View Issue Details

IDProjectCategoryView StatusLast Update
0031732LazarusPackagespublic2017-05-15 22:41
ReporterSonerAssigned Towp 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Platformi386-winOSWindowsOS Version
Product Version1.6.4Product BuildSvn-Rev. 54278 
Target Version1.8Fixed in Version1.9 (SVN) 
Summary0031732: LHelp can't handle javascript:helppopup links, but here is solution for this problem ("patch")
DescriptionI made changes in lhelp.pas to handle links like "javascript:helppopup('xzy.htm')" or "javascript:popuplink('xzy.htm')".
Read the comments in following text. (Copy it in one editor with pascal-syntax-higlighter)
---------
Comment out code here: Lazarus\components\chmhelp\lhelp\ChmDataProvider.pas
function TIpChmDataProvider.CanHandle(const URL: string): Boolean;
var
  HelpFile: String;
  Reader: TChmReader = nil;
begin
  Result := True;
  if Pos('Java', URL) =1 then Result := False;
  if (fChm.ObjectExists(StripInPageLink(url), Reader)= 0)
  and (fChm.ObjectExists(StripInPageLink(BuildUrl(fCurrentPath,Url)), Reader) = 0) then Result := False;
  //DebugLn('CanHandle ',Url,' = ', Result);
  //if not Result then if fChm.ObjectExists(BuildURL('', URL)) > 0 Then result := true;

  {XXX soner: comment outed, because dead code nothing, moved to chmcontentprovider.pas ... XXXXXXX
  if (Pos('javascript:helppopup(''', LowerCase(URL)) = 1) then begin
    HelpFile := Copy(URL, 23, Length(URL) - (23-1));
    HelpFile := Copy(HelpFile, 1, Pos('''', HelpFile)-1);
    //DebugLn('HelpFile = ', HelpFile);
  end;
  XXX END of comment out by Soner XXXXXXXXXXXXXXXXXXXX }
  if (not Result) and (Pos('#', URL) = 1) then Result := True;
end;


Add code here:Lazarus\components\chmhelp\lhelp\chmcontentprovider.pas
procedure TChmContentProvider.IpHtmlPanelHotClick(Sender: TObject);
var
  HelpFile: String; //soner from ChmDataProvider.pas
  aPos: integer; //soner added
begin
 // Soner moved from ChmDataProvider.pas to here ...
 // chm-links looks like: mk:@MSITStore:D:\LazPortable\docs\chm\iPro.chm::/html/lh3zs3.htm
 if (Pos('javascript:helppopup(''', LowerCase(fHtml.HotURL)) = 1)or
    (Pos('javascript:popuplink(''', LowerCase(fHtml.HotURL)) = 1) //soner added
   then begin
   HelpFile := Copy(fHtml.HotURL, 23, Length(fHtml.HotURL) - (23-1));
   HelpFile := Copy(HelpFile, 1, Pos('''', HelpFile)-1);

   if (Pos('/',HelpFile)=0)and(Pos('.chm:',HelpFile)=0) then begin //looks like?: 'xyz.htm'
     aPos:=LastDelimiter('/', fHtml.CurURL);
     if aPos>0 then HelpFile:=Copy(fHtml.CurURL,1,aPos)+HelpFile;
   end
   else if (Pos('.chm:',HelpFile)=0) then begin //looks like?: 'folder/xyz.htm' or '/folder/xyz.htm'
     if HelpFile[1]<>'/' then HelpFile:='/'+HelpFile;
     aPos:=LastDelimiter(':', fHtml.CurURL);
     if aPos>0 then HelpFile:=Copy(fHtml.CurURL,1,aPos)+HelpFile;
   end;
   DoLoadUri(HelpFile); //open it in current iphtmlpanel.
   { Soner: Normally it should be the HelpPopupForm opened, but HelpPopupForm is empty, it is
     something to do.}
 end
 else
 // end of Soner's changes
  OpenURL(fHtml.HotURL);
end;
Steps To Reproduce1. open the included chm-file in lhelp
2. klick on links with title:
Hierarchy

3. the link will be opened in extern browser.


4. Now make the my changes to lhelp make 2. again.
now the link will be opened in lhelp.
TagsNo tags attached.
Fixed in Revision54872
LazTarget1.8
WidgetsetWin32/Win64
Attached Files

Activities

Soner

2017-04-28 21:11

reporter  

lhelpchanges-public.7z (873,294 bytes)

Juha Manninen

2017-04-29 21:46

developer   ~0100002

Please create a proper patch.
 http://wiki.freepascal.org/Creating_A_Patch

wp

2017-04-30 10:49

developer   ~0100004

Once being praized to be the help file format of the future, chm now is no longer supported by the large software companies. One reason is its inherent insecurity due to the ability to execute scripts.

