Patch: Using kpart's KJS::Interpreter (was Re: XML, XSL, XSLT, XPath support?)
Koos Vriezen
koos.vriezen at xs4all.nl
Sun Apr 10 22:33:29 BST 2005
On Sun, Apr 10, 2005 at 07:55:25PM +0200, Leo Savernik wrote:
> Am Samstag, 9. April 2005 15:05 schrieb Koos Vriezen:
> [...]
> > > Probably better to use a signal if such a possibility would be made
> > > available by the part.
> >
> > Indeed, works almost out of the box. Attached a patch that makes
> > KHTMLPart listen to 'useInterpreter( KJS::Interpreter* interp)' signals
> > from KJS::BrowserExtension. If there comes a tryGet request on an
> > embedded object, than first it checks if the kpart did emit such an
> > interp.
> [...]
> > Comments?
>
> I'm impressed!
>
> You should also notify the kate developers of this patch and make them emit
> this signal in katepart. Then we can check whether this approach really works
> smoothly across part boundaries.
Do you doubt it :-). Anyway, can't easily see where this KateJScript is
created wrt. part creation (*) and openURL call. So Christoph, if you
think this is something for Kate, can you give it a try?
(*) too early to signal because the connections aren't set then
There are two issues I want to point at, and one is the
interp->globalObject is returned in ecma's tryGet. This means one extra
redirection, myembed.window.document vs. myembed.document, not sure what
would be preferable. Obviously, how it is now, needs hardly any code and
w/o it would mean to return a 'get' call on this object and likewise for
'put' and 'call'.
The other point is security. Having the signal way, makes it an issue for
the part itself. However, making it easy is also tempting. I skimped
through kate/part/katejscript.cpp and it looks harmless, no opening or
saving of files. KHTMLPart also calls in KHTMLPart::requestObject
checkLinkSecurity, so the url passed in openURL should be safe.
Nevertheless, one must be aware that if a part is bound to a mimetype for
embedding, this will allow JS access from unknown sources. Probably
knowing if it's a ReadOnly or ReadWrite part could help. Also, the part
could check its parent part doc base.
Koos
>
> mfg
> Leo
More information about the kfm-devel
mailing list