
+    }
+
+    return false;
+}
+
 sal_Bool SAL_CALL IFrameObject::load(
     const uno::Sequence < css::beans::PropertyValue >& /*lDescriptor*/,
     const uno::Reference < frame::XFrame >& xFrame )
@@ -174,6 +204,9 @@ sal_Bool SAL_CALL IFrameObject::load(
                 return false;
         }
 
+        if (!lcl_isScriptURLAllowed(aTargetURL.Complete))
+            return false;
+
         DBG_ASSERT( !mxFrame.is(), "Frame already existing!" );
         VclPtr<vcl::Window> pParent = VCLUnoHelper::GetWindow( 
xFrame->getContainerWindow() );
         VclPtr<IFrameWindow_Impl> pWin = VclPtr<IFrameWindow_Impl>::Create( 
pParent, maFrmDescr.IsFrameBorderOn() );

Reply via email to