diff options
author | Brendan Taylor <whateley@gmail.com> | 2011-01-13 11:59:23 -0700 |
---|---|---|
committer | Brendan Taylor <whateley@gmail.com> | 2011-01-13 11:59:23 -0700 |
commit | f2c7c41f6cc70e1d509967c7487aec5126495557 (patch) | |
tree | aef0e7211a01b1cbe2c1e83086966718331db583 | |
parent | 422375d57659732dd8d975498ca2ae09edd4c125 (diff) |
remove the vestiges of Uzbl.run
-rw-r--r-- | README | 19 | ||||
-rw-r--r-- | src/uzbl-core.c | 48 |
2 files changed, 0 insertions, 67 deletions
@@ -602,25 +602,6 @@ This script tries to authenticate as user alice with password wonderland once and never retries authentication. See examples for more sofisticated, interactive authentication handler. -### JAVASCRIPT HELPER OBJECT DISABLED BECAUSE OF SECURITY LEAK - -JavaScript code run from `uzbl` is given a special object in the global -namespace which gives special privileges to these scripts. This object is called -`Uzbl`, and it is added and removed before and after the script execution so -that it is hidden to web JavaScript code (there is no race condition, since all -the JavaScript code runs in a single thread). - -Currently, the `Uzbl` object provides only one function: - -* `Uzbl.run( <command> )` - - Command is any `uzbl` command as defined above. - - Return value: a string, either empty or containing the output of the - command. Very few commands return their output currently, including `js`, - `script`, and `print`. - - Examples: - * `Uzbl.run("spawn insert_bookmark.sh")` - * `uri = Uzbl.run("print @uri")` (see variable expansion below) - ### EVENTS Unlike commands, events are not handled in `uzbl` itself, but are propagated diff --git a/src/uzbl-core.c b/src/uzbl-core.c index 6bbed3c..c6443cc 100644 --- a/src/uzbl-core.c +++ b/src/uzbl-core.c @@ -979,52 +979,6 @@ load_uri (WebKitWebView *web_view, GArray *argv, GString *result) { } /* Javascript*/ - -JSValueRef -js_run_command (JSContextRef ctx, JSObjectRef function, JSObjectRef thisObject, - size_t argumentCount, const JSValueRef arguments[], - JSValueRef* exception) { - (void) function; - (void) thisObject; - (void) exception; - - JSStringRef js_result_string; - GString *result = g_string_new(""); - - if (argumentCount >= 1) { - JSStringRef arg = JSValueToStringCopy(ctx, arguments[0], NULL); - size_t arg_size = JSStringGetMaximumUTF8CStringSize(arg); - char ctl_line[arg_size]; - JSStringGetUTF8CString(arg, ctl_line, arg_size); - - parse_cmd_line(ctl_line, result); - - JSStringRelease(arg); - } - js_result_string = JSStringCreateWithUTF8CString(result->str); - - g_string_free(result, TRUE); - - return JSValueMakeString(ctx, js_result_string); -} - -JSStaticFunction js_static_functions[] = { - {"run", js_run_command, kJSPropertyAttributeNone}, -}; - -void -js_init() { - /* This function creates the class and its definition, only once */ - if (!uzbl.js.initialized) { - /* it would be pretty cool to make this dynamic */ - uzbl.js.classdef = kJSClassDefinitionEmpty; - uzbl.js.classdef.staticFunctions = js_static_functions; - - uzbl.js.classref = JSClassCreate(&uzbl.js.classdef); - } -} - - void eval_js(WebKitWebView * web_view, gchar *script, GString *result, const char *file) { WebKitWebFrame *frame; @@ -1037,8 +991,6 @@ eval_js(WebKitWebView * web_view, gchar *script, GString *result, const char *fi JSStringRef js_result_string; size_t js_result_size; - js_init(); - frame = webkit_web_view_get_main_frame(WEBKIT_WEB_VIEW(web_view)); context = webkit_web_frame_get_global_context(frame); globalobject = JSContextGetGlobalObject(context); |