-
-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
onxxx link not rewritten #209
Comments
Just to confirm that Firefox now also (correctly) blocks navigation when clicking on a card (see screenshot). However, when clicking on the link "lire la suite" in the card, Firefox is able to follow it to the correct document in the ZIM (not an online version of it, which would now be blocked by CSP), whereas Chrome blocks that navigation too. Both appear to process the onclick event, but Firefox doesn't show a blank blocked page, instead cancels the onclick navigation, then follows the link. Chrome shows the blocked page and then gives up. Behaviour is the same for Kiwix Serve and the PWA. |
@rgaudin I think you're right that this is an "overlooked" case in Wombat, because it appears that the inline onclick event isn't intercepted by the Wombat shims, whereas the real hyperlink in "lire la suite" is rewritten. @ikreymer I suppose Wombat "should" handle inline JS events that produce navigation but fails to do so here. Is/was this a known issue? EDIT: There is a strict CSP in place that prevents accessing external content in the iframe of Kiwix Serve (and the PWA). Could it be that the CSP is triggered before Wombat's rewrite routine processes the link? |
Transferring this to I confirm the problem is still there, even with This should probably by taken into account as part of |
I think I have missed that. We should. (And wabac is doing it : https://github.com/webrecorder/wabac.js/blob/main/src/rewrite/html.js#L143-L145) |
Fixed by #270 |
Haven't investigated enough to understand which component is responsible but to reproduce:
You must be using Chrome.
This leads to the broken content Chrome response with the following message in the console:
What happens is that those links are location change emitted in a click event from an
onclick
attribute.Not sure if Wombat should detect and fix this…
Firefox doesn't exhibit the same behavior if you're online as it will display the online content.
The text was updated successfully, but these errors were encountered: