New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
resolves #3765 download and embed custom remote stylesheet if allow-uri-read is set #3766
resolves #3765 download and embed custom remote stylesheet if allow-uri-read is set #3766
Conversation
dc49b35
to
aa61dda
Compare
… if allow-uri-read is set
aa61dda
to
eea4a23
Compare
@Mogztter This may have broke tests in Asciidoctor.js. Let me know if something seems incorrect. |
Thanks for the heads up! |
Thanks! I want to make sure we get this cleared up before the 2.0.11 release, though there's still plenty of time for that. |
So the issue is that in a browser environment the target is a URI and the Let's take a concret example, the following code will not download and embed the stylesheet: const options = {
doctype: 'article',
safe: 'unsafe',
header_footer: true,
attributes: ['showtitle', 'stylesheet=asciidoctor.css', 'stylesdir=http://localhost:5000/build/css']
}
const html = asciidoctor.convert('=== Test', options) In my opinion, it's a bit odd to force the user to define The second issue is more or less the same but when using the Until now, my workaround was to monkey patch I could probably monkey patch the whole A cleaner approach would be to define a def allow_uri_read? target
@document.attr? 'allow-uri-read'
end That would allow Asciidoctor.js to monkey patch this specific method (instead of the whole def allow_uri_read? target
# chrome:// extension URI
return true if target.start_with? 'chrome://'
# same domain
return true if target.start_with? `window.location.protocol + '//' + window.location.host`
@document.attr? 'allow-uri-read'
end @mojavelinux What do you think? |
I was not expecting there to be difference there in the logic. I'll need to revisit that.
I think it would be better if we moved this check to a method like |
I see, the logic is different given how you have patched it. The read_asset method in core only reads from the filesystem. The read_contents method goes further an enables reading from a URL. Obviously, in core, this is going to require allow-uri-read since we cannot read from any URL unless permission is granted. I would recommend replacing this method since the whole point of the method is different in the browser environment. |
It's actually a bit of a mistake that we have both read_asset and read_contents. I added read_contents because read_asset wasn't sufficient for what we needed it to do. Rather than try to add behavior to it, I just cut a new method. But I think read_asset should probably be phased out eventually. |
Why not 👍
I think this logic still makes sense in a browser environment. The only difference is that, in a browser environment, we can establish a list of trusted domain/protocol. Anyway, it might be something we should consider in the future.
I don't 100% agree, but it's probably the safest/quickest solution. |
I think you're trying to change the meaning of allow-uri-read. In core, it should be all or nothing because the point is to control use of the network...even for trusted domains. If we entertained the idea of trusted domains in core, it would only be as a comma-separate list in the value of the allow-uri-read attribute. So it would build on the existing feature, not circumvent it. If the browser environment has a different definition of a remote URI (like an expanded definition of a file URI to include chrome), then it can treat certain URIs differently. (And we want enough logic hooks for that).
Only with allow-uri-read set and an additional allowlist (which, of course, the extension could then leverage). If the chrome protocol is really a local request, and you want to match the behavior of the read_asset method, then consider patching Helpers.uriish?. I think you keep trying to figure out how to allow remote requests when what you should focus on is what the definition of a remote URI is. If the browser environment can influence what is local vs remote, then you won't have problems. And if you can't find a path, then overriding read_content is the right approach. (It's okay if the browser environment and core have a different understanding of what constitutes a remote URI). |
No description provided.