Commit Graph

63 Commits

Author SHA1 Message Date
Rob Wu
0ec82d4a50 Allow local PDF files to be viewed in local frames
The Chrome extension enforces that local files cannot be embedded in
non-local web pages. The previous check was too strict (because the
origin of a file:-URL is "null"), and prevented local PDF from being
viewed in local files).

This patch fixes that problem, by querying the actual tab URL via the
background page.

Steps to verify:
1. Create a HTML file: `<iframe src=test.pdf width=100% height=100%>`
2. Build and load the extension.
3. Allow file access to the extension at `chrome://extensions`
4. Open the HTML file from a file:// URL.
5. VERIFY: The extension should attempt to load the PDF file.

6. Now open the following (replace ID with the extension ID, which you
   can find at `chrome://extensions`):
  `data:text/html,<iframe src="chrome-extension://ID/file:///test.pdf">`
7. VERIFY: The next error should be displayed:
   "Refused to load a local file in a non-local page for security reasons."
2016-02-10 14:52:54 +01:00
Manas
a2ba1b8189 Uses editorconfig to maintain consistent coding styles
Removes the following as they unnecessary
/* -*- Mode: Java; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set shiftwidth=2 tabstop=2 autoindent cindent expandtab: */
2015-11-14 07:32:18 +05:30
Yury Delendik
62afa9f695 Fixes PDFViewerApplication.open/close methods signature. 2015-10-23 09:06:32 -05:00
Rob Wu
7e345b223c [CRX] Call callback instead of onCompleted 2015-10-11 17:35:16 +02:00
Rob Wu
4ac8863e30 Restore extension tab after reload
Work-around for https://crbug.com/511670
2015-08-14 19:00:12 +02:00
Rob Wu
cf1d398bd2 Add translations of "Allow access to file URLs"
The JSON file is generated as follows.

1. Go to the src/chrome/app/resources directory of Chromium's source.

2. Find the translation ID of the "Allow access to file URLs" string:

grep 'Allow access to file URLs' generated_resources_en-GB.xtb

3. With the ID that you've found, locate the other translations.

grep 3341703758641437857 generated_resources_*.xtb

4. If the result looks OK, serialize the result as JSON and save it.

> path/to/pdf.js/web/chrome-i18n-allow-access-to-file-urls.json \
python -c "import json;print(json.dumps({ \
$(grep 3341703758641437857 generated_resources_*.xtb | \
 sed "s@generated_resources_\([^.]\+\)\.xtb:<translation[^>]\+>\(.\+\)</translation>@'\1':'''\2''',@" \
)}, sort_keys=True, indent=2))"

(Strings are taken from Chromium 45.0.2448.0 (ccrev.com/337313).
2015-08-14 18:59:55 +02:00
Rob Wu
775d4e69cf Teach users how to enable access to local files. 2015-08-14 18:59:30 +02:00
Rob Wu
2d6b15d0d9 [CRX] Do not load local files in non-local frames
Ordinarily, local files cannot be embedded in a non-local website. Until
this commit, the extension allowed websites to embed local PDF files on
non-local (e.g. http(s)) websites. This unintended feature is now
disabled, to align better with Chrome's existing security policies
(=local file:-URLs cannot be loaded in a tab unless expicitly allowed).
2015-07-18 00:07:02 +02:00
Rob Wu
adb2f8ae21 [CRX] Add Referer request header if needed
This patch adds the Referer request header to PDF requests if
the original PDF request included the Referer header.
2015-06-05 23:24:40 +02:00
Yury Delendik
44779f14b0 Renames and refactors PDFView to PDFViewerApplication. 2014-09-28 10:39:56 -05:00
Rob Wu
bfcc8af6ed Move logic from viewer.js to chromecom.js
and also default to '' instead of DEFAULT_URL to avoid trying to
load a non-existent file when no file has been specified.
2014-04-11 17:37:48 +02:00
Jonas Jenwald
047a82a07e Fix coding style in web/chromecom.js 2014-03-09 11:51:14 +01:00
Rob Wu
cdadb0db4d Proof of concept using chrome.streamsPrivate API
This method captures all application/pdf streams, loads the viewer
and passes the stream to the PDF.js viewer.

This commit shows a proof of concept using the chrome.streamsPrivate API.

Advantages of new method:
- Access to the response body of the original request, thus fewer
  network requests.
- PDFs from non-GET requests (e.g. POST) are now supported.
- FTP files are also supported.

Possible improvements:
- Use declared content scripts instead of dynamic chrome.tabs.executeScript.
  This allows the extension to render the viewer in frames when the
  extension is disallowed to run executeScript for the top URL.
- Use chrome.declarativeWebRequest instead of webRequest, and replace
  background page with event page (don't forget to profile the
  difference & will the background/event page still work as intended?).
2014-01-15 23:04:15 +01:00