Permalink
Browse files

XSLT-process result XML manually, don't just reference stylesheet.

This has two advantages.  On the one hand we write fully valid HTML
protocols if our user hits the store button.  On the other hand we
have no problem with the XSS protection if run in a browser.
Browsers deny access to XSL files loaded via http if the document
to process is provided via data protocol (at least Firefox does).
  • Loading branch information...
1 parent a8e0c67 commit 6e64242a9d098b0083c047bef2d072a21f9951f4 @stesie committed Aug 5, 2012
Showing with 19 additions and 9 deletions.
  1. +3 −0 .gitmodules
  2. +1 −0 chrome/content/index.html
  3. +13 −8 chrome/content/js/geierlein.js
  4. +1 −1 chrome/content/js/xulapp.js
  5. +1 −0 chrome/content/lib/jsxml
View
@@ -4,3 +4,6 @@
[submodule "chrome/content/lib/gzip-js"]
path = chrome/content/lib/gzip-js
url = git://github.com/stesie/gzip-js.git
+[submodule "chrome/content/lib/jsxml"]
+ path = chrome/content/lib/jsxml
+ url = git://github.com/Greendrake/jsxml.git
@@ -782,6 +782,7 @@ <h3>Übertragungsprotokoll</h3>
<script src="lib/gzip-js/lib/rawdeflate.js"></script>
<script src="lib/gzip-js/lib/rawinflate.js"></script>
<script src="lib/gzip-js/lib/gzip.js"></script>
+ <script src="lib/jsxml/jsxml.js"></script>
<script>
if(window.forge === undefined) {
alert('Die Verschlüsselungsbibliothek "forge" ist nicht verfügbar. Ohne diese ist eine Datenübertragung nicht möglich.\n' +
@@ -51,20 +51,25 @@
/**
* Show the modal protocol dialog and display the provided protocol.
*
- * A reference to the XSL file needed to display the protocol is
- * added automatically.
+ * The provided document is run through XSL processor before being
+ * displayed.
*
* @param res The XML result document as a string.
* @return void
*/
function showProtocol(res) {
- /* Add XSL reference to XML document. */
var xslUrl = location.href.replace(/[^\/]+$/, 'xsl/ustva.xsl');
- res = geierlein.util.addStylesheetHref(res, xslUrl);
-
- $('body').trigger('show-protocol', res);
- $('#protocol-frame')[0].src = 'data:text/xml;charset=ISO8859-1,' + escape(res);
- $('#protocol').modal();
+ $.ajax({
+ url: xslUrl,
+ isLocal: xslUrl.substr(0, 7) === 'chrome:',
+ success: function(xslDom) {
+ var xmlDom = jsxml.fromString(res, false);
+ var xslResult = jsxml.transReady(xmlDom, xslDom);
+ $('body').trigger('show-protocol', res);
+ $('#protocol-frame')[0].src = 'data:text/html;charset=UTF-8,' + encodeURIComponent(xslResult);
+ $('#protocol').modal();
+ }
+ });
}
function updateModelHandler(el, model) {
@@ -173,7 +173,7 @@ var xulapp = (function() {
}
var src = cW.$('#protocol-frame')[0].src;
- src = unescape(src.substr(src.indexOf(',') + 1));
+ src = decodeURIComponent(src.substr(src.indexOf(',') + 1));
storeStringToFile(src, fp.file);
});
Submodule jsxml added at 58ca20

0 comments on commit 6e64242

Please sign in to comment.