19921274e1
This have many advantages: - prevent XSS (QubesOS/qubes-issues#1462) - use default browser instead of default HTML viewer - better qrexec policy control - easier to control where are opened files vs URLs For now allow only http(s):// and ftp:// addresses (especially prevent file://). But this list can be easily extended. QubesOS/qubes-issues#1462 Fixes QubesOS/qubes-issues#1487
36 lines
1.1 KiB
Bash
Executable File
36 lines
1.1 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# The Qubes OS Project, http://www.qubes-os.org
|
|
#
|
|
# Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License
|
|
# as published by the Free Software Foundation; either version 2
|
|
# of the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
#
|
|
#
|
|
|
|
if ! [ $# = 2 ] ; then
|
|
echo "Usage: $0 vmname filename"
|
|
exit 1
|
|
fi
|
|
|
|
case "$2" in
|
|
*://*)
|
|
exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenURL /bin/echo "$2"
|
|
;;
|
|
*)
|
|
exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$2"
|
|
;;
|
|
esac
|