Mercurial > hg > release > icedtea7-2.6
changeset 2006:5edc8307c7ab
- Fix static instantiation support for xulrunner >= 1.9.2
- Remove JS <-> Class source match check, as NPAPI does not allow cross-site
calls anyway
ChangeLog:
* plugin/icedteanp/IcedTeaNPPlugin.cc
(GCJ_New): Use arg count to determine whether or not a send an applet tag
to Java side. Set a new is_applet_instance variable in GCJPluginData.
(get_scriptable_object): Use the new is_applet_instance variable in
instance->pdata to determine what kind of object to return.
* plugin/icedteanp/IcedTeaNPPlugin.h: Add a new is_applet_instance bool to
GCJPluginData, which determines whether it is an applet instance or a
dummy one.
* plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java
(checkPermission): Disable js src == class src check, as NPAPI does not
allow cross site scripting.
| author | Deepak Bhole <dbhole@redhat.com> |
|---|---|
| date | Thu, 27 Aug 2009 13:16:24 -0400 |
| parents | 518cf0feb646 |
| children | 5e20e6468dd1 |
| files | ChangeLog plugin/icedteanp/IcedTeaNPPlugin.cc plugin/icedteanp/IcedTeaNPPlugin.h plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java |
| diffstat | 4 files changed, 33 insertions(+), 37 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Aug 26 15:06:47 2009 -0400 +++ b/ChangeLog Thu Aug 27 13:16:24 2009 -0400 @@ -1,3 +1,17 @@ +2009-08-27 Deepak Bhole <dbhole@redhat.com> + + * plugin/icedteanp/IcedTeaNPPlugin.cc + (GCJ_New): Use arg count to determine whether or not a send an applet tag + to Java side. Set a new is_applet_instance variable in GCJPluginData. + (get_scriptable_object): Use the new is_applet_instance variable in + instance->pdata to determine what kind of object to return. + * plugin/icedteanp/IcedTeaNPPlugin.h: Add a new is_applet_instance bool to + GCJPluginData, which determines whether it is an applet instance or a + dummy one. + * plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java + (checkPermission): Disable js src == class src check, as NPAPI does not + allow cross site scripting. + 2009-08-26 Deepak Bhole <dbhole@redhat.com> * plugin/icedteanp/IcedTeaJavaRequestProcessor.cc
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc Wed Aug 26 15:06:47 2009 -0400 +++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Thu Aug 27 13:16:24 2009 -0400 @@ -334,11 +334,8 @@ // Documentbase retrieval. documentbase = plugin_get_documentbase (instance); - if (documentbase) + if (documentbase && argc != 0) { - // => dummy plugin instantiation - - // Send applet tag message to appletviewer. applet_tag = plugin_create_applet_tag (argc, argn, argv); @@ -347,6 +344,13 @@ //plugin_send_message_to_appletviewer (data, data->instance_string); plugin_send_message_to_appletviewer (tag_message); + + data->is_applet_instance = true; + } + + if (argc == 0) + { + data->is_applet_instance = false; } g_mutex_unlock (data->appletviewer_mutex); @@ -1979,8 +1983,6 @@ filename[filename_size] = '\0'; } - printf("FILENAME=%s\n", filename); - if (!filename) { PLUGIN_ERROR ("Failed to create plugin shared object filename."); @@ -2205,15 +2207,10 @@ NPObject* get_scriptable_object(NPP instance) { - - printf("Calling plugin_get_documentbase\n"); - gchar* document_base = plugin_get_documentbase(instance); NPObject* obj; + GCJPluginData* data = (GCJPluginData*) instance->pdata; - if (!document_base) // dummy instance/package? - { - obj = IcedTeaScriptablePluginObject::get_scriptable_java_package_object(instance, ""); - } else + if (data->is_applet_instance) // dummy instance/package? { JavaRequestProcessor java_request = JavaRequestProcessor(); JavaResultData* java_result; @@ -2246,6 +2243,10 @@ applet_class_id.append(*(java_result->return_string)); obj = IcedTeaScriptableJavaPackageObject::get_scriptable_java_object(instance, applet_class_id, instance_id); + + } else + { + obj = IcedTeaScriptablePluginObject::get_scriptable_java_package_object(instance, ""); } return obj;
--- a/plugin/icedteanp/IcedTeaNPPlugin.h Wed Aug 26 15:06:47 2009 -0400 +++ b/plugin/icedteanp/IcedTeaNPPlugin.h Thu Aug 27 13:16:24 2009 -0400 @@ -84,6 +84,8 @@ guint32 window_height; // The source location for this instance gchar* source; + // If this is an actual applet instance, or a dummy instance for static calls + bool is_applet_instance; }; // Queue processing threads
--- a/plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java Wed Aug 26 15:06:47 2009 -0400 +++ b/plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java Thu Aug 27 13:16:24 2009 -0400 @@ -1122,36 +1122,15 @@ /** * Checks if the calling script is allowed to access the specified class * - * See http://java.sun.com/j2se/1.3/docs/guide/plugin/security.html#liveconnect for details - * * @param jsSrc The source of the script * @param target The target class that the script is trying to access * @param acc AccessControlContext for this execution * @throws AccessControlException If the script has insufficient permissions */ public void checkPermission(String jsSrc, Class target, AccessControlContext acc) throws AccessControlException { - - // target classloader == null => primordial loader. Allow this. - if (target.getClassLoader() == null) - return; - - URL classSrcURL = this.classLoaders.get(target.getClassLoader()); - URL jsSrcURL = null; - try { - jsSrcURL = new URL(jsSrc); - } catch (Exception e) { - e.printStackTrace(); - } - - PluginDebug.debug("target = " + target + " jsSrc=" + jsSrc + " classSrc=" + classSrcURL); - - // NPRuntime does not allow cross-site calling. The code below is kept - // in case that changes in the future.. - - // if src is not a file and class loader does not map to the same base, UniversalBrowserRead (BrowserReadPermission) must be set - //if (!jsSrc.equals("file://") && !jsSrc.equals("[System]") && !classSrcURL.equals(jsSrcURL)) { - // acc.checkPermission(new BrowserReadPermission()); - //} + // NPRuntime does not allow cross-site calling. We therefore always + // allow this, for the time being + return; } private void write(int reference, String message) {