adium 5090:a1cb841562f6: Forbid message styles from loading exte...

[commits at adium.im]

details:	http://hg.adium.im/adium/rev/a1cb841562f6
revision:	5090:a1cb841562f6
branch:		adium-1.6
author:		Thijs Alkemade <thijsalkemade at gmail.com>
date:		Sun Sep 23 22:25:54 2012 +0200

Forbid message styles from loading external resources.

There are valid use cases for this, but in my opinion they are outnumbered by the possible privacy concerns involved in this.

diffs (19 lines):

diff -r 816c7d80c0e5 -r a1cb841562f6 Plugins/WebKit Message View/AIWebKitDelegate.m
--- a/Plugins/WebKit Message View/AIWebKitDelegate.m	Tue Sep 18 12:46:41 2012 +0200
+++ b/Plugins/WebKit Message View/AIWebKitDelegate.m	Sun Sep 23 22:25:54 2012 +0200
@@ -238,8 +238,12 @@
 
 - (NSURLRequest *)webView:(WebView *)sender resource:(id)identifier willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)redirectResponse fromDataSource:(WebDataSource *)dataSource
 {
-	NSMutableURLRequest *newRequest = [request mutableCopy];
-	[newRequest setHTTPShouldHandleCookies:NO];
-	return [newRequest autorelease];
+	NSString *scheme = request.URL.scheme;
+	
+	if (!([scheme isEqualToString:@"adium"] || [scheme isEqualToString:@"file"])) {
+		return nil;
+	}
+	
+	return request;
 }
 @end