From 8ac2f8dfe17bd7999e46e4d92ee6f97dd398ed15 Mon Sep 17 00:00:00 2001
From: yifang <yifang.xiao@outlook.com>
Date: Thu, 20 Jan 2022 07:29:02 +0800
Subject: [PATCH] imp. : wrap articleview in webchannel for security reason

---
 articleview.cc | 30 ++++++++++++++++++++++++------
 articleview.hh | 20 +++++++++++++++++++-
 2 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/articleview.cc b/articleview.cc
index 4f58038d..0a6ef922 100644
--- a/articleview.cc
+++ b/articleview.cc
@@ -363,7 +363,8 @@ ArticleView::ArticleView( QWidget * parent, ArticleNetworkAccessManager & nm,
           SLOT(setActiveDictIds(ActiveDictIds)));
 
   channel = new QWebChannel(ui.definition->page());
-  attachToJavaScript();
+  agent = new ArticleViewAgent(this);
+  attachWebChannelToHtml();
 }
 
 // explicitly report the minimum size, to avoid
@@ -1050,7 +1051,7 @@ void ArticleView::linkHovered ( const QString & link )
       // Link to other dictionary
       QString dictName( Utils::Url::queryItemValue( url, "dict" ) );
       if( !dictName.isEmpty() )
-        msg = tr( "Definition from dictionary \"%1\": %2" ).arg( dictName ).arg( def );
+        msg = tr( "Definition from dictionary \"%1\": %2" ).arg( dictName , def );
     }
 
     if( msg.isEmpty() )
@@ -1069,15 +1070,13 @@ void ArticleView::linkHovered ( const QString & link )
   emit statusBarMessage( msg );
 }
 
-void ArticleView::attachToJavaScript() {
-
-
+void ArticleView::attachWebChannelToHtml() {
   // set the web channel to be used by the page
   // see http://doc.qt.io/qt-5/qwebenginepage.html#setWebChannel
   ui.definition->page()->setWebChannel(channel, QWebEngineScript::MainWorld);
 
   // register QObjects to be exposed to JavaScript
-  channel->registerObject(QStringLiteral("articleview"), this);
+  channel->registerObject(QStringLiteral("articleview"), agent);
 }
 
 void ArticleView::linkClicked( QUrl const & url_ )
@@ -2838,3 +2837,22 @@ void ResourceToSaveHandler::downloadFinished()
     deleteLater();
   }
 }
+
+ArticleViewAgent::ArticleViewAgent(QObject *parent)
+  : QObject{parent}
+{
+
+}
+ArticleViewAgent::ArticleViewAgent(ArticleView *articleView)
+  : articleView(articleView)
+{
+
+}
+
+void ArticleViewAgent::onJsActiveArticleChanged(QString const & id){
+    articleView->onJsActiveArticleChanged(id);
+}
+
+void ArticleViewAgent::linkClickedInHtml(QUrl const & url){
+    articleView->linkClickedInHtml(url);
+}
diff --git a/articleview.hh b/articleview.hh
index 1f5aeab2..cfd1c076 100644
--- a/articleview.hh
+++ b/articleview.hh
@@ -17,6 +17,7 @@
 #include "globalbroadcaster.h"
 
 class ResourceToSaveHandler;
+class ArticleViewAgent ;
 
 /// A widget with the web view tailored to view and handle articles -- it
 /// uses the appropriate netmgr, handles link clicks, rmb clicks etc
@@ -31,6 +32,7 @@ class ArticleView: public QFrame
   bool popupView;
   Config::Class const & cfg;
   QWebChannel *channel;
+  ArticleViewAgent * agent;
   Ui::ArticleView ui;
 
   QAction pasteAction, articleUpAction, articleDownAction,
@@ -301,7 +303,7 @@ private slots:
   void loadFinished( bool ok );
   void handleTitleChanged( QString const & title );
   void handleUrlChanged( QUrl const & url );
-  void attachToJavaScript();
+  void attachWebChannelToHtml();
 
   void linkHovered( const QString & link);
   void contextMenuRequested( QPoint const & );
@@ -436,4 +438,20 @@ private:
   bool alreadyDone;
 };
 
+class ArticleViewAgent : public QObject
+{
+    Q_OBJECT
+    ArticleView* articleView;
+  public:
+    explicit ArticleViewAgent(QObject *parent = nullptr);
+    ArticleViewAgent(ArticleView* articleView);
+
+  signals:
+
+  public slots:
+    Q_INVOKABLE void onJsActiveArticleChanged(QString const & id);
+    Q_INVOKABLE void linkClickedInHtml( QUrl const & );
+
+};
+
 #endif