Skip to content
This repository
Browse code

XSLT-process result XML manually, don't just reference stylesheet.

This has two advantages.  On the one hand we write fully valid HTML
protocols if our user hits the store button.  On the other hand we
have no problem with the XSS protection if run in a browser.
Browsers deny access to XSL files loaded via http if the document
to process is provided via data protocol (at least Firefox does).
  • Loading branch information...
commit 6e64242a9d098b0083c047bef2d072a21f9951f4 1 parent a8e0c67
Stefan Siegl authored
3  .gitmodules
@@ -4,3 +4,6 @@
4 4 [submodule "chrome/content/lib/gzip-js"]
5 5 path = chrome/content/lib/gzip-js
6 6 url = git://github.com/stesie/gzip-js.git
  7 +[submodule "chrome/content/lib/jsxml"]
  8 + path = chrome/content/lib/jsxml
  9 + url = git://github.com/Greendrake/jsxml.git
1  chrome/content/index.html
@@ -782,6 +782,7 @@ <h3 class="schnell">Steuerpflichtige innergemeinschaftliche Erwerbe</h3>
782 782 <script src="lib/gzip-js/lib/rawdeflate.js"></script>
783 783 <script src="lib/gzip-js/lib/rawinflate.js"></script>
784 784 <script src="lib/gzip-js/lib/gzip.js"></script>
  785 + <script src="lib/jsxml/jsxml.js"></script>
785 786 <script>
786 787 if(window.forge === undefined) {
787 788 alert('Die Verschlüsselungsbibliothek "forge" ist nicht verfügbar. Ohne diese ist eine Datenübertragung nicht möglich.\n' +
21 chrome/content/js/geierlein.js
@@ -51,20 +51,25 @@
51 51 /**
52 52 * Show the modal protocol dialog and display the provided protocol.
53 53 *
54   - * A reference to the XSL file needed to display the protocol is
55   - * added automatically.
  54 + * The provided document is run through XSL processor before being
  55 + * displayed.
56 56 *
57 57 * @param res The XML result document as a string.
58 58 * @return void
59 59 */
60 60 function showProtocol(res) {
61   - /* Add XSL reference to XML document. */
62 61 var xslUrl = location.href.replace(/[^\/]+$/, 'xsl/ustva.xsl');
63   - res = geierlein.util.addStylesheetHref(res, xslUrl);
64   -
65   - $('body').trigger('show-protocol', res);
66   - $('#protocol-frame')[0].src = 'data:text/xml;charset=ISO8859-1,' + escape(res);
67   - $('#protocol').modal();
  62 + $.ajax({
  63 + url: xslUrl,
  64 + isLocal: xslUrl.substr(0, 7) === 'chrome:',
  65 + success: function(xslDom) {
  66 + var xmlDom = jsxml.fromString(res, false);
  67 + var xslResult = jsxml.transReady(xmlDom, xslDom);
  68 + $('body').trigger('show-protocol', res);
  69 + $('#protocol-frame')[0].src = 'data:text/html;charset=UTF-8,' + encodeURIComponent(xslResult);
  70 + $('#protocol').modal();
  71 + }
  72 + });
68 73 }
69 74
70 75 function updateModelHandler(el, model) {
2  chrome/content/js/xulapp.js
@@ -173,7 +173,7 @@ var xulapp = (function() {
173 173 }
174 174
175 175 var src = cW.$('#protocol-frame')[0].src;
176   - src = unescape(src.substr(src.indexOf(',') + 1));
  176 + src = decodeURIComponent(src.substr(src.indexOf(',') + 1));
177 177 storeStringToFile(src, fp.file);
178 178 });
179 179
1  chrome/content/lib/jsxml
... ... @@ -0,0 +1 @@
  1 +Subproject commit 58ca206f9bd5a11be0ef3c44415b05712293af87

0 comments on commit 6e64242

Please sign in to comment.
Something went wrong with that request. Please try again.