Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

XSLT-process result XML manually, don't just reference stylesheet.

This has two advantages.  On the one hand we write fully valid HTML
protocols if our user hits the store button.  On the other hand we
have no problem with the XSS protection if run in a browser.
Browsers deny access to XSL files loaded via http if the document
to process is provided via data protocol (at least Firefox does).
  • Loading branch information...
commit 6e64242a9d098b0083c047bef2d072a21f9951f4 1 parent a8e0c67
@stesie authored
View
3  .gitmodules
@@ -4,3 +4,6 @@
[submodule "chrome/content/lib/gzip-js"]
path = chrome/content/lib/gzip-js
url = git://github.com/stesie/gzip-js.git
+[submodule "chrome/content/lib/jsxml"]
+ path = chrome/content/lib/jsxml
+ url = git://github.com/Greendrake/jsxml.git
View
1  chrome/content/index.html
@@ -782,6 +782,7 @@ <h3 class="schnell">Steuerpflichtige innergemeinschaftliche Erwerbe</h3>
<script src="lib/gzip-js/lib/rawdeflate.js"></script>
<script src="lib/gzip-js/lib/rawinflate.js"></script>
<script src="lib/gzip-js/lib/gzip.js"></script>
+ <script src="lib/jsxml/jsxml.js"></script>
<script>
if(window.forge === undefined) {
alert('Die Verschlüsselungsbibliothek "forge" ist nicht verfügbar. Ohne diese ist eine Datenübertragung nicht möglich.\n' +
View
21 chrome/content/js/geierlein.js
@@ -51,20 +51,25 @@
/**
* Show the modal protocol dialog and display the provided protocol.
*
- * A reference to the XSL file needed to display the protocol is
- * added automatically.
+ * The provided document is run through XSL processor before being
+ * displayed.
*
* @param res The XML result document as a string.
* @return void
*/
function showProtocol(res) {
- /* Add XSL reference to XML document. */
var xslUrl = location.href.replace(/[^\/]+$/, 'xsl/ustva.xsl');
- res = geierlein.util.addStylesheetHref(res, xslUrl);
-
- $('body').trigger('show-protocol', res);
- $('#protocol-frame')[0].src = 'data:text/xml;charset=ISO8859-1,' + escape(res);
- $('#protocol').modal();
+ $.ajax({
+ url: xslUrl,
+ isLocal: xslUrl.substr(0, 7) === 'chrome:',
+ success: function(xslDom) {
+ var xmlDom = jsxml.fromString(res, false);
+ var xslResult = jsxml.transReady(xmlDom, xslDom);
+ $('body').trigger('show-protocol', res);
+ $('#protocol-frame')[0].src = 'data:text/html;charset=UTF-8,' + encodeURIComponent(xslResult);
+ $('#protocol').modal();
+ }
+ });
}
function updateModelHandler(el, model) {
View
2  chrome/content/js/xulapp.js
@@ -173,7 +173,7 @@ var xulapp = (function() {
}
var src = cW.$('#protocol-frame')[0].src;
- src = unescape(src.substr(src.indexOf(',') + 1));
+ src = decodeURIComponent(src.substr(src.indexOf(',') + 1));
storeStringToFile(src, fp.file);
});
1  chrome/content/lib/jsxml
@@ -0,0 +1 @@
+Subproject commit 58ca206f9bd5a11be0ef3c44415b05712293af87
Please sign in to comment.
Something went wrong with that request. Please try again.