Merge pull request sparkle-project#1728 from zorgiepoo/about-blank-fi…

…x-2x

Ignore opening about:blank URLs (2.x)

Sparkle/SULegacyWebView.m

@@ -113,7 +113,8 @@ - (void)webView:(WebView *)sender didFailLoadWithError:(NSError *)error forFrame
 - (void)webView:(WebView *)__unused sender decidePolicyForNavigationAction:(NSDictionary *)__unused actionInformation request:(NSURLRequest *)request frame:(WebFrame *)__unused frame decisionListener:(id<WebPolicyDecisionListener>)listener
 {
     NSURL *requestURL = request.URL;
-    BOOL safeURL = SUWebViewIsSafeURL(requestURL);
+    BOOL isAboutBlank = NO;
+    BOOL safeURL = SUWebViewIsSafeURL(requestURL, &isAboutBlank);
 
     // Do not allow redirects to dangerous protocols such as file://
     if (!safeURL) {
@@ -124,7 +125,7 @@ - (void)webView:(WebView *)__unused sender decidePolicyForNavigationAction:(NSDi
 
     // Ensure we are finished loading
     if (self.completionHandler == nil) {
-        if (requestURL) {
+        if (requestURL && !isAboutBlank) {
             [[NSWorkspace sharedWorkspace] openURL:requestURL];
         }
 

Sparkle/SUWKWebView.m

@@ -213,7 +213,8 @@ - (void)webView:(WKWebView *)webView decidePolicyForNavigationAction:(WKNavigati
 {
     NSURLRequest *request = navigationAction.request;
     NSURL *requestURL = request.URL;
-    BOOL safeURL = SUWebViewIsSafeURL(requestURL);
+    BOOL isAboutBlank = NO;
+    BOOL safeURL = SUWebViewIsSafeURL(requestURL, &isAboutBlank);
 
     // Do not allow redirects to dangerous protocols such as file://
     if (!safeURL) {
@@ -222,7 +223,9 @@ - (void)webView:(WKWebView *)webView decidePolicyForNavigationAction:(WKNavigati
     } else {
         // Ensure we're finished loading
         if (self.completionHandler == nil) {
-            [[NSWorkspace sharedWorkspace] openURL:requestURL];
+            if (!isAboutBlank) {
+                [[NSWorkspace sharedWorkspace] openURL:requestURL];
+            }
 
             decisionHandler(WKNavigationActionPolicyCancel);
         } else {

Sparkle/SUWebViewCommon.h

@@ -10,6 +10,6 @@
 
 NS_ASSUME_NONNULL_BEGIN
 
-BOOL SUWebViewIsSafeURL(NSURL *url);
+BOOL SUWebViewIsSafeURL(NSURL *url, BOOL *isAboutBlankURL);
 
 NS_ASSUME_NONNULL_END

Sparkle/SUWebViewCommon.m

@@ -8,10 +8,13 @@
 
 #import "SUWebViewCommon.h"
 
-BOOL SUWebViewIsSafeURL(NSURL *url)
+BOOL SUWebViewIsSafeURL(NSURL *url, BOOL *isAboutBlankURL)
 {
     NSString *scheme = url.scheme;
     BOOL isAboutBlank = [url.absoluteString isEqualToString:@"about:blank"];
     BOOL whitelistedSafe = isAboutBlank || [@[@"http", @"https", @"macappstore", @"macappstores", @"itms-apps", @"itms-appss"] containsObject:scheme];
+
+    *isAboutBlankURL = isAboutBlank;
+
     return whitelistedSafe;
 }