diff options
Diffstat (limited to 'src/declarative/qml')
-rw-r--r-- | src/declarative/qml/qdeclarativecontext.cpp | 16 | ||||
-rw-r--r-- | src/declarative/qml/qdeclarativecontext.h | 2 |
2 files changed, 18 insertions, 0 deletions
diff --git a/src/declarative/qml/qdeclarativecontext.cpp b/src/declarative/qml/qdeclarativecontext.cpp index 85896c4..ab3849a 100644 --- a/src/declarative/qml/qdeclarativecontext.cpp +++ b/src/declarative/qml/qdeclarativecontext.cpp @@ -361,6 +361,22 @@ QVariant QDeclarativeContext::contextProperty(const QString &name) const return value; } +bool QDeclarativeContext::isSafeOrigin(const QUrl &src) const +{ + if (src.isRelative()) + return true; + if (src.scheme()==QLatin1String("https")) + return true; + + QUrl base = baseUrl(); + if (src.host() == base.host() && src.port() == base.port()) // including files (with no host) + return true; + + qWarning() << src << "is not a safe origin from" << base; + + return false; +} + /*! Resolves the URL \a src relative to the URL of the containing component. diff --git a/src/declarative/qml/qdeclarativecontext.h b/src/declarative/qml/qdeclarativecontext.h index a349628..959af8b 100644 --- a/src/declarative/qml/qdeclarativecontext.h +++ b/src/declarative/qml/qdeclarativecontext.h @@ -85,6 +85,8 @@ public: void setBaseUrl(const QUrl &); QUrl baseUrl() const; + bool isSafeOrigin(const QUrl &src) const; + private: friend class QDeclarativeVME; friend class QDeclarativeEngine; |