portalHelper: Don't change the main window title

The title of the window should not be in control of a potentially
hostile hotspot provider, so only set the subtitle to be that of the
page, the main title will stay the same.

The subtitle will also be set to a URI, so that the hotspot cannot be
used to control the title shown in our UI.

Helps https://bugzilla.gnome.org/show_bug.cgi?id=749197
This commit is contained in:
Bastien Nocera 2017-01-23 08:32:30 +01:00
parent a81f18592a
commit 49607e1313

View File

@ -51,7 +51,13 @@ const PortalWindow = new Lang.Class({
_init: function(application, url, timestamp, doneCallback) { _init: function(application, url, timestamp, doneCallback) {
this.parent({ application: application }); this.parent({ application: application });
this.connect('delete-event', Lang.bind(this, this.destroyWindow)); this.connect('delete-event', Lang.bind(this, this.destroyWindow));
/* TRANSLATORS: this is the title of the wifi captive portal login window */
this._headerBar = new Gtk.HeaderBar({ title: _("Hotspot Login"),
show_close_button: true });
this.set_titlebar(this._headerBar);
this._headerBar.show();
if (!url) { if (!url) {
url = CONNECTIVITY_CHECK_URI; url = CONNECTIVITY_CHECK_URI;
@ -76,8 +82,8 @@ const PortalWindow = new Lang.Class({
this._webView = WebKit.WebView.new_with_context(webContext); this._webView = WebKit.WebView.new_with_context(webContext);
this._webView.connect('decide-policy', Lang.bind(this, this._onDecidePolicy)); this._webView.connect('decide-policy', Lang.bind(this, this._onDecidePolicy));
this._webView.load_uri(url); this._webView.load_uri(url);
this._webView.connect('notify::title', Lang.bind(this, this._syncTitle)); this._webView.connect('notify::uri', Lang.bind(this, this._syncUri));
this._syncTitle(); this._syncUri();
this.add(this._webView); this.add(this._webView);
this._webView.show(); this._webView.show();
@ -93,16 +99,12 @@ const PortalWindow = new Lang.Class({
FileUtils.recursivelyDeleteDir(this._cacheDir, true); FileUtils.recursivelyDeleteDir(this._cacheDir, true);
}, },
_syncTitle: function() { _syncUri: function() {
let title = this._webView.title; let uri = this._webView.uri;
if (uri)
if (title) { this._headerBar.set_subtitle(GLib.uri_unescape_string(uri, null, false));
this.title = title; else
} else { this._headerBar.set_subtitle(null);
/* TRANSLATORS: this is the title of the wifi captive portal login
* window, until we know the title of the actual login page */
this.title = _("Web Authentication Redirect");
}
}, },
refresh: function() { refresh: function() {