imp. : wrap articleview in webchannel for security reason

2024-12-18 03:14:06 +00:00 · 2022-01-20 07:29:02 +08:00 · 2022-01-20 07:29:02 +08:00 · 8ac2f8dfe1
parent f047c5fc9c
commit 8ac2f8dfe1
2 changed files with 43 additions and 7 deletions
--- a/articleview.cc
+++ b/articleview.cc
@ -363,7 +363,8 @@ ArticleView::ArticleView( QWidget * parent, ArticleNetworkAccessManager & nm,
          SLOT(setActiveDictIds(ActiveDictIds)));

  channel = new QWebChannel(ui.definition->page());
-  attachToJavaScript();
+  agent = new ArticleViewAgent(this);
+  attachWebChannelToHtml();
 }

 // explicitly report the minimum size, to avoid
@ -1050,7 +1051,7 @@ void ArticleView::linkHovered ( const QString & link )
      // Link to other dictionary
      QString dictName( Utils::Url::queryItemValue( url, "dict" ) );
      if( !dictName.isEmpty() )
-        msg = tr( "Definition from dictionary \"%1\": %2" ).arg( dictName ).arg( def );
+        msg = tr( "Definition from dictionary \"%1\": %2" ).arg( dictName , def );
    }

    if( msg.isEmpty() )
@ -1069,15 +1070,13 @@ void ArticleView::linkHovered ( const QString & link )
  emit statusBarMessage( msg );
 }

-void ArticleView::attachToJavaScript() {
-
-
+void ArticleView::attachWebChannelToHtml() {
  // set the web channel to be used by the page
  // see http://doc.qt.io/qt-5/qwebenginepage.html#setWebChannel
  ui.definition->page()->setWebChannel(channel, QWebEngineScript::MainWorld);

  // register QObjects to be exposed to JavaScript
-  channel->registerObject(QStringLiteral("articleview"), this);
+  channel->registerObject(QStringLiteral("articleview"), agent);
 }

 void ArticleView::linkClicked( QUrl const & url_ )
@ -2838,3 +2837,22 @@ void ResourceToSaveHandler::downloadFinished()
    deleteLater();
  }
 }
+
+ArticleViewAgent::ArticleViewAgent(QObject *parent)
+  : QObject{parent}
+{
+
+}
+ArticleViewAgent::ArticleViewAgent(ArticleView *articleView)
+  : articleView(articleView)
+{
+
+}
+
+void ArticleViewAgent::onJsActiveArticleChanged(QString const & id){
+    articleView->onJsActiveArticleChanged(id);
+}
+
+void ArticleViewAgent::linkClickedInHtml(QUrl const & url){
+    articleView->linkClickedInHtml(url);
+}
--- a/articleview.hh
+++ b/articleview.hh
@ -17,6 +17,7 @@
 #include "globalbroadcaster.h"

 class ResourceToSaveHandler;
+class ArticleViewAgent ;

 /// A widget with the web view tailored to view and handle articles -- it
 /// uses the appropriate netmgr, handles link clicks, rmb clicks etc
@ -31,6 +32,7 @@ class ArticleView: public QFrame
  bool popupView;
  Config::Class const & cfg;
  QWebChannel *channel;
+  ArticleViewAgent * agent;
  Ui::ArticleView ui;

  QAction pasteAction, articleUpAction, articleDownAction,
@ -301,7 +303,7 @@ private slots:
  void loadFinished( bool ok );
  void handleTitleChanged( QString const & title );
  void handleUrlChanged( QUrl const & url );
-  void attachToJavaScript();
+  void attachWebChannelToHtml();

  void linkHovered( const QString & link);
  void contextMenuRequested( QPoint const & );
@ -436,4 +438,20 @@ private:
  bool alreadyDone;
 };

+class ArticleViewAgent : public QObject
+{
+    Q_OBJECT
+    ArticleView* articleView;
+  public:
+    explicit ArticleViewAgent(QObject *parent = nullptr);
+    ArticleViewAgent(ArticleView* articleView);
+
+  signals:
+
+  public slots:
+    Q_INVOKABLE void onJsActiveArticleChanged(QString const & id);
+    Q_INVOKABLE void linkClickedInHtml( QUrl const & );
+
+};
+
 #endif