Mirrors/overte-Armored-Dragon
3
0
Fork 0
mirror of https://github.com/Armored-Dragon/overte.git synced 2025-03-11 16:13:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Apply URL validation to top level window QML

Browse source
This commit is contained in:
Brad Davis 2019-06-28 10:43:03 -07:00
parent 8bcde84d89
commit e3393a8ee5
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
interface/src/scripting/DesktopScriptingInterface.cpp
View file

@ -117,5 +117,15 @@ InteractiveWindowPointer DesktopScriptingInterface::createWindow(const QString&
Q_ARG(QVariantMap, properties));
return interactiveWindow;
}
return new InteractiveWindow(sourceUrl, properties);;
// The offscreen surface already validates against non-local QML sources, but we also need to ensure that
// if we create top level QML, like dock widgets or other types of QQuickView containing desktop windows
// that the source URL is permitted
const auto& urlValidator = OffscreenQmlSurface::getUrlValidator();
if (!urlValidator(sourceUrl)) {
return nullptr;
}
return new InteractiveWindow(sourceUrl, properties);
}