[CSP] removes inlined styles and scripts

2013-07-30 16:36:45 -05:00 · 2013-07-30 16:36:45 -05:00 · 99c9079f54
commit 99c9079f54
parent 02906d7ef1
3 changed files with 27 additions and 10 deletions
--- a/web/ui_utils.js
+++ b/web/ui_utils.js
@ -117,6 +117,13 @@ function scrollIntoView(element, spot) {
  parent.scrollTop = offsetY;
 }

+/**
+ * Event handler to suppress context menu.
+ */
+function noContextMenuHandler(e) {
+  e.preventDefault();
+}
+
 /**
 * Returns the filename or guessed filename from the url (see issue 3455).
 * url {String} The original PDF location.
--- a/web/viewer.html
+++ b/web/viewer.html
@ -158,8 +158,6 @@ limitations under the License.
                <span id="numPages" class="toolbarLabel"></span>
              </div>
              <div id="toolbarViewerRight">
-                <input id="fileInput" class="fileInput" type="file" oncontextmenu="return false;" style="visibility: hidden; position: fixed; right: 0; top: 0" />
-
                <button id="presentationMode" class="toolbarButton presentationMode hiddenSmallView" title="Switch to Presentation Mode" tabindex="12" data-l10n-id="presentation_mode">
                  <span data-l10n-id="presentation_mode_label">Presentation Mode</span>
                </button>
@ -190,7 +188,7 @@ limitations under the License.
                     </button>
                  </div>
                  <span id="scaleSelectContainer" class="dropdownToolbarButton">
-                     <select id="scaleSelect" title="Zoom" oncontextmenu="return false;" tabindex="11" data-l10n-id="zoom">
+                     <select id="scaleSelect" title="Zoom" tabindex="11" data-l10n-id="zoom">
                      <option id="pageAutoOption" value="auto" selected="selected" data-l10n-id="page_scale_auto">Automatic Zoom</option>
                      <option id="pageActualOption" value="page-actual" data-l10n-id="page_scale_actual">Actual Size</option>
                      <option id="pageFitOption" value="page-fit" data-l10n-id="page_scale_fit">Fit Page</option>
--- a/web/viewer.js
+++ b/web/viewer.js
@ -17,7 +17,7 @@
 /* globals PDFJS, PDFBug, FirefoxCom, Stats, Cache, PDFFindBar, CustomStyle,
           PDFFindController, ProgressBar, TextLayerBuilder, DownloadManager,
           getFileName, getOutputScale, scrollIntoView, getPDFFileNameFromURL,
-           PDFHistory */
+           PDFHistory, noContextMenuHandler */

 'use strict';

@ -796,11 +796,9 @@ var PDFView = {
      moreInfoButton.removeAttribute('hidden');
      lessInfoButton.setAttribute('hidden', 'true');
    };
-    moreInfoButton.oncontextmenu =
-    lessInfoButton.oncontextmenu =
-    closeButton.oncontextmenu = function(e) {
-      e.preventDefault();
-    };
+    moreInfoButton.oncontextmenu = noContextMenuHandler;
+    lessInfoButton.oncontextmenu = noContextMenuHandler;
+    closeButton.oncontextmenu = noContextMenuHandler;
    moreInfoButton.removeAttribute('hidden');
    lessInfoButton.setAttribute('hidden', 'true');
    errorMoreInfo.value = moreInfoText;
@ -2208,7 +2206,16 @@ document.addEventListener('DOMContentLoaded', function webViewerLoad(evt) {
 //var file = window.location.href.split('#')[0];
 //#endif

-//#if !(FIREFOX || MOZCENTRAL)
+//#if !(FIREFOX || MOZCENTRAL || CHROME)
+  var fileInput = document.createElement('input');
+  fileInput.id = 'fileInput';
+  fileInput.className = 'fileInput';
+  fileInput.setAttribute('type', 'file');
+  fileInput.setAttribute('style',
+    'visibility: hidden; position: fixed; right: 0; top: 0');
+  fileInput.oncontextmenu = noContextMenuHandler;
+  document.body.appendChild(fileInput);
+
  if (!window.File || !window.FileReader || !window.FileList || !window.Blob) {
    document.getElementById('openFile').setAttribute('hidden', 'true');
  } else {
@ -2300,6 +2307,9 @@ document.addEventListener('DOMContentLoaded', function webViewerLoad(evt) {
    }
  });

+  // Suppress context menus for some controls
+  document.getElementById('scaleSelect').oncontextmenu = noContextMenuHandler;
+
  var mainContainer = document.getElementById('mainContainer');
  var outerContainer = document.getElementById('outerContainer');
  mainContainer.addEventListener('transitionend', function(e) {
@ -2355,10 +2365,12 @@ document.addEventListener('DOMContentLoaded', function webViewerLoad(evt) {
      PDFView.presentationMode();
    });

+//#if !(FIREFOX || MOZCENTRAL || CHROME)
  document.getElementById('openFile').addEventListener('click',
    function() {
      document.getElementById('fileInput').click();
    });
+//#endif

  document.getElementById('print').addEventListener('click',
    function() {