When clicking a link in a message viewed in HTML mode, if the link represents a data blob, launch a "Save File" dialog and write the file directly, rather than opening the link in an external browser.

This commit is contained in:
George McCandless 2019-09-30 07:24:41 +00:00
parent 186139654c
commit 03fbadd3c4
No known key found for this signature in database
GPG Key ID: 62B9F5A4802A74BD

View File

@ -5,6 +5,7 @@ src/bitmessageqt/messageview.py
""" """
from PyQt4 import QtCore, QtGui from PyQt4 import QtCore, QtGui
import re, base64
from safehtmlparser import SafeHTMLParser from safehtmlparser import SafeHTMLParser
@ -64,6 +65,9 @@ class MessageView(QtGui.QTextBrowser):
def confirmURL(self, link): def confirmURL(self, link):
"""Show a dialog requesting URL opening confirmation""" """Show a dialog requesting URL opening confirmation"""
link_str = link.toString()
datablob_re = r'^data:.*/.*;base64,.*'
datablob_match = re.match(datablob_re, link_str)
if link.scheme() == "mailto": if link.scheme() == "mailto":
window = QtGui.QApplication.activeWindow() window = QtGui.QApplication.activeWindow()
window.ui.lineEditTo.setText(link.path()) window.ui.lineEditTo.setText(link.path())
@ -80,19 +84,29 @@ class MessageView(QtGui.QTextBrowser):
) )
window.ui.textEditMessage.setFocus() window.ui.textEditMessage.setFocus()
return return
reply = QtGui.QMessageBox.warning( if datablob_match:
self, name = QtGui.QFileDialog.getSaveFileName(self, 'Save File')
QtGui.QApplication.translate( if name:
"MessageView", f = open(name, 'wb')
"Follow external link"), data_begin_pos = re.finditer(";base64,", link_str).next()
QtGui.QApplication.translate( data_b64 = link_str[data_begin_pos.span()[1]:]
"MessageView", data = base64.b64decode(data_b64)
"The link \"%1\" will open in a browser. It may be a security risk, it could de-anonymise you" f.write(data)
" or download malicious data. Are you sure?").arg(unicode(link.toString())), f.close()
QtGui.QMessageBox.Yes, else:
QtGui.QMessageBox.No) reply = QtGui.QMessageBox.warning(
if reply == QtGui.QMessageBox.Yes: self,
QtGui.QDesktopServices.openUrl(link) QtGui.QApplication.translate(
"MessageView",
"Follow external link"),
QtGui.QApplication.translate(
"MessageView",
"The link \"%1\" will open in a browser. It may be a security risk, it could de-anonymise you"
" or download malicious data. Are you sure?").arg(unicode(link.toString())),
QtGui.QMessageBox.Yes,
QtGui.QMessageBox.No)
if reply == QtGui.QMessageBox.Yes:
QtGui.QDesktopServices.openUrl(link)
def loadResource(self, restype, name): def loadResource(self, restype, name):
""" """