Reply to topic

Konqueror 4.3.3 blocks local ajax requests

linnit
Registered Member
Posts
4
Karma
0
I just recently upgraded to KDE 4.3.3 and was stunned to discover that none of my javascripts work in Konqueror now in local files. Anytime I try to open a local web page and run a javascript I'm presented with an alert stating "object [DOMException]". If I run them from my server though they work fine. How can I enable javascript in local files in Konqueror and why was it disabled? Considering that many developers develop and test web pages and scripts locally it's essential that Konqueror provide support for javascript within local web pages.

Last edited by linnit on Tue Nov 10, 2009 12:08 am, edited 1 time in total.
linnit
Registered Member
Posts
4
Karma
0
It doesn't appear that I can attach any files to this post so I'll just post the source code below. To test this issue simply save the code below as test.htm and test2.htm. Then open test.htm in Konqueror 4.3.3 and click the test button.

test.htm
Code: Select all
<html>
<head>
<script>
function test() {
   var url = 'test2.htm';
   var method = 'GET';
   var sendCookie = false;
   var params = null;
   var callback = function(res) {
      alert(res);
   }
   request(url,method,sendCookie,params,callback);
}

function getAjaxObject() {
      if ('XMLHttpRequest' in window) {
              try { return new XMLHttpRequest(); } catch(e) {
                return null;
              }
      } else if ('ActiveXObject' in window) {
         try { return new ActiveXObject("Msxml2.XMLHTTP.6.0"); } catch(e) {
           try { return new ActiveXObject("Msxml2.XMLHTTP.3.0"); } catch(e) {
             try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch(e) {
               try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch(e) {
                 return null;
               }
             }
           }
         }
      }
      return null;
}

function request(url,method,sendCookie,params,callback) {
      var req = this.getAjaxObject();
      if (!req) {
         throw new Error('ERROR');
         return false;
      }

      // make sure method is in all caps
      method = method.toUpperCase();

      req.onreadystatechange = function() {
         if (req.readyState == 4) {
            // the try/catch brackets prevent an error from occurring
            // in some browsers when a network connection isn't present

            try {
               alert('status: '+req.status);
               // status can be 0 or undefined for local file requests
               // undefined in konqueror, 0 in all other browsers

               if (req.status == 200 || !req.status) {
                  var ctype = req.getResponseHeader('Content-type');
                  if (ctype && ctype.toLowerCase() == 'application/xml') {
                     callback(req.responseXML);
                  } else {
                     callback(req.responseText);
                  }
               }
            } catch(e) { }
         }
      }

      req.open(method, url, true);

      if (method == 'POST') {
         req.setRequestHeader('Content-Type','application/x-www-form-urlencoded; charset=UTF-8');
      }
      if (sendCookie && document.cookie) {
         req.setRequestHeader('Cookie',document.cookie);
      }
      if (params && typeof params == 'object' && params.length > 0) {
         var tmp = '';
         for (var i=0; i<params.length; ++i) {
            if (i > 0) tmp += '&';
            tmp += params[i][0]+'='+escape(params[i][1]);
         }
         params = tmp;
      } else {
         params = null;
      }

      req.send(params);
      return true;
}
</script>
</head>
<body>
<form>
<input type="button" onclick="test();" value="test">
</form>
</body>
</html>

test2.htm
Code: Select all
<html>
<body>
this is a test
</body>
</html>
linnit
Registered Member
Posts
4
Karma
0
After testing a few more scripts it appears that the cause of this problem is that local ajax requests are now blocked by Konqueror. All of the scripts that I had initially tested included ajax requests which is why they worked from the server but not locally. Is there any way to enable local ajax requests in Konqueror 4.3.3? Most browsers still support local ajax requests such as Firefox, Opera and Chrome. I realize that local ajax requests can present certain security risks but instead of disabling it completely they should have just disabled by default and then provided an option in the javascript settings section where users could re-enable it. Settings > Configure Konqueror > Java and JavaScript > JavaScript tab > Enable local ajax requests :/

One other option would be to test the domain of the original url and if it was determined that the page making the local ajax request was also a local file then the request could proceed. If it was determined that the request was coming from a non-local domain then it would be blocked.
timb
Registered Member
Posts
1
Karma
0
OS
It relates to a recent security advisory:

http://www.kde.org/info/security/adviso ... 1027-1.txt

 
Reply to topic

Bookmarks



Who is online

Registered users: Bing [Bot], Google [Bot], Sogou [Bot], Yahoo [Bot]