In the Lazarus environment, chm files are secure because the underlying TurboPower iPro HTMLPanel does not support scripting.

I know that this patch does not introduce javascript as a scripting engine for lhelp, it just extracts one particlar javascript command and processes it.

But not knowing more about the background of this report, I am against implementing this feature because it is the first step to "open the door".

But maybe I am completely misunderstanding this report...

Soner

2017-05-03 14:21

reporter   ~0100076

I can't checkout latest svn because I made some big changes in LCL and I loose them. But I send in one or two weeks patch.

@wp: I isn't "real" javascript code. It popups only a window and shows html-file (like Properties, Events link on old Delphi help). It's harmless.

wp

2017-05-06 09:36

developer   ~0100125

Even if I accept that your patch is far from implementing a Javascript engine I am left with the problem that you call OpenUrl to show the popup. This loads the URL into the system's browser and this pulls any security problems of the external page into your program. Can't you show the popup using the IpHTMLPanel?

I know that the ChmContentProvider already calls OpenUrl (IpHtmlPanelHotClick) - and already here I see the same problem.

Soner

2017-05-10 19:15

reporter   ~0100214

@wp
My code doesn't call OpenUrl, it shows it in IptHtmlPanel.
I did nothing new. I took dead code from one unit to another unit to right place and code to handle similar link.
All my changes are in the description from first posting, copy and paste it in lazarus, you will unterstand it.
You don't the need files in the zip-file, they are only for tests.

wp

2017-05-10 23:07

developer   ~0100225

Sorry, I should have looked more carefully, I see now that the OpenUrl is the one which had been there all the time...

How can I test your changes? You provide a file ipro.chm, but how do I find the link at which your patch becomes active? Please don't expect me to decompile the chm file and seek a "javascript:helppopup" somewhere within thousands of html files.

And what do you want to say with the comment "Soner: Normally it should be the HelpPopupForm opened, but HelpPopupForm is empty, it is something to do."? I am expecting that the patch is working, I will not apply it if it just opens an empty window.

Soner

2017-05-11 01:30

reporter   ~0100229

I wrote in "Steps to reproduce" how to test it.
1. Open with unchanged lhelp the ipro.chm from zip-file.
The page TIpCustomServer will be opened first. You see the link "Hierarchy" on the top lef, click on it, the link will be opened in extern browser (OpenUrl called).
2. Now open the ipro.chm with changed lhelp and click on the same link. yet the link opens in lhelp.
--
Normally the popup links should be opened in popupform but the programmer from Lhelp made HelpPopupform without code it does nothing, so i open the link in the current ipthtmlpanel and made for me comment to improve this. Also I want improve HelpPopupform in future. For now it is enough to open in current panel.
---
Did you know that 7zip can open/unzip chm files. ;-)

wp

2017-05-11 10:23

developer   ~0100234

Last edited: 2017-05-11 10:28

View 2 revisions

Ah, now I understand. Thank you for the patch. Fixed in r54872. Please test and close if ok.

Soner

2017-05-15 22:40

reporter   ~0100326

It is ok, I thank you.

Issue History

Date Modified Username Field Change
2017-04-28 21:11 Soner New Issue
2017-04-28 21:11 Soner File Added: lhelpchanges-public.7z
2017-04-29 21:46 Juha Manninen Note Added: 0100002
2017-04-30 10:49 wp Note Added: 0100004
2017-05-03 14:21 Soner Note Added: 0100076
2017-05-06 09:36 wp Note Added: 0100125
2017-05-10 19:15 Soner Note Added: 0100214
2017-05-10 23:04 wp Assigned To => wp
2017-05-10 23:04 wp Status new => assigned
2017-05-10 23:07 wp Note Added: 0100225
2017-05-10 23:07 wp LazTarget => -
2017-05-10 23:07 wp Status assigned => feedback
2017-05-11 01:30 Soner Note Added: 0100229
2017-05-11 01:30 Soner Status feedback => assigned
2017-05-11 10:23 wp Fixed in Revision => 54872
2017-05-11 10:23 wp LazTarget - => 1.8
2017-05-11 10:23 wp Note Added: 0100234
2017-05-11 10:23 wp Status assigned => resolved
2017-05-11 10:23 wp Fixed in Version => 1.9 (SVN)
2017-05-11 10:23 wp Resolution open => fixed
2017-05-11 10:23 wp Target Version => 1.8
2017-05-11 10:28 wp Status resolved => assigned
2017-05-11 10:28 wp Resolution fixed => reopened
2017-05-11 10:28 wp Note Edited: 0100234 View Revisions
2017-05-11 10:28 wp Status assigned => resolved
2017-05-11 10:28 wp Resolution reopened => fixed
2017-05-15 22:40 Soner Note Added: 0100326
2017-05-15 22:41 Soner Status resolved => closed